[
https://issues.apache.org/jira/browse/MDEP-753?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17491729#comment-17491729
]
Henning Schmiedehausen commented on MDEP-753:
---------------------------------------------
from what I can see is that "jdbi3-spring5 -> compile scope ->
some-other-spring-dep -> compile scope -> spring-core" is needed to *build* the
artifact. But "jdbi3-spring5 -> test-scope -> spring-core" is actually the
only place where the module explicitly references the module.
The maven core dependency resolver requires the the artifact to be in compile
scope. So it can *not* be declared as "test' scope, because otherwise the core
dependency resolver omits it from the compilation classpath and compilation
fails. That is how the *core* resolver works.
What you basically tell me is "oops, dependency plugin thinks different, you
need to work around the core resolver behavior. Tough luck".
The role of the dependency plugin is to report and check *what the core does*.
Not what any other developer *thinks* it is right. The 3.1.2 version of this
plugin does that. It clearly states that*if you put the spring-core dependency
in the pom, it MUST be in compile scope because that is what the core resolver
expects*.
What you are saying is that "well, you put it in compile scope, but we think it
is wrong, because it is only used in test scope. However, you can not put it in
test scope, because then the core resolver does not behave how we think it
should. So, just exclude them from checking".
This is literally the opposite of what a user would expect from this plugin.
For years, the dependency plugin has done exactly that: reflected what the core
resolver does and reported accordingly. Changing this behavior now and telling
users "tough luck, you need to change your configurations" is the opposite of
what a minor (!) update (3.1.x -> 3.3.x) should do. You *may* get away with it
for a 4.x.x. release but I would suggest starting a new plugin with that
behavior.
Please, fix the bugs that plague 3.1.x, no change its behavior. Looking at the
comments on this thread, you are on the wrong path. None of your users agrees
that what you are doing is the right thing to do.
> Non-test dependency reported as Non-test scoped test only dependency
> --------------------------------------------------------------------
>
> Key: MDEP-753
> URL: https://issues.apache.org/jira/browse/MDEP-753
> Project: Maven Dependency Plugin
> Issue Type: Bug
> Components: analyze
> Affects Versions: 3.2.0
> Reporter: Elliotte Rusty Harold
> Assignee: Elliotte Rusty Harold
> Priority: Critical
> Fix For: 3.3.0
>
> Attachments: chas.zip, tj.zip
>
>
> Saw this when updating the google-http-java-client from 3.1.2 to 3.2.0 of the
> plugin. I'm not immediately sure whether this is a regression:
> [INFO] --- maven-dependency-plugin:3.2.0:analyze (default-cli) @
> google-http-client ---
> Warning: Non-test scoped test only dependencies found:
> Warning: com.google.guava:guava:jar:30.1.1-android:compile
> Warning: io.opencensus:opencensus-api:jar:0.28.0:compile
> Changing Guava to scope test breaks the build, which is expected based on the
> code. The warning seems incorrect.
> https://github.com/googleapis/google-http-java-client/pull/1396
> https://github.com/googleapis/google-http-java-client/pull/1396/checks?check_run_id=2809438131
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
