[
https://issues.apache.org/jira/browse/MDEP-753?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17492216#comment-17492216
]
Charles Honton commented on MDEP-753:
-------------------------------------
As a user of the dependency plugin, I expect the analyze and analysis-only
goals to implement the following algorithm.
- Use byte code inspection on each class in the main and test artifacts to
determine the set of classes required to compile the main and test sources.
These classes are the used-classes set.
- Determine in which dependencies each used class is present. Add these
dependencies to the used-dependency set.
- Add any dependency declared in the usedDependencies parameter to the
used-dependency set.
- If ignoreNonCompile parameter is true, the declared-dependency set is the
compile-scope dependencies from the maven resolver. Else, if
ignoreUnusedRuntime parameter is true, the declared-dependency set is the
compile-scope, provided-scope, and system-scope dependencies from the maven
resolver. Otherwise, the declared-dependency set is the compile-scope,
provided-scope, system-scope, and test-scope dependencies from the maven
resolver.
- Add each dependency in the used-dependency set that is not in the
declared-dependency set to the used-but-undeclared set.
- Remove any dependency from the used-but-undeclared set that matches patterns
declared in the ignoreUsedUndeclaredDependencies parameter or the
ignoreDependencies parameter.
- Add each dependency in the declared-dependency that is not in the
used-dependency set to the declared-but-unused set.
- Remove any dependency from the declared-but-unused set that matches patterns
declared in the ignoreUnusedDeclaredDependencies parameter or
ignoreDependencies parameter.
- Print remaining members of used-but-undeclared set to the console or xml file.
- Print remaining members of declared-but-unused set to the console.
- If failOnWarning parameter is true, fail the build
> Non-test dependency reported as Non-test scoped test only dependency
> --------------------------------------------------------------------
>
> Key: MDEP-753
> URL: https://issues.apache.org/jira/browse/MDEP-753
> Project: Maven Dependency Plugin
> Issue Type: Bug
> Components: analyze
> Affects Versions: 3.2.0
> Reporter: Elliotte Rusty Harold
> Assignee: Elliotte Rusty Harold
> Priority: Critical
> Fix For: 3.3.0
>
> Attachments: chas.zip, tj.zip
>
>
> Saw this when updating the google-http-java-client from 3.1.2 to 3.2.0 of the
> plugin. I'm not immediately sure whether this is a regression:
> [INFO] --- maven-dependency-plugin:3.2.0:analyze (default-cli) @
> google-http-client ---
> Warning: Non-test scoped test only dependencies found:
> Warning: com.google.guava:guava:jar:30.1.1-android:compile
> Warning: io.opencensus:opencensus-api:jar:0.28.0:compile
> Changing Guava to scope test breaks the build, which is expected based on the
> code. The warning seems incorrect.
> https://github.com/googleapis/google-http-java-client/pull/1396
> https://github.com/googleapis/google-http-java-client/pull/1396/checks?check_run_id=2809438131
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
