How to deal with "quarantine" errors for maven artifacts that are fully excluded

Question

We have a large set of Java Maven services. We use Nexus for our intranet repository, and that is managed by another team in our large enterprise.

Our internal Nexus recently started quarantining GAVs that are covered by high-severity CVEs. That has uncovered some issues we weren't aware of, but it also showed issues that we were already aware of, and which we had dealt with in different ways. It's one of these issues that I'm having a particular problem with.

For instance, we now know that log4j:log4j:1.2.17 is quarantined. We had already configured all of the components that have this as a transitive dependency to not use that at runtime. Now we have to exclude that artifact to be certain. I'm ok with doing that, but I'm seeing particular problems doing that.

All of our services reference a parent pom that my team maintains. That parent pom specifies many of the dependencies used by all services, and in that parent pom, for the two artifacts we specify that have log4j as a transitive dependency, I added "exclusion" blocks for that artifact. I tested this from some command-line builds, and this gets through the "compile" goal successfully without a quarantine error. I also verified from the "Dependency Management" tab in Eclipse m2e that log4j is not listed in the "Dependency Hierarchy" pane, so it doesn't consider it a dependency. I also looked at the "Effective POM" view and searched for the log4j artifact, and it is ONLY present in exclusion blocks. I was able to run "mvn help:effective-pom" to get the same results.

However, my results with builds have been different. In one project, if I just do "mvn compile", I still see this:

