jkube Could org.eclipse.jkube.quickstarts.maven:thorntail:1.7.0 drop off redundant dependencies?

Hi! I found the pom file of project org.eclipse.jkube.quickstarts.maven:thorntail:1.7.0 introduced 76 dependencies. However, among them, 72 libraries (94%) are not used by your project. I list the redundant dependencies below (labelled as red ones in the figure):

Redundant dependencies

com.fasterxml.jackson.core:jackson-annotations:jar:2.10.3:compile io.thorntail:request-controller:jar:2.7.0.Final:compile io.thorntail:transactions:jar:2.7.0.Final:compile io.thorntail.jdk-specific:thorntail-jdk-specific:jar:2:compile org.jboss.shrinkwrap.descriptors:shrinkwrap-descriptors-impl-base:jar:2.0.0:compile org.ow2.asm:asm-tree:jar:7.1:compile com.fasterxml.jackson.core:jackson-databind:jar:2.10.3:compile io.thorntail:meta-spi:jar:2.7.0.Final:compile io.thorntail:logging:jar:2.7.0.Final:compile io.thorntail:cdi-config:jar:2.7.0.Final:compile org.jboss.xnio:xnio-api:jar:3.8.0.Final:compile org.yaml:snakeyaml:jar:1.24:compile io.thorntail:naming:jar:2.7.0.Final:compile com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:jar:2.10.1:compile org.wildfly.client:wildfly-client-config:jar:1.0.1.Final:compile org.eclipse.microprofile.openapi:microprofile-openapi-api:jar:1.1.2:compile org.jboss.shrinkwrap.descriptors:shrinkwrap-descriptors-api-jboss:jar:2.0.0:compile io.undertow:undertow-servlet:jar:2.1.3.Final:compile org.jboss.shrinkwrap.descriptors:shrinkwrap-descriptors-api-base:jar:2.0.0:compile org.jboss.shrinkwrap:shrinkwrap-spi:jar:1.2.6:compile org.ow2.asm:asm:jar:7.1:compile org.jboss.spec.javax.el:jboss-el-api_3.0_spec:jar:2.0.0.Final:compile io.thorntail:bean-validation:jar:2.7.0.Final:compile org.wildfly.common:wildfly-common:jar:1.5.1.Final:compile jakarta.activation:jakarta.activation-api:jar:1.2.1:compile jakarta.inject:jakarta.inject-api:jar:1.0:compile org.jboss.openjdk-orb:openjdk-orb:jar:8.0.8.Final:compile io.undertow:undertow-core:jar:2.1.3.Final:compile com.fasterxml.jackson.jaxrs:jackson-jaxrs-base:jar:2.10.3:compile io.smallrye:smallrye-open-api:jar:1.1.22:compile org.jboss.spec.javax.servlet:jboss-servlet-api_4.0_spec:jar:2.0.0.Final:compile io.thorntail:jaxrs-cdi:jar:2.7.0.Final:compile io.smallrye.config:smallrye-config-common:jar:1.6.2:compile com.fasterxml.jackson.module:jackson-module-jaxb-annotations:jar:2.10.3:compile org.jboss.spec.javax.enterprise.concurrent:jboss-concurrency-api_1.0_spec:jar:2.0.0.Final:compile org.jboss.narayana.jts:narayana-jts-idlj:jar:5.9.8.Final:compile org.jboss.logging:jboss-logging:jar:3.4.1.Final:compile com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider:jar:2.10.3:compile org.jboss.shrinkwrap.descriptors:shrinkwrap-descriptors-spi:jar:2.0.0:compile org.jboss.xnio:xnio-nio:jar:3.8.0.Final:runtime io.thorntail:undertow:jar:2.7.0.Final:compile org.eclipse.microprofile.config:microprofile-config-api:jar:1.4:compile org.jboss.shrinkwrap:shrinkwrap-impl-base:jar:1.2.6:compile io.thorntail:microprofile-config:jar:2.7.0.Final:compile io.thorntail:config-api-runtime:jar:2.7.0:compile io.smallrye.config:smallrye-config:jar:1.6.2:compile io.thorntail:io:jar:2.7.0.Final:compile org.ow2.asm:asm-commons:jar:7.1:compile io.thorntail:spi:jar:2.7.0.Final:compile io.thorntail:cdi:jar:2.7.0.Final:compile io.thorntail:bootstrap:jar:2.7.0.Final:compile org.jboss.shrinkwrap.descriptors:shrinkwrap-descriptors-api-javaee:jar:2.0.0:compile io.thorntail:security:jar:2.7.0.Final:compile io.thorntail:config-api:jar:2.7.0:compile org.jboss.spec.javax.interceptor:jboss-interceptors-api_1.2_spec:jar:2.0.0.Final:compile jakarta.enterprise:jakarta.enterprise.cdi-api:jar:2.0.2:compile org.jboss.shrinkwrap.descriptors:shrinkwrap-descriptors-impl-javaee:jar:2.0.0:compile io.thorntail:ee:jar:2.7.0.Final:compile org.glassfish:jakarta.el:jar:3.0.2:compile com.fasterxml.jackson.core:jackson-core:jar:2.10.3:compile jakarta.validation:jakarta.validation-api:jar:2.0.2:compile org.jboss:jandex:jar:2.1.2.Final:compile org.jboss.spec.javax.annotation:jboss-annotations-api_1.3_spec:jar:2.0.1.Final:compile io.thorntail:microprofile-config-wildfly-config-api:jar:2.7.0:compile org.jboss.spec.javax.websocket:jboss-websocket-api_1.1_spec:jar:2.0.0.Final:compile io.thorntail:container:jar:2.7.0.Final:compile org.jboss.shrinkwrap:shrinkwrap-api:jar:1.2.6:compile org.ow2.asm:asm-analysis:jar:7.1:compile io.thorntail:elytron:jar:2.7.0.Final:compile org.jboss.shrinkwrap.descriptors:shrinkwrap-descriptors-impl-jboss:jar:2.0.0:compile org.jboss.spec.javax.transaction:jboss-transaction-api_1.3_spec:jar:2.0.0.Final:compile org.jboss.threads:jboss-threads:jar:3.1.0.Final:compile

