[
https://issues.apache.org/jira/browse/MDEP-891?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Elliotte Rusty Harold updated MDEP-891:
---------------------------------------
Summary: Used undeclared dependencies found for class which is used by an
indirect class (was: Used undeclared dependencies found for class which is
used by and indirect class)
> Used undeclared dependencies found for class which is used by an indirect
> class
> -------------------------------------------------------------------------------
>
> Key: MDEP-891
> URL: https://issues.apache.org/jira/browse/MDEP-891
> Project: Maven Dependency Plugin
> Issue Type: Bug
> Components: analyze-only
> Affects Versions: 3.6.0, 3.6.1
> Reporter: Karl Heinz Marbaise
> Priority: Critical
> Fix For: waiting-for-feedback
>
> Attachments: SO-mvn-question-main.zip
>
>
> Based on an example described on
> [StackOverflow|https://stackoverflow.com/questions/77360885/maven-dependency-plugin-3-6-started-to-find-new-used-undeclared-dependencies]
> with the example project https://github.com/DmitryTen/SO-mvn-question which
> can be used as reproducer (attached that example to the issue).
> The failure starts happening with {{Maven Dependency Plugin:3.6.0}}:
> {code}
> [INFO] --- dependency:3.6.0:analyze-only (analyze-dependencies) @ test ---
> [ERROR] Used undeclared dependencies found:
> [ERROR] org.springframework:spring-web:jar:5.3.5:compile
> [INFO] -----------------------------------------------------------------
> {code}
> If we change the version of the plugin to 3.5.0:
> {code}
> [INFO] --- dependency:3.5.0:analyze-only (analyze-dependencies) @ test ---
> [INFO] No dependency problems found
> [INFO] Copying org.example:test:pom:1.0-SNAPSHOT to project local repository
> [INFO] Copying org.example:test:jar:1.0-SNAPSHOT to project local repository
> [INFO] Copying org.example:test:pom:consumer:1.0-SNAPSHOT to project local
> repository
> [INFO]
> ----------------------------------------------------------------------------------
> {code}
> After a bit more diving into it, it looks like the upgrade of the
> {{maven-dependency-analyzer:1.3.2}} in release 3.6.0 of the
> {{maven-dependency-plugin}}
> (https://issues.apache.org/jira/projects/MDEP/versions/12352921) caused that
> issue. If I use an older version of {{maven-dependency-plugin}} for example
> 3.5.0 and upgrade there the {{maven-dependency-analyzer:1.3.1}} it will fail
> with the same output. The version {{maven-dependency-analyzer:1.3.0}} will
> work fine.
> I have taken a look into the code of the classes:
> The class {{StandaloneVaultConfig}} which is created in the example project
> uses {{AppRoleAuthentication}} which is part of
> {{org.springframework.vault:spring-vault-core}}. The usage of classes from
> {{org.springframework:spring-web:jar:5.3.5:compile}} happening in the class
> {{AppRoleAuthentication}}.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
