[
https://issues.apache.org/jira/browse/MDEP-964?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17910164#comment-17910164
]
ASF GitHub Bot commented on MDEP-964:
-------------------------------------
elharo commented on code in PR #459:
URL:
https://github.com/apache/maven-dependency-plugin/pull/459#discussion_r1904085130
##########
src/main/java/org/apache/maven/plugins/dependency/analyze/AbstractAnalyzeMojo.java:
##########
@@ -231,7 +231,7 @@ public abstract class AbstractAnalyzeMojo extends
AbstractMojo {
*
* @since 2.10
*/
- @Parameter(defaultValue = "org.slf4j:slf4j-simple::")
+ @Parameter(defaultValue =
"org.slf4j:slf4j-simple::,org.glassfish:javax.json::")
Review Comment:
Do you want the user to replace the default list then, not simply append to
it?
My gut is that we should not warn on anything we're not sure about, and
we're never sure about dependencies like slf4j that are commonly used by
reflection.
> Allowlist org.glassfish:javax.json
> ----------------------------------
>
> Key: MDEP-964
> URL: https://issues.apache.org/jira/browse/MDEP-964
> Project: Maven Dependency Plugin
> Issue Type: Improvement
> Reporter: Elliotte Rusty Harold
> Assignee: Elliotte Rusty Harold
> Priority: Minor
>
> found this one in our own code:
> - <dependency>
> - <groupId>org.glassfish</groupId>
> - <artifactId>javax.json</artifactId>
> - <version>1.1.4</version>
> - <scope>test</scope>
> - </dependency>
> It's typically loaded by reflection so not found by the analyzer. Might want
> to list it as used iff javax.json-api is used
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
