[
https://issues.apache.org/jira/browse/MDEP-431?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17160053#comment-17160053
]
Matt Nelson commented on MDEP-431:
----------------------------------
This doesn't appear to be fixed in the latest release[1] or in master[2].
[1]
https://maven.apache.org/plugins/maven-dependency-plugin/analyze-only-mojo.html
[2]
https://github.com/apache/maven-dependency-plugin/blob/master/src/main/java/org/apache/maven/plugins/dependency/analyze/AbstractAnalyzeMojo.java
> new options to control output from dependency:analyze(-only)
> ------------------------------------------------------------
>
> Key: MDEP-431
> URL: https://issues.apache.org/jira/browse/MDEP-431
> Project: Maven Dependency Plugin
> Issue Type: New Feature
> Components: analyze
> Affects Versions: 2.8
> Reporter: Robert Platt
> Priority: Minor
> Attachments: mdep.patch
>
>
> Including dependency:analyze-only with failOnWarning into a build can be very
> effective at catching dependency issues. However, it is pretty much
> all-or-nothing at the moment. In the case of complex or legacy projects it
> can be difficult to incorporate the plugin into the build.
> This is a patch (see attached mdep.path) to version 2.8 to provide more
> control over dependency analysis output, introducing three new configuration
> options. In all cases, the default options provide the current plugin
> behavior:
> 1. warnUnusedDeclared (default true). Unused declared dependencies generate
> a warning if this is true, otherwise it is just info.
> 2. ignoreManagedUndeclared (default false). If true, then used undeclared
> dependencies which are dependency managed are not reported in the warnings.
> The reasoning behind this option is that used undeclared dependencies are
> less likely to break a build in subtle ways if they are dependency managed,
> since the version will not change without developer intervention. Turning
> this option on focuses the analysis on compiling against unmanaged transitive
> dependencies.
> 3. preferManagedVersionOutput (default false). If true, when outputting XML,
> versions are left unspecified for managed dependencies. This can be handy
> when you aren't using ignoreManagedUndeclared but want to use managed
> versions when fixing undeclared dependencies.
> Finally, the wording for the output of unused declared dependencies has been
> changed to 'Potentially unused declared dependencies found' because, as
> documented, their are limitations to this detection process with the default
> analyzer. This wording makes it clearer to developers without that working
> knowledge.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
