search

fabric8-analytics / fabric8-analytics-vscode-extension

Red Hat Dependency Analytics extension
https://marketplace.visualstudio.com/items?itemName=redhat.fabric8-analytics
Apache License 2.0
241 stars 184 forks source link

[BUG] dubious dependency count #466

Closed fbricon closed 3 years ago

fbricon commented 3 years ago

Describe the bug Status bar reports 5 vulnerabilities in 2 dependencies. But project has 3 compile dependencies + 2 test dependencies + countless transitive dependencies. Snyk report says 5 vulnerabilities in 1 dependency

To Reproduce Steps to reproduce the behavior:

  1. Open the following pom.xml: 
    <?xml version="1.0"?>
<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<modelVersion>4.0.0</modelVersion>
<groupId>foo.bar.quarked</groupId>
<artifactId>quarked</artifactId>
<version>1.0.0-SNAPSHOT</version>
<properties>
<surefire-plugin.version>2.22.1</surefire-plugin.version>
<maven.compiler.target>11</maven.compiler.target>
<quarkus.platform.version>1.9.2.Final</quarkus.platform.version>
<maven.compiler.source>11</maven.compiler.source>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<quarkus.platform.artifact-id>quarkus-universe-bom</quarkus.platform.artifact-id>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<maven.compiler.parameters>true</maven.compiler.parameters>
<quarkus-plugin.version>1.9.2.Final</quarkus-plugin.version>
<compiler-plugin.version>3.8.1</compiler-plugin.version>
<quarkus.platform.group-id>io.quarkus</quarkus.platform.group-id>
</properties>
<dependencyManagement>
<dependencies>
  <dependency>
    <groupId>${quarkus.platform.group-id}</groupId>
    <artifactId>${quarkus.platform.artifact-id}</artifactId>
    <version>${quarkus.platform.version}</version>
    <type>pom</type>
    <scope>import</scope>
  </dependency>
</dependencies>
</dependencyManagement>
<dependencies>
<dependency>
  <groupId>org.eclipse.jetty</groupId>
  <artifactId>jetty-server</artifactId>
  <version>9.3.2.v20150730</version>
</dependency>
<dependency>
  <groupId>io.quarkus</groupId>
  <artifactId>quarkus-resteasy</artifactId>
</dependency>
<dependency>
  <groupId>io.quarkus</groupId>
  <artifactId>quarkus-arc</artifactId>
</dependency>
<dependency>
  <groupId>io.quarkus</groupId>
  <artifactId>quarkus-junit5</artifactId>
  <scope>test</scope>
</dependency>
<dependency>
  <groupId>io.rest-assured</groupId>
  <artifactId>rest-assured</artifactId>
  <scope>test</scope>
</dependency>
</dependencies>
<build>
<plugins>
  <plugin>
    <groupId>io.quarkus</groupId>
    <artifactId>quarkus-maven-plugin</artifactId>
    <version>${quarkus-plugin.version}</version>
    <executions>
      <execution>
        <goals>
          <goal>build</goal>
          <goal>generate-code</goal>
          <goal>generate-code-tests</goal>
        </goals>
      </execution>
    </executions>
  </plugin>
  <plugin>
    <artifactId>maven-compiler-plugin</artifactId>
    <version>${compiler-plugin.version}</version>
  </plugin>
  <plugin>
    <artifactId>maven-surefire-plugin</artifactId>
    <version>${surefire-plugin.version}</version>
    <configuration>
      <systemPropertyVariables>
        <java.util.logging.manager>org.jboss.logmanager.LogManager</java.util.logging.manager>
        <maven.home>${maven.home}</maven.home>
      </systemPropertyVariables>
    </configuration>
  </plugin>
</plugins>
</build>
<profiles>
<profile>
  <id>native</id>
  <activation>
    <property>
      <name>native</name>
    </property>
  </activation>
  <build>
    <plugins>
      <plugin>
        <artifactId>maven-failsafe-plugin</artifactId>
        <version>${surefire-plugin.version}</version>
        <executions>
          <execution>
            <goals>
              <goal>integration-test</goal>
              <goal>verify</goal>
            </goals>
            <configuration>
              <systemPropertyVariables>
                <native.image.path>${project.build.directory}/${project.build.finalName}-runner</native.image.path>
                <java.util.logging.manager>org.jboss.logmanager.LogManager</java.util.logging.manager>
                <maven.home>${maven.home}</maven.home>
              </systemPropertyVariables>
            </configuration>
          </execution>
        </executions>
      </plugin>
    </plugins>
  </build>
  <properties>
    <quarkus.package.type>native</quarkus.package.type>
  </properties>
</profile>
</profiles>
</project>
  2. Status bar shows: Screenshot 2020-12-18 at 10 48 06

