gradle exclude specific jars from runtime dependencies - java

Is there a way to exclude specific jars from a group using Gradle? I have tried below code, but this removed all the jars of that group
configurations {
all*.exclude group: 'org.xxxx.xxxx'
}
My requirement is to remove only specific jars from the group, not all jars. This exercise we are doing to exclude transitive dependencies during runtime in our system.
thanks.


You can exclude all dependencies from a group, or only some modules of a group, in dependencies block:
dependencies {
/* -------------- SpringBoot without Tomcat ------------------- */
compile('org.springframework.boot:spring-boot-starter-web') {
exclude group: 'org.springframework.boot', module: 'spring-boot-starter-tomcat'
}
}
I add link to the Gradle documentation explaining transitive dependencies in detail: https://docs.gradle.org/current/userguide/managing_transitive_dependencies.html

Related

Trying to exclude transitive Log4j dependency

So I've seen other posts (eg. Can't use hbase-shaded-client jar because of its internal dependency to log4j-1.2.17(CVE-2019-1757)) stating that they have a way to exclude the transitive dependency of log4j:log4j:1.2.17 however if I run ./gradlew app:dependencies I can still see that the transitive dependency exists.
I have tried referring to the following migration doc https://logging.apache.org/log4j/2.x/manual/migration.html but Im not sure if this is just transferring the calls over from log4j 1.x over to 2.x at runtime or if its supposed to update the transitive dependency all together. I tried even excluding the transitive dependency and using slf4j instead in my build.gradle file like so:
compile ('custom-library-that-I-cant-change-code-in'), {
exclude group: 'log4j', module: 'log4j'
}
// https://mvnrepository.com/artifact/org.slf4j/log4j-over-slf4j
implementation 'org.slf4j:log4j-over-slf4j:1.7.35'
How can I make sure if this is even working, or at least not using that older log4j:log4j:1.2.17 or am I going about this all wrong and there is an easier way of doing this

To answer you first question the following exclude wasn't working for me as well,
compile ('custom-library-that-I-cant-change-code-in'), {
exclude group: 'log4j', module: 'log4j'
}
try this in your build.gradle it should work
configurations {
compile.exclude group: "log4j", module: "log4j"
}

Exclude transitive dependency of Gradle plugin

Excluding a transitive dependency in Gradle is pretty straightforward:
compile('com.example.m:m:1.0') {
exclude group: 'org.unwanted', module: 'x'
}
How would we go around he situation in which we use a plugin:
apply: "somePlugin"
And when getting the dependencies we realize that the plugin is bringing some transitive dependencies of its own?

You can remove dependencies after the plugin is applied, (from a single configuration, or to all configurations) using eg. compile.exclude. Note that compile resolves to a "Configuration"; see the javadocs at Configuration.exclude .
edit
Be aware that excluding dependecies could fail, if the configuration has already been resolved.
Sample script
apply plugin: 'java-library'
repositories {
jcenter()
}
dependencies {
compile 'junit:junit:4.12'
compile 'ant:ant:1.6'
compile 'org.apache.commons:commons-lang3:3.8'
}
// remove dependencies
configurations.all {
exclude group:'junit', module:'junit'
}
configurations.compile {
exclude group:'org.apache.commons', module: 'commons-lang3'
}
println 'compile deps:\n' + configurations.compile.asPath

You can manipulate the classpath of the buildscript itself through:
buildscript {
configurations {
classpath {
exclude group: 'org', module: 'foo' // For a global exclude
}
}
dependencies {
classpath('org:bar:1.0') {
exclude group: 'org', module: 'baz' // For excluding baz from bar but not if brought elsewhere
}
}
}

Here is another way to enforce your project to strictly use a specific version for the build.gradle.kts
val grpcVersion = "1.45.1"
implementation("io.grpc:grpc-stub") {
version {
strictly(grpcVersion)
}
}
More info can be found at the gradle documentation: https://docs.gradle.org/current/userguide/dependency_downgrade_and_exclude.html

Gradle compileJava fails due to missing excluded dependency

stupid question but I am a little lost here.
i exclude slf4j-api from configuration compile.
configurations {
compile.exclude module: "spring-boot-starter-tomcat"
compile.exclude module: "tomcat-embed-el"
compile.exclude module: "logback-classic"
compile.exclude module: "spring-boot-starter-logging"
compile.exclude module: "slf4j-api"
}
No I can't compile the classes anymore because of the missing slf4j dependency, which will be provided later by an container. I tried to add
compileOnly group:....
providedCompile group ....
provided (plugin by netflix)
but so far it is not working. always getting the error
can not find symbol org.slf4j....
import failed .....
so how do I add an compileOnly dependency in gradle that is recognized?
Regards
Mathias

have you tried compileOnly instead of compile.exclude module, like for servlet api it will be like this
compileOnly 'javax.servlet:servlet-api:2.5'

So in the end I excluded per module. If I have the time to write a script for this I will post it here. Thanks to everybody
Regards
Mathias

Android gradle build with firebase dependency has warnings (ignoring httpclient)

In my Android project which use firebase the gradle build shows this annoying warning:
WARNING: Dependency org.apache.httpcomponents:httpclient:4.0.1 is ignored for devDebug as it may be conflicting with the internal version provided by Android.
In case of problem, please repackage it with jarjar to change the class packages
i tryed adding the exclude option on the build.gradle but i had no luck
compile ('com.firebase:firebase-client-android:2.2.1') {
exclude module: 'org.apache.httpcomponents:httpclient:4.0.1' //IGNORED
}
i also tryed removing the version like suggested but the warning remains
compile ('com.firebase:firebase-client-android:2.2.1') {
exclude group:'org.apache.httpcomponents', module: 'httpclient' //SAME
}

I found the option to remove the warning
configurations {
compile.exclude group: "org.apache.httpcomponents", module: "httpclient"
}

If I am not mistaken this should be
compile ('com.firebase:firebase-client-android:2.2.1') {
exclude group:'org.apache.httpcomponents', module: 'httpclient'
}
version can be omitted.