[WARNING] 
[WARNING] Some problems were encountered while building the effective settings
[WARNING] Unrecognised tag: 'updatepolicy' (position: START_TAG seen ...</enabled>\n\t\t\t<updatepolicy>... @171:18)  @ C:\...\.m2\settings.xml, line 171, column 18
[WARNING] 
[INFO] Scanning for projects...
[INFO] 
[INFO] -----------------< ... >-----------------
[INFO] Building ... 0.0.2
[INFO] --------------------------------[ jar ]---------------------------------
Downloading from nexus: .../nexus/content/groups/.../.../idp-shutdown-jersey/maven-metadata.xml
Downloaded from nexus: .../nexus/content/groups/.../.../idp-shutdown-jersey/maven-metadata.xml (591 B at 232 B/s)
Downloading from nexus: .../nexus/content/groups/.../.../idp-shutdown-core/maven-metadata.xml
Downloaded from nexus: .../nexus/content/groups/.../.../idp-shutdown-core/maven-metadata.xml (589 B at 926 B/s)
Downloading from nexus: .../nexus/content/groups/.../.../idp-shutdown-actuator/maven-metadata.xml
Downloaded from nexus: .../nexus/content/groups/.../.../idp-shutdown-actuator/maven-metadata.xml (593 B at 628 B/s)
Downloading from nexus: .../nexus/content/groups/.../.../rest-api-client/maven-metadata.xml
Downloaded from nexus: .../nexus/content/groups/.../.../rest-api-client/maven-metadata.xml (970 B at 1.0 kB/s)
Downloading from nexus: .../nexus/content/groups/.../.../idp-context-core/maven-metadata.xml
Downloaded from nexus: .../nexus/content/groups/.../.../idp-context-core/maven-metadata.xml (541 B at 1.1 kB/s)
Downloading from nexus: .../nexus/content/groups/.../.../idp-logging-core/maven-metadata.xml
Downloaded from nexus: .../nexus/content/groups/.../.../idp-logging-core/maven-metadata.xml (563 B at 927 B/s)
Downloading from nexus: .../nexus/content/groups/.../junit/junit-dep/maven-metadata.xml
Downloaded from nexus: .../nexus/content/groups/.../junit/junit-dep/maven-metadata.xml (877 B at 1.5 kB/s)
Downloading from nexus: .../nexus/content/groups/.../junit/junit-dep/4.9.1-SNAPSHOT/maven-metadata.xml
Downloaded from nexus: .../nexus/content/groups/.../junit/junit-dep/4.9.1-SNAPSHOT/maven-metadata.xml (764 B at 1.1 kB/s)
Downloading from nexus: .../nexus/content/groups/.../.../idp-voltage-decrypt/maven-metadata.xml
Downloaded from nexus: .../nexus/content/groups/.../.../idp-voltage-decrypt/maven-metadata.xml (634 B at 1.1 kB/s)
Downloading from nexus: .../nexus/content/groups/.../.../idp-voltage-encrypt/maven-metadata.xml
Downloaded from nexus: .../nexus/content/groups/.../.../idp-voltage-encrypt/maven-metadata.xml (665 B at 1.1 kB/s)
Downloading from nexus: .../nexus/content/groups/.../.../soap-api-client/maven-metadata.xml
Downloaded from nexus: .../nexus/content/groups/.../.../soap-api-client/maven-metadata.xml (531 B at 794 B/s)
Downloading from nexus: .../nexus/content/groups/.../.../idp-common-utility/1.0.0-SNAPSHOT/maven-metadata.xml
Downloaded from nexus: .../nexus/content/groups/.../.../idp-common-utility/1.0.0-SNAPSHOT/maven-metadata.xml (782 B at 1.2 kB/s)
Downloading from nexus: .../nexus/content/groups/.../.../idp-seed-sdk-core/maven-metadata.xml
Downloaded from nexus: .../nexus/content/groups/.../.../idp-seed-sdk-core/maven-metadata.xml (560 B at 655 B/s)
Downloading from nexus: .../nexus/content/groups/.../.../feature-toggle-web/maven-metadata.xml
Downloaded from nexus: .../nexus/content/groups/.../.../feature-toggle-web/maven-metadata.xml (776 B at 1.0 kB/s)
Downloading from nexus: .../nexus/content/groups/.../.../idp-i18n/maven-metadata.xml
Downloaded from nexus: .../nexus/content/groups/.../.../idp-i18n/maven-metadata.xml (684 B at 1.2 kB/s)
Downloading from nexus: .../nexus/content/groups/.../.../api-inbound-logging-interceptor/maven-metadata.xml
Downloaded from nexus: .../nexus/content/groups/.../.../api-inbound-logging-interceptor/maven-metadata.xml (790 B at 1.2 kB/s)
Downloading from nexus: .../nexus/content/groups/.../.../idp-health/maven-metadata.xml
Downloaded from nexus: .../nexus/content/groups/.../.../idp-health/maven-metadata.xml (728 B at 321 B/s)
Downloading from nexus: .../nexus/content/groups/.../.../idp-aaf/maven-metadata.xml
Downloaded from nexus: .../nexus/content/groups/.../.../idp-aaf/maven-metadata.xml (869 B at 1.1 kB/s)
Downloading from nexus: .../nexus/content/groups/.../.../idp-config/maven-metadata.xml
Downloaded from nexus: .../nexus/content/groups/.../.../idp-config/maven-metadata.xml (697 B at 1.3 kB/s)
Downloading from nexus: .../nexus/content/groups/.../.../idp-config/2.6.1-SNAPSHOT/maven-metadata.xml
Downloaded from nexus: .../nexus/content/groups/.../.../idp-config/2.6.1-SNAPSHOT/maven-metadata.xml (771 B at 942 B/s)
Downloading from nexus: .../nexus/content/groups/.../com/google/guava/guava/maven-metadata.xml
Downloaded from nexus: .../nexus/content/groups/.../com/google/guava/guava/maven-metadata.xml (5.3 kB at 2.5 kB/s)
Downloading from nexus: .../nexus/content/groups/.../com/google/guava/guava/24.0-SNAPSHOT/maven-metadata.xml
Downloading from nexus: .../nexus/content/groups/.../com/google/guava/guava-parent/24.0-SNAPSHOT/maven-metadata.xml
Downloaded from nexus: .../nexus/content/groups/.../com/google/guava/guava-parent/24.0-SNAPSHOT/maven-metadata.xml (605 B at 1.1 kB/s)
Downloading from nexus: .../nexus/content/groups/.../log4j/log4j/1.2.17/log4j-1.2.17.jar
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  31.816 s
[INFO] Finished at: 2022-05-05T09:46:51-07:00
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal on project ...: Could not resolve dependencies for project ...:jar:0.0.2: Could not transfer artifact log4j:log4j:jar:1.2.17 from/to nexus (.../nexus/content/groups/...): authorization failed for .../nexus/content/groups/.../log4j/log4j/1.2.17/log4j-1.2.17.jar, status: 403 -------------------->>> REQUESTED ITEM IS QUARANTINED -------------------->>> FOR DETAILS SEE ------>>> .../ui/links/repository/0569741ae2364aa5a5946f11aecf5477/result <<<------ -> [Help 1]
[ERROR] 
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR] 
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/DependencyResolutionException

So it appears that even though I am fully excluding the artifact, Maven still attempts to download at least the metadata about the artifact, which fails, and fails the build.

What can I do to mitigate this problem?