Expected behavior If dependency count is shown, then it should be consistent, either with the snyk analysis, or the actual number of dependencies.

Screenshots

Screenshot 2020-12-18 at 10 41 50 Screenshot 2020-12-18 at 10 43 17

VSCode(please complete the following information):

See dependency:tree:

foo.bar.quarked:quarked:jar:1.0.0-SNAPSHOT
+- org.eclipse.jetty:jetty-server:jar:9.3.2.v20150730:compile
   +- javax.servlet:javax.servlet-api:jar:3.1.0:compile
   +- org.eclipse.jetty:jetty-http:jar:9.4.18.v20190429:compile (version managed from 9.3.2.v20150730)
      +- org.eclipse.jetty:jetty-util:jar:9.4.18.v20190429:compile
      \- (org.eclipse.jetty:jetty-io:jar:9.4.18.v20190429:compile - version managed from 9.3.2.v20150730; omitted for duplicate)
   \- org.eclipse.jetty:jetty-io:jar:9.4.18.v20190429:compile
      \- (org.eclipse.jetty:jetty-util:jar:9.4.18.v20190429:compile - omitted for duplicate)
+- io.quarkus:quarkus-resteasy:jar:1.9.2.Final:compile
   +- io.quarkus:quarkus-vertx-http:jar:1.9.2.Final:compile
      +- (io.quarkus:quarkus-core:jar:1.9.2.Final:compile - omitted for duplicate)
      +- io.quarkus:quarkus-security-runtime-spi:jar:1.9.2.Final:compile
         \- (io.quarkus:quarkus-core:jar:1.9.2.Final:compile - omitted for duplicate)
      +- io.quarkus:quarkus-development-mode-spi:jar:1.9.2.Final:compile
      +- io.quarkus.security:quarkus-security:jar:1.1.3.Final:compile
         +- (org.jboss.logging:jboss-logging:jar:3.4.1.Final:compile - version managed from 3.3.2.Final; omitted for duplicate)
         \- io.smallrye.reactive:mutiny:jar:0.9.0:compile (version managed from 0.4.3)
            +- org.reactivestreams:reactive-streams:jar:1.0.3:compile
            \- (io.smallrye.common:smallrye-common-annotation:jar:1.4.0:compile - omitted for duplicate)
      +- io.quarkus:quarkus-vertx-core:jar:1.9.2.Final:compile
         +- (io.quarkus:quarkus-core:jar:1.9.2.Final:compile - omitted for duplicate)
         +- (io.quarkus:quarkus-arc:jar:1.9.2.Final:compile - omitted for duplicate)
         +- io.quarkus:quarkus-netty:jar:1.9.2.Final:compile
            +- io.netty:netty-codec:jar:4.1.49.Final:compile
               +- (io.netty:netty-common:jar:4.1.49.Final:compile - omitted for duplicate)
               +- (io.netty:netty-buffer:jar:4.1.49.Final:compile - omitted for duplicate)
               \- (io.netty:netty-transport:jar:4.1.49.Final:compile - omitted for duplicate)
            +- (io.quarkus:quarkus-core:jar:1.9.2.Final:compile - omitted for duplicate)
            +- io.netty:netty-handler:jar:4.1.49.Final:compile
               +- (io.netty:netty-common:jar:4.1.49.Final:compile - omitted for duplicate)
               +- (io.netty:netty-resolver:jar:4.1.49.Final:compile - omitted for duplicate)
               +- (io.netty:netty-buffer:jar:4.1.49.Final:compile - omitted for duplicate)
               +- (io.netty:netty-transport:jar:4.1.49.Final:compile - omitted for duplicate)
               \- (io.netty:netty-codec:jar:4.1.49.Final:compile - omitted for duplicate)
            \- (jakarta.enterprise:jakarta.enterprise.cdi-api:jar:2.0.2:compile - omitted for duplicate)
         \- io.vertx:vertx-core:jar:3.9.4:compile
