[
https://issues.apache.org/jira/browse/MDEP-753?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17491730#comment-17491730
]
Henning Schmiedehausen commented on MDEP-753:
---------------------------------------------
> Maybe the new “non-test-scoped test-only dependencies” check should be a
> nōnfatal warning for a release or two? So projects continue to build, and
> people can add ignoredNonTestScopedDependencies entries at their leisure.
I am sorry, but you are wrong. Flagging transitive compile dependencies as
"non-test scoped test-only dependency" is incorrect, because these dependencies
are *not* test-only. They are required by the compiler to compile the code.
They may not be explicit but if Maven *had* a way to turn off transitive
resolution, they would need to be listed as part of the compile class path. By
listing them in test scope, maven actually does two things in the core resolver:
- adding them to the test class path
- if they were a transitive dependency on the compile class path, then it
*removes* them from the compile class path
The second part is what the 3.3.0-SNAPSHOT version of the dependency plugin
currently gets wrong. And it is the behavior of the *core resolver*. We may
disagree with that behavior (maybe the core resolver *should* keep them as
transitive compile dependency even if they are listed as "test") but for now,
*this is what it does*. And the dependency plugin *must* match the core
behavior, not some other policy. We have been through that pain in the maven 2
cycle, I dearly do not want to go back there.
The dependency plugin exists to allow users to validate that their pom
configurations correctly reflect the dependencies used to build their code. The
3.1.2 plugin does that. The 3.2.0 and the 3.3.0-SNAPSHOT versions do not.
> Non-test dependency reported as Non-test scoped test only dependency
> --------------------------------------------------------------------
>
> Key: MDEP-753
> URL: https://issues.apache.org/jira/browse/MDEP-753
> Project: Maven Dependency Plugin
> Issue Type: Bug
> Components: analyze
> Affects Versions: 3.2.0
> Reporter: Elliotte Rusty Harold
> Assignee: Elliotte Rusty Harold
> Priority: Critical
> Fix For: 3.3.0
>
> Attachments: chas.zip, tj.zip
>
>
> Saw this when updating the google-http-java-client from 3.1.2 to 3.2.0 of the
> plugin. I'm not immediately sure whether this is a regression:
> [INFO] --- maven-dependency-plugin:3.2.0:analyze (default-cli) @
> google-http-client ---
> Warning: Non-test scoped test only dependencies found:
> Warning: com.google.guava:guava:jar:30.1.1-android:compile
> Warning: io.opencensus:opencensus-api:jar:0.28.0:compile
> Changing Guava to scope test breaks the build, which is expected based on the
> code. The warning seems incorrect.
> https://github.com/googleapis/google-http-java-client/pull/1396
> https://github.com/googleapis/google-http-java-client/pull/1396/checks?check_run_id=2809438131
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
