[
https://issues.apache.org/jira/browse/MGPG-111?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17824770#comment-17824770
]
Tamas Cservenak commented on MGPG-111:
--------------------------------------
Please, do not blindly follow these (broken anyway) reports.
Explanations:
* junixsocket is clearly _used_ but analyzer is dumb enough to miss the thing:
they release a POM that is "dependency grouping" pattern, so POM that is
"unused" actually brings in common that IS used
* plexus-sec-dispatcher and plexus-cipher (reported as "unused") MUST be
declared in pair, once to align them, and secondly to EXCLUDE whatever they
want to pull in (a LOT of cruft, even things like old guice)
* maven-resolver-impl is used in test, so I kinda accept this
The only "real" issues (2 out of 6, not bad)
* maven-artifact, used but undeclared (but only ArtifactHandler, while myself
consider everything else in there as deprecated, which actually mostly is)
* maven-settings, used but undeclared
> Clean upn dependency declarations
> ---------------------------------
>
> Key: MGPG-111
> URL: https://issues.apache.org/jira/browse/MGPG-111
> Project: Maven GPG Plugin
> Issue Type: Dependency upgrade
> Reporter: Elliotte Rusty Harold
> Priority: Minor
>
> [WARNING] Used undeclared dependencies found:
> [WARNING] org.apache.maven:maven-artifact:jar:3.9.6:provided
> [WARNING] org.apache.maven:maven-settings:jar:3.9.6:provided
> [WARNING] com.kohlschutter.junixsocket:junixsocket-common:jar:2.9.0:compile
> [WARNING] org.apache.maven.resolver:maven-resolver-impl:jar:1.9.18:provided
> [WARNING] Unused declared dependencies found:
> [WARNING] com.kohlschutter.junixsocket:junixsocket-core:pom:2.9.0:compile
> [WARNING] org.codehaus.plexus:plexus-cipher:jar:2.0:compile
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
