>Did you check the gist i posted earlier? The gist shows commons-compress:jar:1.0.0 in all the cases (even with lib-a and lib-b variation). mvnw toolbox:tree does not work for me (No plugin found for prefix 'toolbox'), and selectionStrategy makes no difference for dependency:tree.
./mvnw dependency:tree -Daether.conflictResolver.versionSelector.selectionStrategy=highest -DverboseTree -e Apache Maven 4.0.0-SNAPSHOT (8134db6f3c18ab2c68764a5ae05c9e08846b9787 [INFO] org.example:app:pom:1.0.0 [INFO] +- org.example:lib-a:jar:1.0.0:compile [INFO] | \- org.example:commons-compress:jar:1.0.0:compile <-- I expect this to be 2.0.0 [INFO] \- org.example:lib-b:jar:1.0.0:compile [INFO] \- org.example:commons-compress-tar:jar:2.0.0:compile [INFO] \- org.example:commons-compress-core:jar:2.0.0:compile >compress-core depend on compress Can you please explain exactly what you mean by "tweaking deps"? lib-a and lib-b might be out of my control, so there's no much I can do about tweaking lib-a and lib-b. >compress-core depend on compress, similar pattern that hamcrest did As far as I understand, Hamcrest has deprecated all individual jars, and they merged everything into a single hamcreset.jar: https://hamcrest.org/JavaHamcrest/distributables It is the opposite of what I am asking: I want to split a jar in multiple for security reasons, so the users do not get unwanted classes. Vladimir >
