You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Andres Almiray (JIRA)" <ji...@apache.org> on 2018/07/27 07:53:00 UTC
[jira] [Commented] (MJDEPS-16) Include project dependencies in scan
[ https://issues.apache.org/jira/browse/MJDEPS-16?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16559395#comment-16559395 ]
Andres Almiray commented on MJDEPS-16:
--------------------------------------
As a comparison, the Gradle jdeps plugin does check compile/runtime dependencies by default
[https://github.com/aalmiray/jdeps-gradle-plugin]
Minimum Gradle build file:
{code:java}
plugins {
id 'java'
id 'org.kordamp.jdeps' version '0.3.0'
}
repositories {
mavenCentral()
}
dependencies {
compile 'com.google.inject:guice:4.2.0'
compile 'com.google.guava:guava:25.1-jre'
}
{code}
Output:
{code:java}
$ gw jdeps
No gradlew set up for this project; consider setting one up:
http://gradle.org/docs/current/userguide/gradle_wrapper.html
Using gradle at '/Users/aalmiray/.sdkman/candidates/gradle/current/bin/gradle' to run buildfile '/tmp/foo/build.gradle':
> Task :compileJava NO-SOURCE
> Task :processResources NO-SOURCE
> Task :classes UP-TO-DATE
> Task :jdeps FAILED
guava-25.1-jre.jar -> /Library/Java/JavaVirtualMachines/jdk1.8.0_171.jdk/Contents/Home/jre/lib/rt.jar
com.google.common.cache.Striped64 (guava-25.1-jre.jar)
-> sun.misc.Unsafe JDK internal API (rt.jar)
com.google.common.cache.Striped64$1 (guava-25.1-jre.jar)
-> sun.misc.Unsafe JDK internal API (rt.jar)
com.google.common.cache.Striped64$Cell (guava-25.1-jre.jar)
-> sun.misc.Unsafe JDK internal API (rt.jar)
com.google.common.hash.LittleEndianByteArray$UnsafeByteArray (guava-25.1-jre.jar)
-> sun.misc.Unsafe JDK internal API (rt.jar)
com.google.common.hash.LittleEndianByteArray$UnsafeByteArray$1 (guava-25.1-jre.jar)
-> sun.misc.Unsafe JDK internal API (rt.jar)
com.google.common.hash.LittleEndianByteArray$UnsafeByteArray$2 (guava-25.1-jre.jar)
-> sun.misc.Unsafe JDK internal API (rt.jar)
com.google.common.hash.LittleEndianByteArray$UnsafeByteArray$3 (guava-25.1-jre.jar)
-> sun.misc.Unsafe JDK internal API (rt.jar)
com.google.common.hash.Striped64 (guava-25.1-jre.jar)
-> sun.misc.Unsafe JDK internal API (rt.jar)
com.google.common.hash.Striped64$1 (guava-25.1-jre.jar)
-> sun.misc.Unsafe JDK internal API (rt.jar)
com.google.common.hash.Striped64$Cell (guava-25.1-jre.jar)
-> sun.misc.Unsafe JDK internal API (rt.jar)
com.google.common.primitives.UnsignedBytes$LexicographicalComparatorHolder$UnsafeComparator (guava-25.1-jre.jar)
-> sun.misc.Unsafe JDK internal API (rt.jar)
com.google.common.primitives.UnsignedBytes$LexicographicalComparatorHolder$UnsafeComparator$1 (guava-25.1-jre.jar)
-> sun.misc.Unsafe JDK internal API (rt.jar)
com.google.common.util.concurrent.AbstractFuture$UnsafeAtomicHelper (guava-25.1-jre.jar)
-> sun.misc.Unsafe JDK internal API (rt.jar)
com.google.common.util.concurrent.AbstractFuture$UnsafeAtomicHelper$1 (guava-25.1-jre.jar)
-> sun.misc.Unsafe JDK internal API (rt.jar)
Warning: JDK internal APIs are unsupported and private to JDK implementation that are
subject to be removed or changed incompatibly and could break your application.
