[ 
https://issues.apache.org/jira/browse/MDEP-964?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17910164#comment-17910164
 ] 

ASF GitHub Bot commented on MDEP-964:
-------------------------------------

elharo commented on code in PR #459:
URL: 
https://github.com/apache/maven-dependency-plugin/pull/459#discussion_r1904085130


##########
src/main/java/org/apache/maven/plugins/dependency/analyze/AbstractAnalyzeMojo.java:
##########
@@ -231,7 +231,7 @@ public abstract class AbstractAnalyzeMojo extends 
AbstractMojo {
      *
      * @since 2.10
      */
-    @Parameter(defaultValue = "org.slf4j:slf4j-simple::")
+    @Parameter(defaultValue = 
"org.slf4j:slf4j-simple::,org.glassfish:javax.json::")

Review Comment:
   Do you want the user to replace the default list then, not simply append to 
it?
   
   My gut is that we should not warn on anything we're not sure about, and 
we're never sure about dependencies like slf4j that are commonly used by 
reflection.





> Allowlist org.glassfish:javax.json
> ----------------------------------
>
>                 Key: MDEP-964
>                 URL: https://issues.apache.org/jira/browse/MDEP-964
>             Project: Maven Dependency Plugin
>          Issue Type: Improvement
>            Reporter: Elliotte Rusty Harold
>            Assignee: Elliotte Rusty Harold
>            Priority: Minor
>
> found this one in our own code:
> -    <dependency>
> -      <groupId>org.glassfish</groupId>
> -      <artifactId>javax.json</artifactId>
> -      <version>1.1.4</version>
> -      <scope>test</scope>
> -    </dependency>
> It's typically loaded by reflection so not found by the analyzer. Might want 
> to list it as used iff javax.json-api is used



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to