Removing the redundant dependencies can reduce the size of project and prevent potential dependency conflict issues (i.e., multiple versions of the same library). More importantly, one of the redundant dependencies org.glassfish:jakarta.el:jar:3.0.2:compile incorporates a high-level vulnerability SNYK-JAVA-ORGGLASSFISH-1297098. one of the redundant dependencies org.jboss.xnio:xnio-api:jar:3.8.0.Final:compile incorporates a medium-level vulnerability SNYK-JAVA-ORGJBOSSXNIO-590100. As such, I suggest a refactoring operation for org.eclipse.jkube.quickstarts.maven:thorntail:1.7.0’s pom file.

The attached PR helps resolve the reported problem. It is safe to remove the unused libraries (we considered Java reflection relations when analyzing the dependencies). These changes have passed org.eclipse.jkube.quickstarts.maven:thorntail:1.7.0’s maven tests.

Best regards

Apr 12 '22 07:04 Celebrate-future

Eclipse JKube CI Report

Started new GH workflow run for https://github.com/eclipse/jkube/pull/1451 (2022-04-12T07:45:01Z)

:gear: JKube E2E Tests (2153365153)

:heavy_check_mark: Bootstrap CI test run (#1451)
:heavy_check_mark: K8S v1.12.0 dockerfile (#1451)
:heavy_check_mark: K8S v1.12.0 other (#1451)
:heavy_check_mark: K8S v1.12.0 quarkus (#1451)
:heavy_check_mark: K8S v1.12.0 quarkus-native (#1451)
:heavy_check_mark: K8S v1.12.0 springboot (#1451)
:heavy_check_mark: K8S v1.12.0 webapp (#1451)
:heavy_check_mark: K8S v1.20.1 dockerfile (#1451)
:heavy_check_mark: K8S v1.20.1 other (#1451)
:heavy_check_mark: K8S v1.20.1 quarkus (#1451)
:heavy_check_mark: K8S v1.20.1 quarkus-native (#1451)
:heavy_check_mark: K8S v1.20.1 springboot (#1451)
:heavy_check_mark: K8S v1.20.1 webapp (#1451)
:heavy_check_mark: OpenShift v3.11.0 other (#1451)
:heavy_check_mark: OpenShift v3.11.0 quarkus (#1451)
:heavy_check_mark: OpenShift v3.11.0 springboot (#1451)
:heavy_check_mark: OpenShift v3.11.0 webapp (#1451)
:heavy_check_mark: OpenShift v3.9.0 other (#1451)
:heavy_check_mark: OpenShift v3.9.0 quarkus (#1451)
:heavy_check_mark: OpenShift v3.9.0 springboot (#1451)
:heavy_check_mark: OpenShift v3.9.0 webapp (#1451)
:heavy_check_mark: Windows (#1451)

Apr 12 '22 07:04 manusa

Kudos, SonarCloud Quality Gate passed!

