BradleyBoutcher
commented
3 years ago Hi Erlend! Thank you for using the Conjur Java API! I was the person who enabled Maven publishing a few months ago, and based on the work I did then, I do agree that some of these dependencies are outdated. For example, the exec-maven-plugin dependency was added roughly five years ago, so it's safe to say it can be removed.
That being said, I apologize for the problems you encountered, that's definitely not the experience we want you to have. I've linked a PR (#94) that should resolve this issue. Please let me know if there's anything else I can do!
JamiesWhiteShirt
Summary
org.codehaus.mojo.exec-maven-pluginis a compile dependency of the Maven publication, meaning that it appears on the compile classpath of dependents of the Conjur Java API. The Conjur Java API does not useexec-maven-pluginat runtime, nor does it use any of its classes it in its API, thus it should not be on the compile classpath.If not excluded, it increases the size of fat JARs and puts many unnecessary classes on the compile classpath. Transitive dependencies of
exec-maven-pluginare also included, such as SLF4J implementations that may conflict with others.Steps to Reproduce
Configure
com.cyberark.conjur.api:conjur-api:3.0.1as a dependency of a Maven/Gradle project and attempt to link with classes fromexec-maven-pluginor its dependencies.Expected Results
org.codehaus.mojo:exec-maven-pluginshould not be included as a transitive dependency.Actual Results (including error logs, if applicable)
org.codehaus.mojo:exec-maven-pluginis included as a transitive dependency ofcom.cyberark.conjur.api:conjur-apion the compile classpath.Reproducible
Version/Tag number
Conjur Java API version 3.0.1
Environment setup
Development environment with Conjur Java API version 3.0.1 installed.