[jira] [Created] (MDEP-787) [regression] 3.2.0/3.3.0-SNAPSHOT need way to override false “non-test-scoped dependency” warning

["Thorsten Glaser (Jira)" <ji...@apache.org>]

Thorsten Glaser created MDEP-787:
------------------------------------

             Summary: [regression] 3.2.0/3.3.0-SNAPSHOT need way to override false “non-test-scoped dependency” warning
                 Key: MDEP-787
                 URL: https://issues.apache.org/jira/browse/MDEP-787
             Project: Maven Dependency Plugin
          Issue Type: Bug
    Affects Versions: 3.2.0, 3.3.0
            Reporter: Thorsten Glaser


This was found due to testing whether 3.3.0-SNAPSHOT fixes the regressions of 3.2.0 against 3.1.2 (it doesn’t, yet).

After finding [https://maven.apache.org/guides/development/guide-testing-development-plugins.html] I was able to test the snapshot on the [https://github.com/tarent/extract-tool/tree/mdep753-snapshot] branch as well.

This problem shows up:
{quote}{{$ mvn dependency:analyze-only@analyse-dependency-usage}}
{{[…]}}
{{[WARNING] Non-test scoped test only dependencies found:}}
{{[WARNING] com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:jar:2.13.1:compile}}
{quote}
This is “correct”: {{com.fasterxml.jackson.dataformat.yaml.YAMLFactory}} is {{{}import{}}}ed in the tests but only used via reflection in prod because it’s an optional (but not marked as optional so it’s included by default, but users can {{<exclude>}} it and that’s supported and documented) dependency. This means it’s a false positive that cannot be expected to be handled by the test correctly and must be overridden in the POM.

However, adding it as {{<ignoredUnusedDeclaredDependency>}} does not work ☹ it’s probably the wrong overriding element, but [https://maven.apache.org/plugins/maven-dependency-plugin/analyze-only-mojo.html] does not have anything on how to override this particular warning.

This is a *must-have* for, I hope, obvious reasons…



--
This message was sent by Atlassian Jira
(v8.20.1#820001)