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
No Duplication information

Apr 12 '22 07:04 sonarqubecloud[bot]

@Celebrate-future : Welcome, Thanks a lot for contributing to Eclipse JKube :+1:,

In order to contribute to Eclipse, you would need to create an Eclipse Account and Sign Eclipse Contributor Agreement. Once you've created an eclipse account you would need to update your commit message with a Signed-off-by: footer. You can do it like this:

# (Optional): Configure Git User and Email
git config user.name "Your Name"
git config user.email "[email protected]"

# Amend your previous commit with signed off footer
git commit --amend --signoff

Apr 12 '22 07:04 rohanKanojia

Hi @Celebrate-future, We'd be really happy to include your changes, but we need you to do the requested changes to your commit metadata first.

https://github.com/eclipse/jkube/pull/1451#issuecomment-1096290408

Apr 28 '22 04:04 manusa

Hi @Celebrate-future, We'd be really happy to include your changes, but we need you to do the requested changes to your commit metadata first.

#1451 (comment)

Thanks for your attention, I will finish it.

May 03 '22 03:05 Celebrate-future

@Celebrate-future : I'm facing this error when trying to run generated fat jar.

thorntail : $ java -jar target/thorntail-sample-thorntail.jar 
2022-05-23 21:49:40,729 INFO  [org.wildfly.swarm] (main) THORN0013: Installed fraction:                   JAX-RS - STABLE          io.thorntail:jaxrs:2.7.0.Final
2022-05-23 21:49:40,737 INFO  [org.wildfly.swarm] (main) THORN0013: Installed fraction:     MicroProfile OpenAPI - STABLE          io.thorntail:microprofile-openapi:2.7.0.Final
2022-05-23 21:49:40,737 INFO  [org.wildfly.swarm] (main) THORN0013: Installed fraction:                 Undertow - STABLE          io.thorntail:undertow:2.7.0.Final
2022-05-23 21:49:40,738 INFO  [org.wildfly.swarm] (main) THORN0013: Installed fraction:                  Logging - STABLE          io.thorntail:logging:2.7.0.Final
2022-05-23 21:49:40,738 INFO  [org.wildfly.swarm] (main) THORN0013: Installed fraction:                  Elytron - STABLE          io.thorntail:elytron:2.7.0.Final
org.jboss.modules.ModuleLoadError: org.apache.commons.beanutils
	at org.jboss.modules.Module.addPaths(Module.java:1266)
	at org.jboss.modules.Module.link(Module.java:1622)
	at org.jboss.modules.Module.getPaths(Module.java:1583)
	at org.jboss.modules.Module.getPathsUnchecked(Module.java:1606)
	at org.jboss.modules.Module.loadModuleClass(Module.java:726)
	at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:247)
	at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:410)
	at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:398)
	at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:116)
	at java.lang.ClassLoader.defineClass1(Native Method)
	at java.lang.ClassLoader.defineClass(ClassLoader.java:756)
	at org.jboss.modules.ModuleClassLoader.doDefineOrLoadClass(ModuleClassLoader.java:423)
	at org.jboss.modules.ModuleClassLoader.defineClass(ModuleClassLoader.java:555)
	at org.jboss.modules.ModuleClassLoader.loadClassLocal(ModuleClassLoader.java:339)
	at org.jboss.modules.ModuleClassLoader$1.loadClassLocal(ModuleClassLoader.java:126)
	at org.jboss.modules.Module.loadModuleClass(Module.java:731)
	at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:247)
	at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:410)
	at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:398)
	at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:116)
	at org.jboss.weld.resources.AbstractClassLoaderResourceLoader.classForName(AbstractClassLoaderResourceLoader.java:40)
	at org.jboss.weld.environment.util.Reflections.classForName(Reflections.java:127)
	at org.jboss.weld.environment.util.Reflections.loadClass(Reflections.java:112)
	at org.jboss.weld.environment.deployment.discovery.jandex.JandexDiscoveryStrategy.containsBeanDefiningAnnotation(JandexDiscoveryStrategy.java:152)
	at org.jboss.weld.environment.deployment.discovery.jandex.JandexDiscoveryStrategy.processAnnotatedDiscovery(JandexDiscoveryStrategy.java:94)
	at org.jboss.weld.environment.deployment.discovery.AbstractDiscoveryStrategy.performDiscovery(AbstractDiscoveryStrategy.java:148)
	at org.jboss.weld.environment.se.Weld.createDeployment(Weld.java:955)
