I have a 3rd party dependency in my project, which refer to its dependencies with open-ended version reference:
<version>[4.0,)</version>
How I can override this in my project so my dependency doesn't use versions of its dependency later than specific version, 6.0 for example? ( versions later than 6.0 require some other packages I do not want at all )
If you specify the transitive dependency explicitly in your project, the version you specify will take precedence.
For example. In your POM add the dependency on com.foo:bar with a version range with an exclusive upper limit like this:
<dependencies>
<dependency>
<groupId>com.foo</groupId>
<artifactId>bar</artifactId>
<version>[4.0,6.0)</version>
</dependency>
</dependencies>
Update(2): I just tested this and it does work (I just had a typo in my test project). Here's my test explanation.
I have 3 test projects: test-base, test-dependency, and test-transitive. The test-base project has a direct dependency on test-dependency, test-dependency has an open-ended dependency on test-transitive. I have 3 versions of test-transitive installed, 0.0.1, 1.0.1, and 2.0.1 If I do dependency:tree on test-base I see this:
name.seller.rich:test-base:jar:0.0.1
\- name.seller.rich:test-dependency:jar:0.0.1:compile
\- name.seller.rich:test-transitive:jar:2.0.1:compile
If I add an explicit dependency on test-transitive in test-base with the dependency range set to [0.0.1,2.0.0), I get this tree instead:
name.seller.rich:test-base:jar:0.0.1
+- name.seller.rich:test-dependency:jar:0.0.1:compile
\- name.seller.rich:test-transitive:jar:1.0.1:compile