You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Matt Nelson (Jira)" <ji...@apache.org> on 2020/07/17 16:38:00 UTC

[jira] [Commented] (MDEP-431) new options to control output from dependency:analyze(-only)

    [ https://issues.apache.org/jira/browse/MDEP-431?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17160053#comment-17160053 ] 

Matt Nelson commented on MDEP-431:
----------------------------------

This doesn't appear to be fixed in the latest release[1] or in master[2].

[1] https://maven.apache.org/plugins/maven-dependency-plugin/analyze-only-mojo.html
[2] https://github.com/apache/maven-dependency-plugin/blob/master/src/main/java/org/apache/maven/plugins/dependency/analyze/AbstractAnalyzeMojo.java

> new options to control output from dependency:analyze(-only)
> ------------------------------------------------------------
>
>                 Key: MDEP-431
>                 URL: https://issues.apache.org/jira/browse/MDEP-431
>             Project: Maven Dependency Plugin
>          Issue Type: New Feature
>          Components: analyze
>    Affects Versions: 2.8
>            Reporter: Robert Platt
>            Priority: Minor
>         Attachments: mdep.patch
>
>
> Including dependency:analyze-only with failOnWarning into a build can be very effective at catching dependency issues. However, it is pretty much all-or-nothing at the moment. In the case of complex or legacy projects it can be difficult to incorporate the plugin into the build.
> This is a patch (see attached mdep.path) to version 2.8 to provide more control over dependency analysis output, introducing three new configuration options. In all cases, the default options provide the current plugin behavior:
>  1. warnUnusedDeclared (default true). Unused declared dependencies generate a warning if this is true, otherwise it is just info.
>  2. ignoreManagedUndeclared (default false). If true, then used undeclared dependencies which are dependency managed are not reported in the warnings. The reasoning behind this option is that used undeclared dependencies are less likely to break a build in subtle ways if they are dependency managed, since the version will not change without developer intervention. Turning this option on focuses the analysis on compiling against unmanaged transitive dependencies.
>  3. preferManagedVersionOutput (default false). If true, when outputting XML, versions are left unspecified for managed dependencies. This can be handy when you aren't using ignoreManagedUndeclared but want to use managed versions when fixing undeclared dependencies.
> Finally, the wording for the output of unused declared dependencies has been changed to 'Potentially unused declared dependencies found' because, as documented, their are limitations to this detection process with the default analyzer. This wording makes it clearer to developers without that working knowledge.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)