You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@maven.apache.org by laredotornado-3 <la...@gmail.com> on 2014/02/11 22:11:06 UTC
Why is dependency:analyze lying to me?
Hi,
I’m using Maven 3.1.1 on Mac 10.9.1. When I ran “mvn dependency:analyze” on
my project, I got results that included:
[WARNING] Unused declared dependencies found:
…
[WARNING] junit:junit:jar:4.11:test
So I commented out the above junit dependency in my pom (declared like so):
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>${version.junit}</version>
<scope>test</scope>
</dependency>
However, when I ran “mvm clean install” on my project, I got errors like
initializationError0(org.mainco.subco.core.SerializableTest) Time elapsed:
0 sec <<< ERROR!
java.lang.NoSuchFieldError: NULL
at org.junit.runners.ParentRunner.<init>(ParentRunner.java:48)
at
org.junit.runners.BlockJUnit4ClassRunner.<init>(BlockJUnit4ClassRunner.java:58)
at
org.springframework.test.context.junit4.SpringJUnit4ClassRunner.<init>(SpringJUnit4ClassRunner.java:104)
This isn’t the only dependency that the analyze goal lists that wreaks havoc
when I comment it out. Is there another way to detect what dependencies are
truly not needed by my project?
--
View this message in context: http://maven.40175.n5.nabble.com/Why-is-dependency-analyze-lying-to-me-tp5784108.html
Sent from the Maven - Users mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org
Re: Why is dependency:analyze lying to me?
Posted by Paul Benedict <pb...@apache.org>.
Especially if you use Spring XML configuration, it's impossible for the
Dependency Plugin to figure out you need this-or-that Spring jar. The best
you can do, actually, is use the new Spring Java Config so that your
configuration is code and thus able to be statically analyzed.
On Thu, Feb 13, 2014 at 3:54 PM, laredotornado-3 <la...@gmail.com>wrote:
> Hi,
>
> This may fall into the "How the hell is Maven supposed to know?" category,
> but one of the dependencies that dependency:analyze lists when I run it on
> my WAR project is
>
> [WARNING] Unused declared dependencies found:
> ...
> [WARNING]
>
> org.springframework.security:spring-security-taglibs:jar:3.1.1.RELEASE:compile
>
> However, when I comment this out of my pom, a few of my JSPs die with the
> error
>
> org.apache.jasper.JasperException: The absolute uri:
> http://www.springframework.org/security/tags cannot be resolved in either
> web.xml or the jar files deployed with this application
>
>
> org.apache.jasper.compiler.DefaultErrorHandler.jspError(DefaultErrorHandler.java:51)
>
>
> org.apache.jasper.compiler.ErrorDispatcher.dispatch(ErrorDispatcher.java:409)
>
>
> org.apache.jasper.compiler.ErrorDispatcher.jspError(ErrorDispatcher.java:116)
>
> because the JSP includes this
>
> <%@ taglib prefix="sec"
> uri="http://www.springframework.org/security/tags"%>
>
> Anyway, not sure if the plugin can be configured to detect these kind of
> things, but a guy can dream, can't he??
>
>
>
> --
> View this message in context:
> http://maven.40175.n5.nabble.com/Why-is-dependency-analyze-lying-to-me-tp5784108p5784691.html
> Sent from the Maven - Users mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
> For additional commands, e-mail: users-help@maven.apache.org
>
>
--
Cheers,
Paul
Re: Why is dependency:analyze lying to me?
Posted by Mirko Friedenhagen <mf...@gmail.com>.
Hello,
you see this a lot with runtime dependencies (which should probably be
ignored during analyze anyway), so I mostly just ignore these in the
output. It would be a cool thing, if you could suppress warnings for gavs
directly in the analyze goal, so you see new stuff coming up more easily.
Regards
Mirko
--
Sent from my mobile
On Feb 13, 2014 11:01 PM, "Wayne Fay" <wa...@gmail.com> wrote:
> > This may fall into the “How the hell is Maven supposed to know?”
> category,
>
> Yes, it most certainly does.
>
> > [WARNING]
> >
> org.springframework.security:spring-security-taglibs:jar:3.1.1.RELEASE:compile
> ...
> > Anyway, not sure if the plugin can be configured to detect these kind of
> > things, but a guy can dream, can’t he??