            +- io.netty:netty-common:jar:4.1.49.Final:compile
            +- io.netty:netty-buffer:jar:4.1.49.Final:compile
               \- (io.netty:netty-common:jar:4.1.49.Final:compile - omitted for duplicate)
            +- io.netty:netty-transport:jar:4.1.49.Final:compile
               +- (io.netty:netty-common:jar:4.1.49.Final:compile - omitted for duplicate)
               +- (io.netty:netty-buffer:jar:4.1.49.Final:compile - omitted for duplicate)
               \- (io.netty:netty-resolver:jar:4.1.49.Final:compile - omitted for duplicate)
            +- (io.netty:netty-handler:jar:4.1.49.Final:compile - omitted for duplicate)
            +- io.netty:netty-handler-proxy:jar:4.1.49.Final:compile
               +- (io.netty:netty-common:jar:4.1.49.Final:compile - omitted for duplicate)
               +- (io.netty:netty-buffer:jar:4.1.49.Final:compile - omitted for duplicate)
               +- (io.netty:netty-transport:jar:4.1.49.Final:compile - omitted for duplicate)
               +- (io.netty:netty-codec:jar:4.1.49.Final:compile - omitted for duplicate)
               +- io.netty:netty-codec-socks:jar:4.1.49.Final:compile
                  +- (io.netty:netty-common:jar:4.1.49.Final:compile - omitted for duplicate)
                  +- (io.netty:netty-buffer:jar:4.1.49.Final:compile - omitted for duplicate)
                  +- (io.netty:netty-transport:jar:4.1.49.Final:compile - omitted for duplicate)
                  \- (io.netty:netty-codec:jar:4.1.49.Final:compile - omitted for duplicate)
               \- (io.netty:netty-codec-http:jar:4.1.49.Final:compile - omitted for duplicate)
            +- io.netty:netty-codec-http:jar:4.1.49.Final:compile
               +- (io.netty:netty-common:jar:4.1.49.Final:compile - omitted for duplicate)
               +- (io.netty:netty-buffer:jar:4.1.49.Final:compile - omitted for duplicate)
               +- (io.netty:netty-transport:jar:4.1.49.Final:compile - omitted for duplicate)
               +- (io.netty:netty-codec:jar:4.1.49.Final:compile - omitted for duplicate)
               \- (io.netty:netty-handler:jar:4.1.49.Final:compile - omitted for duplicate)
            +- io.netty:netty-codec-http2:jar:4.1.49.Final:compile
               +- (io.netty:netty-common:jar:4.1.49.Final:compile - omitted for duplicate)
               +- (io.netty:netty-buffer:jar:4.1.49.Final:compile - omitted for duplicate)
               +- (io.netty:netty-transport:jar:4.1.49.Final:compile - omitted for duplicate)
               +- (io.netty:netty-codec:jar:4.1.49.Final:compile - omitted for duplicate)
               +- (io.netty:netty-handler:jar:4.1.49.Final:compile - omitted for duplicate)
               \- (io.netty:netty-codec-http:jar:4.1.49.Final:compile - omitted for duplicate)
            +- io.netty:netty-resolver:jar:4.1.49.Final:compile
               \- (io.netty:netty-common:jar:4.1.49.Final:compile - omitted for duplicate)
            +- io.netty:netty-resolver-dns:jar:4.1.49.Final:compile
               +- (io.netty:netty-common:jar:4.1.49.Final:compile - omitted for duplicate)
               +- (io.netty:netty-buffer:jar:4.1.49.Final:compile - omitted for duplicate)
               +- (io.netty:netty-resolver:jar:4.1.49.Final:compile - omitted for duplicate)
