Closed JamiesWhiteShirt closed 3 years ago
Hi Erlend! Thank you for using the Conjur Java API! I was the person who enabled Maven publishing a few months ago, and based on the work I did then, I do agree that some of these dependencies are outdated. For example, the exec-maven-plugin
dependency was added roughly five years ago, so it's safe to say it can be removed.
That being said, I apologize for the problems you encountered, that's definitely not the experience we want you to have. I've linked a PR (#94) that should resolve this issue. Please let me know if there's anything else I can do!
Hi Erlend, we've release version 3.0.2
that addresses this issue. Cheers!
I can confirm that updating to 3.0.2 resolved the issue. Thanks for the quick fix!
Summary
org.codehaus.mojo.exec-maven-plugin
is a compile dependency of the Maven publication, meaning that it appears on the compile classpath of dependents of the Conjur Java API. The Conjur Java API does not useexec-maven-plugin
at runtime, nor does it use any of its classes it in its API, thus it should not be on the compile classpath.If not excluded, it increases the size of fat JARs and puts many unnecessary classes on the compile classpath. Transitive dependencies of
exec-maven-plugin
are also included, such as SLF4J implementations that may conflict with others.Steps to Reproduce
Configure
com.cyberark.conjur.api:conjur-api:3.0.1
as a dependency of a Maven/Gradle project and attempt to link with classes fromexec-maven-plugin
or its dependencies.Expected Results
org.codehaus.mojo:exec-maven-plugin
should not be included as a transitive dependency.Actual Results (including error logs, if applicable)
org.codehaus.mojo:exec-maven-plugin
is included as a transitive dependency ofcom.cyberark.conjur.api:conjur-api
on the compile classpath.Reproducible
Version/Tag number
Conjur Java API version 3.0.1
Environment setup
Development environment with Conjur Java API version 3.0.1 installed.