[jira] [Updated] (CONFIGURATION-772) Exclude unused transitive dependencies

["César Soto Valero (Jira)" <ji...@apache.org>]

     [ https://issues.apache.org/jira/browse/CONFIGURATION-772?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

César Soto Valero updated CONFIGURATION-772:
--------------------------------------------
    External issue URL: https://github.com/apache/commons-configuration/pull/40

> Exclude unused transitive dependencies
> --------------------------------------
>
>                 Key: CONFIGURATION-772
>                 URL: https://issues.apache.org/jira/browse/CONFIGURATION-772
>             Project: Commons Configuration
>          Issue Type: Improvement
>          Components: Build
>    Affects Versions: 2.6
>            Reporter: César Soto Valero
>            Priority: Minor
>              Labels: build, pull-request-available, security
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> Hello. I noticed that *{{poi-ooxml}}* and *{{postgresql}}*, which are transitive dependencies induced via *{{dbunit}}*, are actually not used.
> Looking at the Maven dependency tree of the project, we can see that these dependencies may create conflicts:
> {code:java}
> .  .  .
>  |  +- org.apache.poi:poi-ooxml:jar:3.17:test
>  |  |  +- org.apache.poi:poi:jar:3.17:test
>  |  |  |  +- (commons-codec:commons-codec:jar:1.10:test - omitted for conflict with 1.13)
>  |  |  |  \- org.apache.commons:commons-collections4:jar:4.1:test
>  |  |  +- org.apache.poi:poi-ooxml-schemas:jar:3.17:test
>  |  |  |  \- org.apache.xmlbeans:xmlbeans:jar:2.6.0:test
>  |  |  |     \- stax:stax-api:jar:1.0.1:test
>  |  |  \- com.github.virtuald:curvesapi:jar:1.04:test
>  |  \- postgresql:postgresql:jar:8.4-701.jdbc3:test
> .  .  .{code}
> Hence, It is a good practice to exclude these dependencies from the {{pom to avoid conflicts, to make the library smaller and the dependency tree clearer.}}
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)