[jira] [Commented] (MDEP-787) [regression] 3.2.0/3.3.0-SNAPSHOT need way to override false “non-test-scoped dependency” warning

Sat, 12 Feb 2022 06:05:04 -0800 


    [ 
https://issues.apache.org/jira/browse/MDEP-787?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17491354#comment-17491354
 ] 

Slawomir Jaranowski commented on MDEP-787:
------------------------------------------

We have new type of analyze *non-test scoped* so: 
 - should respect {{ignoredDependencies}} list
 - new list of ignored dependencies for this type should be aded like: 
{{ignoredNonTestScopedDependencies}}  

> [regression] 3.2.0/3.3.0-SNAPSHOT need way to override false “non-test-scoped 
> dependency” warning
> -------------------------------------------------------------------------------------------------
>
>                 Key: MDEP-787
>                 URL: https://issues.apache.org/jira/browse/MDEP-787
>             Project: Maven Dependency Plugin
>          Issue Type: Bug
>    Affects Versions: 3.2.0, 3.3.0
>            Reporter: Thorsten Glaser
>            Assignee: Slawomir Jaranowski
>            Priority: Blocker
>
> This was found due to testing whether 3.3.0-SNAPSHOT fixes the regressions of 
> 3.2.0 against 3.1.2 (it doesn’t, yet).
> After finding 
> [https://maven.apache.org/guides/development/guide-testing-development-plugins.html]
>  I was able to test the snapshot on the 
> [https://github.com/tarent/extract-tool/tree/mdep753-snapshot] branch as well.
> This problem shows up:
> {quote}{{$ mvn dependency:analyze-only@analyse-dependency-usage}}
> {{[…]}}
> {{[WARNING] Non-test scoped test only dependencies found:}}
> {{[WARNING] 
> com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:jar:2.13.1:compile}}
> {quote}
> This is “correct”: {{com.fasterxml.jackson.dataformat.yaml.YAMLFactory}} is 
> {{{}import{}}}ed in the tests but only used via reflection in prod because 
> it’s an optional (but not marked as optional so it’s included by default, but 
> users can {{<exclude>}} it and that’s supported and documented) dependency. 
> This means it’s a false positive that cannot be expected to be handled by the 
> test correctly and must be overridden in the POM.
> However, adding it as {{<ignoredUnusedDeclaredDependency>}} does not work ☹ 
> it’s probably the wrong overriding element, but 
> [https://maven.apache.org/plugins/maven-dependency-plugin/analyze-only-mojo.html]
>  does not have anything on how to override this particular warning.
> This is a *must-have* for, I hope, obvious reasons…



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Reply via email to