               +- (io.netty:netty-transport:jar:4.1.49.Final:compile - omitted for duplicate)
               +- (io.netty:netty-codec:jar:4.1.49.Final:compile - omitted for duplicate)
               \- io.netty:netty-codec-dns:jar:4.1.49.Final:compile
                  +- (io.netty:netty-common:jar:4.1.49.Final:compile - omitted for duplicate)
                  +- (io.netty:netty-buffer:jar:4.1.49.Final:compile - omitted for duplicate)
                  +- (io.netty:netty-transport:jar:4.1.49.Final:compile - omitted for duplicate)
                  \- (io.netty:netty-codec:jar:4.1.49.Final:compile - omitted for duplicate)
            \- com.fasterxml.jackson.core:jackson-core:jar:2.11.3:compile
      \- io.vertx:vertx-web:jar:3.9.4:compile
         +- io.vertx:vertx-web-common:jar:3.9.4:compile
            \- (io.vertx:vertx-core:jar:3.9.4:compile - omitted for duplicate)
         +- io.vertx:vertx-auth-common:jar:3.9.4:compile
            \- (io.vertx:vertx-core:jar:3.9.4:compile - omitted for duplicate)
         +- io.vertx:vertx-bridge-common:jar:3.9.4:compile
         \- (io.vertx:vertx-core:jar:3.9.4:compile - omitted for duplicate)
   \- io.quarkus:quarkus-resteasy-server-common:jar:1.9.2.Final:compile
      +- (io.quarkus:quarkus-core:jar:1.9.2.Final:compile - omitted for duplicate)
      +- (io.quarkus:quarkus-arc:jar:1.9.2.Final:compile - omitted for duplicate)
      +- io.quarkus:quarkus-resteasy-common:jar:1.9.2.Final:compile
         +- (io.quarkus:quarkus-core:jar:1.9.2.Final:compile - omitted for duplicate)
         +- org.jboss.resteasy:resteasy-core:jar:4.5.8.Final:compile
            +- org.jboss.spec.javax.ws.rs:jboss-jaxrs-api_2.1_spec:jar:2.0.1.Final:compile
            +- org.jboss.spec.javax.xml.bind:jboss-jaxb-api_2.3_spec:jar:2.0.0.Final:compile (version managed from 1.0.1.Final)
            +- org.jboss.resteasy:resteasy-core-spi:jar:4.5.8.Final:compile
               +- (org.jboss.spec.javax.ws.rs:jboss-jaxrs-api_2.1_spec:jar:2.0.1.Final:compile - omitted for duplicate)
               +- (org.jboss.spec.javax.xml.bind:jboss-jaxb-api_2.3_spec:jar:2.0.0.Final:compile - version managed from 1.0.1.Final; omitted for duplicate)
               +- (org.reactivestreams:reactive-streams:jar:1.0.3:compile - omitted for duplicate)
               +- (jakarta.validation:jakarta.validation-api:jar:2.0.2:compile - omitted for duplicate)
               +- (com.sun.activation:jakarta.activation:jar:1.2.1:compile - omitted for duplicate)
               \- (org.jboss.logging:jboss-logging:jar:3.4.1.Final:compile - version managed from 3.3.2.Final; omitted for duplicate)
            +- (org.reactivestreams:reactive-streams:jar:1.0.3:compile - omitted for duplicate)
            +- (jakarta.validation:jakarta.validation-api:jar:2.0.2:compile - omitted for duplicate)
            +- com.ibm.async:asyncutil:jar:0.1.0:compile
            +- (com.sun.activation:jakarta.activation:jar:1.2.1:compile - omitted for duplicate)
            +- (org.jboss.logging:jboss-logging:jar:3.4.1.Final:compile - version managed from 3.3.2.Final; omitted for duplicate)
            +- org.eclipse.microprofile.config:microprofile-config-api:jar:1.4:compile
