Could kg.apc:jmeter-plugins-autostop:0.1 drop off redundant dependencies? #523
Conversation
Codecov Report
@@ Coverage Diff @@
## master #523 +/- ##
============================================
+ Coverage 69.20% 69.21% +0.01%
Complexity 2572 2572
============================================
Files 230 230
Lines 15468 15468
Branches 1566 1566
============================================
+ Hits 10704 10706 +2
+ Misses 3978 3976 -2
Partials 786 786
📣 Codecov can now indicate which changes are the most critical in Pull Requests. Learn more |
|
Hi, I'd not mess with exclusions, since I have no idea how that would affect the functioning of the plugin. I tend to trust the dependency structure of POMs. Though I agree it can be heavy in terms of disk space. |
When you use to exclude these redundant dependencies, incompatible licenses will be removed |
Hi! I found the pom file of project kg.apc:jmeter-plugins-autostop:0.1 introduced 115 dependencies. However, among them, 11 libraries (9%) are not used by your project. I list the redundant dependencies below (labelled as red ones in the figure):
Redundant dependencies
net.jcip:jcip-annotations:jar:1.0:compile
javax.mail:mail:jar:1.5.0-b01:compile
xml-apis:xml-apis:jar:1.4.01:compile
geronimo-spec:geronimo-spec-javamail:jar:1.3.1-rc3:compile
excalibur-pool:excalibur-pool-api:jar:2.1:compile
javax.activation:activation:jar:1.1:compile
geronimo-spec:geronimo-spec-jms:jar:1.1-rc4:compile
rome:rome:jar:1.0:compile
org.apache.geronimo.specs:geronimo-jms_1.1_spec:jar:1.1.1:compile
javax.servlet:servlet-api:jar:2.3:compile
xml-apis:xmlParserAPIs:jar:2.0.2:compile
Outdated dependencies
javax.activation:activation:1.1 (6296 days without maintenance)
net.jcip:jcip-annotations:1.0 (5462 days without maintenance)
geronimo-spec:geronimo-spec-jms:1.1-rc4 (6457 days without maintenance)
xml-apis:xml-apis:1.4.01 (4361 days without maintenance)
org.apache.geronimo.specs:geronimo-jms_1.1_spec:1.1.1 (5651 days without maintenance)
xml-apis:xmlParserAPIs:2.0.2 (6457 days without maintenance)
Removing the redundant dependencies can reduce the size of project and prevent potential dependency conflict issues (i.e., multiple versions of the same library). More importantly, one of the redundant dependencies javax.mail:mail:jar:1.5.0-b01:compile incorporates an incompatible license CDDL (CDDL cannot be used by the project with license The Apache Software License, Version 2.0), one of the redundant dependencies javax.activation:activation:jar:1.1:compile incorporates an incompatible license COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) V1.0 (COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) V1.0 cannot be used by the project with license The Apache Software License, Version 2.0). As such, I suggest a refactoring operation for kg.apc:jmeter-plugins-autostop:0.1’s pom file.
As shown in the figure, it is noteworthy that, libraries jdom:jdom::1.0:compile(149KB) are invoked by the projects. When we remove the redundant dependency rome:rome::1.0:compile, the above jdom:jdom::1.0:compile(149KB) should be declared as direct dependencies. The attached PR helps resolve the reported problem. It is safe to remove the unused libraries (we considered Java reflection relations when analyzing the dependencies). These changes have passed kg.apc:jmeter-plugins-autostop:0.1’s maven tests.
Best regards