Please modify your code to eliminate dependency on any JDK internal APIs.
For the most recent update on JDK internal API replacements, please check:
https://wiki.openjdk.java.net/display/JDK8/Java+Dependency+Analysis+Tool
JDK Internal API Suggested Replacement
---------------- ---------------------
sun.misc.Unsafe See http://openjdk.java.net/jeps/260
FAILURE: Build failed with an exception.
* What went wrong:
Execution failed for task ':jdeps'.
> jdeps reported errors in foo
* Try:
Run with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output. Run with --scan to get full insights.
* Get more help at https://help.gradle.org
BUILD FAILED in 6s
1 actionable task: 1 executed
{code}
> Include project dependencies in scan
> ------------------------------------
>
> Key: MJDEPS-16
> URL: https://issues.apache.org/jira/browse/MJDEPS-16
> Project: Maven JDeps Plugin
> Issue Type: New Feature
> Affects Versions: 3.1.1
> Environment: Apache Maven 3.5.3 (3383c37e1f9e9b3bc3df5050c29c8aff9f295297; 2018-02-24T20:49:05+01:00)
> Maven home: /Users/aalmiray/.sdkman/candidates/maven/current
> Java version: 1.8.0_171, vendor: Oracle Corporation
> Java home: /Library/Java/JavaVirtualMachines/jdk1.8.0_171.jdk/Contents/Home/jre
> Default locale: en_CH, platform encoding: UTF-8
> OS name: "mac os x", version: "10.12.5", arch: "x86_64", family: "mac"
> Reporter: Andres Almiray
> Priority: Major
>
>
> Version 3.1.1 executes jdeps on production (goal: jdkinternals) and test (goal: test-jdkinternals) sources but does not consider dependencies. This means the report will tell you if product sources are complaint or not but does not tell you if the packaged/deployed project would encounter problems or not.
> At the very least Compile/Runtime dependencies should be scanned. Please make this the default behavior. Perhaps it would be good to have a flag to skip this behavior if anyone would like to have the previous behavior.
> For reference, this issue was discussed with Robert Scholte during JCrete 2018.
> *Minimum POM example:*
> {code:java}
> <project xmlns="http://maven.apache.org/POM/4.0.0"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
> <modelVersion>4.0.0</modelVersion>
> <groupId>com.acme</groupId>
> <artifactId>sample</artifactId>
> <packaging>jar</packaging>
> <version>0.0.0-SNAPSHOT</version>
> <build>
> <plugins>
> <plugin>
> <groupId>org.apache.maven.plugins</groupId>
> <artifactId>maven-jdeps-plugin</artifactId>
> <version>3.1.1</version>
> <executions>
> <execution>
> <goals>
> <goal>jdkinternals</goal>
> </goals>
> </execution>
> </executions>
> </plugin>
> </plugins>
> </build>
> <dependencies>
> <dependency>
> <groupId>com.google.inject</groupId>
> <artifactId>guice</artifactId>
> <version>4.2.0</version>
> </dependency>
> <dependency>
> <groupId>com.google.guava</groupId>
> <artifactId>guava</artifactId>
> <version>25.1-jre</version>
> </dependency>
> </dependencies>
> </project>
> {code}
> Output
> {code:java}
> $ mvn jdeps:jdkinternals
> [INFO] Scanning for projects...
> [INFO]
> [INFO] --------------------------< com.acme:sample >---------------------------
> [INFO] Building sample 0.0.0-SNAPSHOT
> [INFO] --------------------------------[ jar ]---------------------------------
> [INFO]
> [INFO] --- maven-jdeps-plugin:3.1.1:jdkinternals (default-cli) @ sample ---
> [INFO] ------------------------------------------------------------------------
> [INFO] BUILD SUCCESS
> [INFO] ------------------------------------------------------------------------
> [INFO] Total time: 0.506 s
> [INFO] Finished at: 2018-07-27T09:50:39+02:00
> [INFO] ------------------------------------------------------------------------
> {code}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)