            \- (io.smallrye.config:smallrye-config:jar:1.9.3:compile - version managed from 1.6.1; omitted for duplicate)
         +- (io.quarkus:quarkus-arc:jar:1.9.2.Final:compile - omitted for duplicate)
         \- com.sun.activation:jakarta.activation:jar:1.2.1:compile
      \- jakarta.validation:jakarta.validation-api:jar:2.0.2:compile
+- io.quarkus:quarkus-arc:jar:1.9.2.Final:compile
   +- io.quarkus.arc:arc:jar:1.9.2.Final:compile
      +- jakarta.enterprise:jakarta.enterprise.cdi-api:jar:2.0.2:compile
         +- jakarta.el:jakarta.el-api:jar:3.0.3:compile
         +- jakarta.interceptor:jakarta.interceptor-api:jar:1.2.5:compile
            +- (jakarta.annotation:jakarta.annotation-api:jar:1.3.5:compile - omitted for duplicate)
            \- jakarta.ejb:jakarta.ejb-api:jar:3.2.6:compile
               \- (jakarta.transaction:jakarta.transaction-api:jar:1.3.3:compile - version managed from 1.3.2; omitted for duplicate)
         \- (jakarta.inject:jakarta.inject-api:jar:1.0:compile - omitted for duplicate)
      +- jakarta.annotation:jakarta.annotation-api:jar:1.3.5:compile
      +- jakarta.transaction:jakarta.transaction-api:jar:1.3.3:compile
      \- org.jboss.logging:jboss-logging:jar:3.4.1.Final:compile
   +- io.quarkus:quarkus-core:jar:1.9.2.Final:compile
      +- (jakarta.annotation:jakarta.annotation-api:jar:1.3.5:compile - omitted for duplicate)
      +- (jakarta.enterprise:jakarta.enterprise.cdi-api:jar:2.0.2:compile - omitted for duplicate)
      +- jakarta.inject:jakarta.inject-api:jar:1.0:compile
      +- io.quarkus:quarkus-ide-launcher:jar:1.9.2.Final:compile
      +- (io.quarkus:quarkus-development-mode-spi:jar:1.9.2.Final:compile - omitted for duplicate)
      +- io.smallrye.config:smallrye-config:jar:1.9.3:compile (version managed from 1.6.1)
         +- io.smallrye.common:smallrye-common-annotation:jar:1.4.0:compile
         +- io.smallrye.config:smallrye-config-common:jar:1.9.3:compile
            +- (org.eclipse.microprofile.config:microprofile-config-api:jar:1.4:compile - omitted for duplicate)
            \- (org.jboss.logging:jboss-logging:jar:3.4.1.Final:compile - version managed from 3.3.2.Final; omitted for duplicate)
         +- io.smallrye.common:smallrye-common-expression:jar:1.4.0:compile
            +- io.smallrye.common:smallrye-common-function:jar:1.4.0:compile
               \- (io.smallrye.common:smallrye-common-constraint:jar:1.4.0:compile - omitted for duplicate)
            \- (org.jboss.logging:jboss-logging:jar:3.4.1.Final:compile - version managed from 3.3.2.Final; omitted for duplicate)
         +- io.smallrye.common:smallrye-common-constraint:jar:1.4.0:compile
            \- (org.jboss.logging:jboss-logging:jar:3.4.1.Final:compile - version managed from 3.3.2.Final; omitted for duplicate)
         +- io.smallrye.common:smallrye-common-classloader:jar:1.4.0:compile
         +- (org.jboss.logging:jboss-logging:jar:3.4.1.Final:compile - version managed from 3.3.2.Final; omitted for duplicate)
         \- org.ow2.asm:asm:jar:8.0.1:compile
      +- (org.jboss.logging:jboss-logging:jar:3.4.1.Final:compile - version managed from 3.3.2.Final; omitted for duplicate)
      +- org.jboss.logmanager:jboss-logmanager-embedded:jar:1.0.6:compile (version managed from 1.0.4)