	at org.jboss.weld.environment.se.Weld.initialize(Weld.java:777)
	at org.wildfly.swarm.container.runtime.ServerBootstrapImpl.lambda$null$0(ServerBootstrapImpl.java:149)
	at org.wildfly.swarm.container.runtime.LogSilencer$SilentExecutor.execute(LogSilencer.java:75)
	at org.wildfly.swarm.container.runtime.ServerBootstrapImpl.lambda$bootstrap$1(ServerBootstrapImpl.java:120)
	at org.wildfly.swarm.spi.api.ClassLoading.withTCCL(ClassLoading.java:43)
	at org.wildfly.swarm.container.runtime.ServerBootstrapImpl.bootstrap(ServerBootstrapImpl.java:113)
	at org.wildfly.swarm.Swarm.start(Swarm.java:401)
	at org.wildfly.swarm.Swarm.main(Swarm.java:745)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.wildfly.swarm.bootstrap.MainInvoker.invoke(MainInvoker.java:57)
	at org.wildfly.swarm.bootstrap.Main.run(Main.java:134)
	at org.wildfly.swarm.bootstrap.Main.main(Main.java:87)
org.jboss.modules.ModuleLoadError: org.apache.commons.beanutils
	at org.jboss.modules.Module.addPaths(Module.java:1266)
	at org.jboss.modules.Module.link(Module.java:1622)
	at org.jboss.modules.Module.getPaths(Module.java:1583)
	at org.jboss.modules.Module.getPathsUnchecked(Module.java:1606)
	at org.jboss.modules.Module.loadModuleClass(Module.java:726)
	at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:247)
	at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:410)
	at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:398)
	at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:116)
	at java.lang.ClassLoader.defineClass1(Native Method)
	at java.lang.ClassLoader.defineClass(ClassLoader.java:756)
	at org.jboss.modules.ModuleClassLoader.doDefineOrLoadClass(ModuleClassLoader.java:423)
	at org.jboss.modules.ModuleClassLoader.defineClass(ModuleClassLoader.java:555)
	at org.jboss.modules.ModuleClassLoader.loadClassLocal(ModuleClassLoader.java:339)
	at org.jboss.modules.ModuleClassLoader$1.loadClassLocal(ModuleClassLoader.java:126)
	at org.jboss.modules.Module.loadModuleClass(Module.java:731)
	at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:247)
	at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:410)
	at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:398)
	at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:116)
	at org.jboss.weld.resources.AbstractClassLoaderResourceLoader.classForName(AbstractClassLoaderResourceLoader.java:40)
	at org.jboss.weld.environment.util.Reflections.classForName(Reflections.java:127)
	at org.jboss.weld.environment.util.Reflections.loadClass(Reflections.java:112)
	at org.jboss.weld.environment.deployment.discovery.jandex.JandexDiscoveryStrategy.containsBeanDefiningAnnotation(JandexDiscoveryStrategy.java:152)
	at org.jboss.weld.environment.deployment.discovery.jandex.JandexDiscoveryStrategy.processAnnotatedDiscovery(JandexDiscoveryStrategy.java:94)
	at org.jboss.weld.environment.deployment.discovery.AbstractDiscoveryStrategy.performDiscovery(AbstractDiscoveryStrategy.java:148)
	at org.jboss.weld.environment.se.Weld.createDeployment(Weld.java:955)
	at org.jboss.weld.environment.se.Weld.initialize(Weld.java:777)
	at org.wildfly.swarm.container.runtime.ServerBootstrapImpl.lambda$null$0(ServerBootstrapImpl.java:149)
	at org.wildfly.swarm.container.runtime.LogSilencer$SilentExecutor.execute(LogSilencer.java:75)
	at org.wildfly.swarm.container.runtime.ServerBootstrapImpl.lambda$bootstrap$1(ServerBootstrapImpl.java:120)
	at org.wildfly.swarm.spi.api.ClassLoading.withTCCL(ClassLoading.java:43)
	at org.wildfly.swarm.container.runtime.ServerBootstrapImpl.bootstrap(ServerBootstrapImpl.java:113)
	at org.wildfly.swarm.Swarm.start(Swarm.java:401)
	at org.wildfly.swarm.Swarm.main(Swarm.java:745)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.wildfly.swarm.bootstrap.MainInvoker.invoke(MainInvoker.java:57)
	at org.wildfly.swarm.bootstrap.Main.run(Main.java:134)
	at org.wildfly.swarm.bootstrap.Main.main(Main.java:87)

Are you sure excluded dependencies aren't required?

May 23 '22 16:05 rohanKanojia

Hi @Celebrate-future would you still work on this? thanks!

Nov 27 '23 09:11 sunix

jkube jkube copied to clipboard

Could org.eclipse.jkube.quickstarts.maven:thorntail:1.7.0 drop off redundant dependencies?

Redundant dependencies

Eclipse JKube CI Report

jkube
jkube copied to clipboard