How do I exclude all instances of a transitive dependency when using Gradle?

My gradle project uses the application plugin to build a jar file. As part of the runtime transitive dependencies, I end up pulling in org.slf4j:slf4j-log4j12. (It's referenced as a sub-transitive dependency in at least 5 or 6 other transitive dependencies - this project is using spring and hadoop, so everything but the kitchen sink is getting pulled in... no wait... that's there too :) ).
I want to globally exclude the slf4j-log4j12 jar from my built jar. So I've tried this:
configurations {
runtime.exclude group: "org.slf4j", name: "slf4j-log4j12"
}
However, this seems to exclude all org.slf4j artifacts including slf4j-api. When running under debug mode I see lines such as:
org.slf4j#slf4j-api is excluded from com.pivotal.gfxd:gfxd-demo-mapreduce:1.0(runtime).
org.slf4j#slf4j-simple is excluded from com.pivotal.gfxd:gfxd-demo-mapreduce:1.0(runtime).
org.slf4j#slf4j-log4j12 is excluded from org.apache.hadoop:hadoop-common:2.2.0(runtime).
I do not want to have to look up the source of each slf4j-log4j12 transitive dependency and then have individual compile foo { exclude slf4j... } statements in my dependencies block.
Update:
I did also try this:
configurations {
runtime.exclude name: "slf4j-log4j12"
}
Which ends up excluding everything from the build! As though I specified group: "*".
Update 2:
I'm using Gradle version 1.10 for this.

Ah, the following works and does what I want:
configurations {
runtime.exclude group: "org.slf4j", module: "slf4j-log4j12"
}
It seems that an Exclude Rule only has two attributes - group and module.
Hence for excluding from only an individual dependency, we can do something like:
dependencies {
compile ('org.springframework.data:spring-data-hadoop-core:2.0.0.M4-hadoop22') {
exclude group: "org.slf4j", module: "slf4j-log4j12"
}
}
However, the above syntax doesn't prevent you from specifying any arbitrary property as a predicate. When trying to exclude from an individual dependency you cannot specify arbitrary properties. For example, this fails:
dependencies {
compile ('org.springframework.data:spring-data-hadoop-core:2.0.0.M4-hadoop22') {
exclude group: "org.slf4j", name: "slf4j-log4j12"
}
}
with
No such property: name for class: org.gradle.api.internal.artifacts.DefaultExcludeRule
So even though you can specify a dependency with a group: and name: you can't specify an exclusion with a name:!?!
Perhaps a separate question, but what exactly is a module then? I can understand the Maven notion of groupId:artifactId:version, which I understand translates to group:name:version in Gradle. But then, how do I know what module (in gradle-speak) a particular Maven artifact belongs to?

For excluding one or more library globally add the following to your build.gradle
configurations.all {
exclude group:"org.apache.geronimo.specs", module: "geronimo-servlet_2.5_spec"
exclude group:"ch.qos.logback", module:"logback-core"
}
Now the exclude block has two properties group and module. For those of you coming from maven background, group is same as groupId and module is same as artifactId.
Example: To exclude com.mchange:c3p0:0.9.2.1 following should be exclude block
exclude group:"com.mchange", module:"c3p0"

Your approach is correct. (Depending on the circumstances, you might want to use configurations.all { exclude ... }.) If these excludes really exclude more than a single dependency (I haven't ever noticed that when using them), please file a bug at http://forums.gradle.org, ideally with a reproducible example.

in the example below I exclude
spring-boot-starter-tomcat
compile("org.springframework.boot:spring-boot-starter-web") {
//by both name and group
exclude group: 'org.springframework.boot', module: 'spring-boot-starter-tomcat'
}

I was using spring boot 1.5.10 and tries to exclude logback, the given solution above did not work well, I use configurations instead
configurations.all {
exclude group: "org.springframework.boot", module:"spring-boot-starter-logging"
}

In addition to what #berguiga-mohamed-amine stated, I just found that a wildcard requires leaving the module argument the empty string:
compile ("com.github.jsonld-java:jsonld-java:$jsonldJavaVersion") {
exclude group: 'org.apache.httpcomponents', module: ''
exclude group: 'org.slf4j', module: ''
}

compile is deprecated and it was replaced by implementation. Therefore, the solution for those running newer versions of gradle:
implementation("org.springframework.boot:spring-boot-starter-web") {
exclude group: 'org.springframework.boot', module: 'spring-boot-starter-tomcat'
}

This is for Kotlin DSL (build.gradle.kts) which prevents you from using wrong properties.
Exclude the library from all configrations (implementation, runtimeOnly, etc.):
configurations.all {
exclude(group = "ir.mahozad.android", module = "pie-chart")
// OR exclude("ir.mahozad.android", "pie-chart")
}
// Another notation:
// configurations {
// all {
// exclude(group = "ir.mahozad.android", module = "pie-chart")
// }
// }
Exclude the library from a single configuration (like implementation):
configurations.implementation {
exclude(group = "ir.mahozad.android", module = "pie-chart")
}
// Another notation:
// configurations {
// implementation {
// exclude(group = "ir.mahozad.android", module = "pie-chart")
// }
// }
Exclude the library for a single dependency:
dependencies {
// ...
implementation("ir.mahozad.android:charts:1.2.3") {
exclude(group = "ir.mahozad.android", module = "pie-chart")
}
}

Categories

Resources