Could com.alibaba.compileflow: compileflow: 1.3.0-SNAPSHOT drop off redundant dependencies?

[slimming-fat]

Hi, I found that com.alibaba.compileflow: compileflow: 1.3.0-SNAPSHOT’s pom file introduced 28 dependencies. However, among them, 2 libraries (7% have not been used by your project), the redundant dependencies are listed below.

More seriously, 1 redundant libraries have not been maintained by developers for more than 3 years（outdated dependencies）.

Reduce these unused dependencies can help prevent introducing bugs/vulnerabilities from outdated dependencies. Meanwhile, it can minimize the project size. To safely remove redundant dependencies, I constructed a complete call graph (resolved most of Java reflection and dynamic binding), and validated that they have not been used by the client code.

This PR com.alibaba.compileflow: compileflow: 1.3.0-SNAPSHOT for removing the redundant dependencies have passed the tests.

Best regards

Redundant dependencies

Redundant direct dependencies:

     com.github.spotbugs:spotbugs-annotations:4.7.2:compile [14 KB]

Redundant indirect dependencies:

     com.google.code.findbugs:jsr305:3.0.2:compile [19 KB]  

Outdated dependencies

com.google.code.findbugs:jsr305:3.0.2 (2168 days without maintenance)

[CLAassistant]

All committers have signed the CLA.