dependency-analysis-gradle-plugin icon indicating copy to clipboard operation
dependency-analysis-gradle-plugin copied to clipboard
verified publisher icon autonomousapps

false positive advice to remove annotation used library

Open xenoterracide opened this issue 1 year ago • 4 comments

Build scan link

https://gradle.com/s/532wov7wlgtsg

Plugin version

2.1.1

Gradle version

------------------------------------------------------------
Gradle 8.10.2
------------------------------------------------------------

Build time:    2024-09-23 21:28:39 UTC
Revision:      415adb9e06a516c44b391edff552fd42139443f7

Kotlin:        1.9.24
Groovy:        3.0.22
Ant:           Apache Ant(TM) version 1.10.14 compiled on August 16 2023
Launcher JVM:  21.0.4 (Eclipse Adoptium 21.0.4+7-LTS)
Daemon JVM:    /home/xeno/.asdf/installs/java/temurin-21.0.4+7.0.LTS (no JDK specified, using current Java home)
OS:            Linux 6.6.47-1-MANJARO amd64

Describe the bug

That library has usages, it's used on package and in module-info (yes, I know on the latter not supported)

  Advice for :security-model
  Unused dependencies which should be removed:
    implementation(libs.spring.modulith.api)

To Reproduce Steps to reproduce the behavior:

speculatively, a library is used only with annotations that are annotating a package-info class

/**
 * The {@link com.xenoterracide.model.security.user.User} aggregate.
 */
@DomainLayer
@NamedInterface
package com.xenoterracide.model.security.user;

import org.jmolecules.architecture.layered.DomainLayer;
import org.springframework.modulith.NamedInterface;

Expected behavior

no error. implementation is the correct scope.

Additional context

wasn't reported in 1.x

xenoterracide avatar Sep 28 '24 17:09 xenoterracide

I see the same thing with Kotlin-reflect, although the advice here is to make it runtime only. The problem is that if I do that, I get compiler warnings.

pexa-dnugent avatar Oct 03 '24 23:10 pexa-dnugent

Please test the latest version, there have been a lot of changes/fixes around this lately.

autonomousapps avatar Oct 11 '24 00:10 autonomousapps

I have the same issue with version 2.5.0. I created a minimal repository to reproduce this issue: https://github.com/tristankretzer/autonomousapps-dependency-analysis-gradle-plugin-issue-1274.

The error is:

Advice for root project
Unused dependencies which should be removed:
  testImplementation("org.jetbrains.kotlin:kotlin-test:2.0.21")
  testImplementation("org.jetbrains.kotlin:kotlin-test:2.0.21") { capabilities {
    requireCapability("org.jetbrains.kotlin:kotlin-test-framework-junit5")
  }}

These transitive dependencies should be declared directly:
  testImplementation("org.junit.jupiter:junit-jupiter-api:5.10.1")

("These transitive dependencies [...]" can be ignored as I just did not want to deal with it for the reproduction.)

If I change HelloWorldTest to

import kotlin.test.Test
import kotlin.test.fail

class HelloWorldTest {

  @Test
  fun `runs without throwing`() {
    fail()
  }
}

it results in:

Advice for root project
These transitive dependencies should be declared directly:
  testImplementation("org.junit.jupiter:junit-jupiter-api:5.10.1")

(As expected.)

tristankretzer avatar Nov 27 '24 22:11 tristankretzer

Thanks!

autonomousapps avatar Nov 27 '24 23:11 autonomousapps