>
> You would need to write code that performs the following tasks:
> 1. look in jar files related to dependencies
> 2. find taglib files and other configuration files [each file type
> needs its own parser]
> 3. store tag uris that are discovered along with the associated jar
> 4. check those tag uris vs what is in your code (keep in mind some may
> be in config files you wrote, so gotta parse those too - more code to
> write)
> 5. output the list of jars (dependencies) which are not actually used
> in code or config
>
> This is nontrivial, so no one has done it. I'm sure we'd take a
> contribution if you did the work.
>
> Wayne
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
> For additional commands, e-mail: users-help@maven.apache.org
>
>
Re: Why is dependency:analyze lying to me?
Posted by Wayne Fay <wa...@gmail.com>.
> This may fall into the “How the hell is Maven supposed to know?” category,
Yes, it most certainly does.
> [WARNING]
> org.springframework.security:spring-security-taglibs:jar:3.1.1.RELEASE:compile
...
> Anyway, not sure if the plugin can be configured to detect these kind of
> things, but a guy can dream, can’t he??
You would need to write code that performs the following tasks:
1. look in jar files related to dependencies
2. find taglib files and other configuration files [each file type
needs its own parser]
3. store tag uris that are discovered along with the associated jar
4. check those tag uris vs what is in your code (keep in mind some may
be in config files you wrote, so gotta parse those too - more code to
write)
5. output the list of jars (dependencies) which are not actually used
in code or config
This is nontrivial, so no one has done it. I'm sure we'd take a
contribution if you did the work.
Wayne
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org
Re: Why is dependency:analyze lying to me?
Posted by laredotornado-3 <la...@gmail.com>.
Hi,
This may fall into the “How the hell is Maven supposed to know?” category,
but one of the dependencies that dependency:analyze lists when I run it on
my WAR project is
[WARNING] Unused declared dependencies found:
…
[WARNING]
org.springframework.security:spring-security-taglibs:jar:3.1.1.RELEASE:compile
However, when I comment this out of my pom, a few of my JSPs die with the
error
org.apache.jasper.JasperException: The absolute uri:
http://www.springframework.org/security/tags cannot be resolved in either
web.xml or the jar files deployed with this application
org.apache.jasper.compiler.DefaultErrorHandler.jspError(DefaultErrorHandler.java:51)
org.apache.jasper.compiler.ErrorDispatcher.dispatch(ErrorDispatcher.java:409)
org.apache.jasper.compiler.ErrorDispatcher.jspError(ErrorDispatcher.java:116)
because the JSP includes this
<%@ taglib prefix="sec"
uri="http://www.springframework.org/security/tags"%>
Anyway, not sure if the plugin can be configured to detect these kind of
things, but a guy can dream, can’t he??
--
View this message in context: http://maven.40175.n5.nabble.com/Why-is-dependency-analyze-lying-to-me-tp5784108p5784691.html
Sent from the Maven - Users mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org
Re: Why is dependency:analyze lying to me?
Posted by Barrie Treloar <ba...@gmail.com>.
On 13 February 2014 00:20, Mark H. Wood <mw...@iupui.edu> wrote:
> On Wed, Feb 12, 2014 at 08:11:29AM +1030, Barrie Treloar wrote:
> [snip]
>> I think Maven is missing a scope, it needs to break up test into two
>> phases; testCompile and testRuntime instead of having one scope which
>> means both.
[del]
> Picky terminology tweak:
Yes, my bad.
I meant break that one scope into two scopes (not phases).
Much like there are two scopes for compilation (compile and runtime),
there needs to be two scopes for test (compile and runtime).
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org
Re: Why is dependency:analyze lying to me?
Posted by "Mark H. Wood" <mw...@IUPUI.Edu>.
On Wed, Feb 12, 2014 at 08:11:29AM +1030, Barrie Treloar wrote:
[snip]
> I think Maven is missing a scope, it needs to break up test into two
> phases; testCompile and testRuntime instead of having one scope which
> means both.
> This means that the analyze code can't tell what stuff is needed for
> tests at compile time and what is needed at runtime.
Picky terminology tweak: I went off to check my memory because I was
*sure* that Maven has a full set of test-* phases parallel to what we
might call the "main" phases. It has. Then I came back here and saw
that what you want is parallel *scopes* [test]Compile, [test]Runtime.
Having sorted that (I hope), I think I agree with you.
