[ https://issues.apache.org/jira/browse/MJDEPS-16?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16559395#comment-16559395 ]
Andres Almiray commented on MJDEPS-16: -------------------------------------- As a comparison, the Gradle jdeps plugin does check compile/runtime dependencies by default [https://github.com/aalmiray/jdeps-gradle-plugin] Minimum Gradle build file: {code:java} plugins { id 'java' id 'org.kordamp.jdeps' version '0.3.0' } repositories { mavenCentral() } dependencies { compile 'com.google.inject:guice:4.2.0' compile 'com.google.guava:guava:25.1-jre' } {code} Output: {code:java} $ gw jdeps No gradlew set up for this project; consider setting one up: http://gradle.org/docs/current/userguide/gradle_wrapper.html Using gradle at '/Users/aalmiray/.sdkman/candidates/gradle/current/bin/gradle' to run buildfile '/tmp/foo/build.gradle': > Task :compileJava NO-SOURCE > Task :processResources NO-SOURCE > Task :classes UP-TO-DATE > Task :jdeps FAILED guava-25.1-jre.jar -> /Library/Java/JavaVirtualMachines/jdk1.8.0_171.jdk/Contents/Home/jre/lib/rt.jar com.google.common.cache.Striped64 (guava-25.1-jre.jar) -> sun.misc.Unsafe JDK internal API (rt.jar) com.google.common.cache.Striped64$1 (guava-25.1-jre.jar) -> sun.misc.Unsafe JDK internal API (rt.jar) com.google.common.cache.Striped64$Cell (guava-25.1-jre.jar) -> sun.misc.Unsafe JDK internal API (rt.jar) com.google.common.hash.LittleEndianByteArray$UnsafeByteArray (guava-25.1-jre.jar) -> sun.misc.Unsafe JDK internal API (rt.jar) com.google.common.hash.LittleEndianByteArray$UnsafeByteArray$1 (guava-25.1-jre.jar) -> sun.misc.Unsafe JDK internal API (rt.jar) com.google.common.hash.LittleEndianByteArray$UnsafeByteArray$2 (guava-25.1-jre.jar) -> sun.misc.Unsafe JDK internal API (rt.jar) com.google.common.hash.LittleEndianByteArray$UnsafeByteArray$3 (guava-25.1-jre.jar) -> sun.misc.Unsafe JDK internal API (rt.jar) com.google.common.hash.Striped64 (guava-25.1-jre.jar) -> sun.misc.Unsafe JDK internal API (rt.jar) com.google.common.hash.Striped64$1 (guava-25.1-jre.jar) -> sun.misc.Unsafe JDK internal API (rt.jar) com.google.common.hash.Striped64$Cell (guava-25.1-jre.jar) -> sun.misc.Unsafe JDK internal API (rt.jar) com.google.common.primitives.UnsignedBytes$LexicographicalComparatorHolder$UnsafeComparator (guava-25.1-jre.jar) -> sun.misc.Unsafe JDK internal API (rt.jar) com.google.common.primitives.UnsignedBytes$LexicographicalComparatorHolder$UnsafeComparator$1 (guava-25.1-jre.jar) -> sun.misc.Unsafe JDK internal API (rt.jar) com.google.common.util.concurrent.AbstractFuture$UnsafeAtomicHelper (guava-25.1-jre.jar) -> sun.misc.Unsafe JDK internal API (rt.jar) com.google.common.util.concurrent.AbstractFuture$UnsafeAtomicHelper$1 (guava-25.1-jre.jar) -> sun.misc.Unsafe JDK internal API (rt.jar) Warning: JDK internal APIs are unsupported and private to JDK implementation that are subject to be removed or changed incompatibly and could break your application. Please modify your code to eliminate dependency on any JDK internal APIs. For the most recent update on JDK internal API replacements, please check: https://wiki.openjdk.java.net/display/JDK8/Java+Dependency+Analysis+Tool JDK Internal API Suggested Replacement ---------------- --------------------- sun.misc.Unsafe See http://openjdk.java.net/jeps/260 FAILURE: Build failed with an exception. * What went wrong: Execution failed for task ':jdeps'. > jdeps reported errors in foo * Try: Run with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output. Run with --scan to get full insights. * Get more help at https://help.gradle.org BUILD FAILED in 6s 1 actionable task: 1 executed {code} > Include project dependencies in scan > ------------------------------------ > > Key: MJDEPS-16 > URL: https://issues.apache.org/jira/browse/MJDEPS-16 > Project: Maven JDeps Plugin > Issue Type: New Feature > Affects Versions: 3.1.1 > Environment: Apache Maven 3.5.3 > (3383c37e1f9e9b3bc3df5050c29c8aff9f295297; 2018-02-24T20:49:05+01:00) > Maven home: /Users/aalmiray/.sdkman/candidates/maven/current > Java version: 1.8.0_171, vendor: Oracle Corporation > Java home: > /Library/Java/JavaVirtualMachines/jdk1.8.0_171.jdk/Contents/Home/jre > Default locale: en_CH, platform encoding: UTF-8 > OS name: "mac os x", version: "10.12.5", arch: "x86_64", family: "mac" > Reporter: Andres Almiray > Priority: Major > > > Version 3.1.1 executes jdeps on production (goal: jdkinternals) and test > (goal: test-jdkinternals) sources but does not consider dependencies. This > means the report will tell you if product sources are complaint or not but > does not tell you if the packaged/deployed project would encounter problems > or not. > At the very least Compile/Runtime dependencies should be scanned. Please make > this the default behavior. Perhaps it would be good to have a flag to skip > this behavior if anyone would like to have the previous behavior. > For reference, this issue was discussed with Robert Scholte during JCrete > 2018. > *Minimum POM example:* > {code:java} > <project xmlns="http://maven.apache.org/POM/4.0.0" > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" > xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 > http://maven.apache.org/maven-v4_0_0.xsd"> > <modelVersion>4.0.0</modelVersion> > <groupId>com.acme</groupId> > <artifactId>sample</artifactId> > <packaging>jar</packaging> > <version>0.0.0-SNAPSHOT</version> > <build> > <plugins> > <plugin> > <groupId>org.apache.maven.plugins</groupId> > <artifactId>maven-jdeps-plugin</artifactId> > <version>3.1.1</version> > <executions> > <execution> > <goals> > <goal>jdkinternals</goal> > </goals> > </execution> > </executions> > </plugin> > </plugins> > </build> > <dependencies> > <dependency> > <groupId>com.google.inject</groupId> > <artifactId>guice</artifactId> > <version>4.2.0</version> > </dependency> > <dependency> > <groupId>com.google.guava</groupId> > <artifactId>guava</artifactId> > <version>25.1-jre</version> > </dependency> > </dependencies> > </project> > {code} > Output > {code:java} > $ mvn jdeps:jdkinternals > [INFO] Scanning for projects... > [INFO] > [INFO] --------------------------< com.acme:sample > >--------------------------- > [INFO] Building sample 0.0.0-SNAPSHOT > [INFO] --------------------------------[ jar > ]--------------------------------- > [INFO] > [INFO] --- maven-jdeps-plugin:3.1.1:jdkinternals (default-cli) @ sample --- > [INFO] > ------------------------------------------------------------------------ > [INFO] BUILD SUCCESS > [INFO] > ------------------------------------------------------------------------ > [INFO] Total time: 0.506 s > [INFO] Finished at: 2018-07-27T09:50:39+02:00 > [INFO] > ------------------------------------------------------------------------ > {code} -- This message was sent by Atlassian JIRA (v7.6.3#76005)