--
Mark H. Wood, Lead System Programmer mwood@IUPUI.Edu
Machines should not be friendly. Machines should be obedient.
Re: Why is dependency:analyze lying to me?
Posted by Paul Benedict <pb...@apache.org>.
I am so happy someone brought this up. I actually hit this issue several
times but never got around to mentioning it. Please submit a JIRA issue!
On Tue, Feb 11, 2014 at 3:41 PM, Barrie Treloar <ba...@gmail.com> wrote:
> On 12 February 2014 07:41, laredotornado-3 <la...@gmail.com>
> wrote:
> > Hi,
> >
> > I'm using Maven 3.1.1 on Mac 10.9.1. When I ran "mvn
> dependency:analyze" on
> > my project, I got results that included:
> >
> > [WARNING] Unused declared dependencies found:
> > ...
> > [WARNING] junit:junit:jar:4.11:test
> >
> > So I commented out the above junit dependency in my pom (declared like
> so):
> [del]
> > java.lang.NoSuchFieldError: NULL
> > at
> org.junit.runners.ParentRunner.<init>(ParentRunner.java:48)
> > at
> >
> org.junit.runners.BlockJUnit4ClassRunner.<init>(BlockJUnit4ClassRunner.java:58)
> > at
> >
> org.springframework.test.context.junit4.SpringJUnit4ClassRunner.<init>(SpringJUnit4ClassRunner.java:104)
> >
> > This isn't the only dependency that the analyze goal lists that wreaks
> havoc
> > when I comment it out. Is there another way to detect what dependencies
> are
> > truly not needed by my project?
>
> Unfortunately this stuff is not documented well enough in the plugin.
> You're welcome to submit a patch!
>
> Have a look at
> http://maven.apache.org/plugins/maven-dependency-plugin/faq.html#unused
>
> I think Maven is missing a scope, it needs to break up test into two
> phases; testCompile and testRuntime instead of having one scope which
> means both.
> This means that the analyze code can't tell what stuff is needed for
> tests at compile time and what is needed at runtime.
>
> If my memory serves me right, that would mean for your example that
> Spring is a compile time dependency but junit would be a runtime
> dependency.
> Hence the incorrect "Unused declared dependencies found" error.
>
> I would manually ignore anything found in the test scope from the error
> list.
> I never found the time to go hacking the plugin to work better - i.e.
> if it is test scope it really can't tell the difference between unused
> dependencies and shouldn't report them.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
> For additional commands, e-mail: users-help@maven.apache.org
>
>
--
Cheers,
Paul
Re: Why is dependency:analyze lying to me?
Posted by Barrie Treloar <ba...@gmail.com>.
On 12 February 2014 07:41, laredotornado-3 <la...@gmail.com> wrote:
> Hi,
>
> I'm using Maven 3.1.1 on Mac 10.9.1. When I ran "mvn dependency:analyze" on
> my project, I got results that included:
>
> [WARNING] Unused declared dependencies found:
> ...
> [WARNING] junit:junit:jar:4.11:test
>
> So I commented out the above junit dependency in my pom (declared like so):
[del]
> java.lang.NoSuchFieldError: NULL
> at org.junit.runners.ParentRunner.<init>(ParentRunner.java:48)
> at
> org.junit.runners.BlockJUnit4ClassRunner.<init>(BlockJUnit4ClassRunner.java:58)
> at
> org.springframework.test.context.junit4.SpringJUnit4ClassRunner.<init>(SpringJUnit4ClassRunner.java:104)
>
> This isn't the only dependency that the analyze goal lists that wreaks havoc
> when I comment it out. Is there another way to detect what dependencies are
> truly not needed by my project?
Unfortunately this stuff is not documented well enough in the plugin.
You're welcome to submit a patch!
Have a look at http://maven.apache.org/plugins/maven-dependency-plugin/faq.html#unused
I think Maven is missing a scope, it needs to break up test into two
phases; testCompile and testRuntime instead of having one scope which
means both.
This means that the analyze code can't tell what stuff is needed for
tests at compile time and what is needed at runtime.
If my memory serves me right, that would mean for your example that
Spring is a compile time dependency but junit would be a runtime
dependency.
Hence the incorrect "Unused declared dependencies found" error.
I would manually ignore anything found in the test scope from the error list.
I never found the time to go hacking the plugin to work better - i.e.
if it is test scope it really can't tell the difference between unused
dependencies and shouldn't report them.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org