         \- (org.wildfly.common:wildfly-common:jar:1.5.4.Final-format-001:compile - version managed from 1.5.0.Final; omitted for duplicate)
      +- org.jboss.logging:jboss-logging-annotations:jar:2.1.0.Final:compile
      +- org.jboss.threads:jboss-threads:jar:3.1.1.Final:compile
         +- (org.jboss.logging:jboss-logging:jar:3.4.1.Final:compile - version managed from 3.3.2.Final; omitted for duplicate)
         \- (org.wildfly.common:wildfly-common:jar:1.5.4.Final-format-001:compile - version managed from 1.5.0.Final; omitted for duplicate)
      +- org.slf4j:slf4j-api:jar:1.7.30:compile (version managed from 1.7.21)
      +- org.jboss.slf4j:slf4j-jboss-logging:jar:1.2.0.Final:compile
         +- (org.slf4j:slf4j-api:jar:1.7.30:compile - version managed from 1.7.21; omitted for duplicate)
         \- (org.jboss.logging:jboss-logging:jar:3.4.1.Final:compile - version managed from 3.4.0.Final; omitted for duplicate)
      +- org.graalvm.sdk:graal-sdk:jar:20.2.0:compile
      +- org.wildfly.common:wildfly-common:jar:1.5.4.Final-format-001:compile
      \- io.quarkus:quarkus-bootstrap-runner:jar:1.9.2.Final:compile
         +- (org.graalvm.sdk:graal-sdk:jar:20.2.0:compile - omitted for duplicate)
         +- (org.jboss.logmanager:jboss-logmanager-embedded:jar:1.0.6:compile - version managed from 1.0.4; omitted for duplicate)
         \- (org.jboss.logging:jboss-logging:jar:3.4.1.Final:compile - version managed from 3.3.2.Final; omitted for duplicate)
   \- org.eclipse.microprofile.context-propagation:microprofile-context-propagation-api:jar:1.0.1:compile
+- io.quarkus:quarkus-junit5:jar:1.9.2.Final:test
   +- io.quarkus:quarkus-bootstrap-core:jar:1.9.2.Final:test
      +- io.quarkus:quarkus-bootstrap-app-model:jar:1.9.2.Final:test
         +- (org.jboss.logging:jboss-logging:jar:3.4.1.Final:test - version managed from 3.3.2.Final; omitted for duplicate)
         \- (org.jboss.logging:commons-logging-jboss-logging:jar:1.0.0.Final:test - omitted for duplicate)
      +- io.quarkus:quarkus-bootstrap-maven-resolver:jar:1.9.2.Final:test
         +- (io.quarkus:quarkus-bootstrap-app-model:jar:1.9.2.Final:test - omitted for duplicate)
         +- (org.jboss.slf4j:slf4j-jboss-logging:jar:1.2.0.Final:test - omitted for duplicate)
         +- org.apache.maven:maven-embedder:jar:3.6.3:test
            +- org.apache.maven:maven-settings:jar:3.6.3:test
               \- (org.codehaus.plexus:plexus-utils:jar:3.2.1:test - version managed from 3.0.17; omitted for duplicate)
            +- (org.apache.maven:maven-settings-builder:jar:3.6.3:test - omitted for duplicate)
            +- org.apache.maven:maven-core:jar:3.6.3:test
               +- (org.apache.maven:maven-model:jar:3.6.3:test - omitted for duplicate)
               +- (org.apache.maven:maven-settings:jar:3.6.3:test - omitted for duplicate)
               +- (org.apache.maven:maven-settings-builder:jar:3.6.3:test - omitted for duplicate)
               +- (org.apache.maven:maven-builder-support:jar:3.6.3:test - omitted for duplicate)
               +- (org.apache.maven:maven-repository-metadata:jar:3.6.3:test - omitted for duplicate)
               +- org.apache.maven:maven-artifact:jar:3.6.3:test
                  +- (org.codehaus.plexus:plexus-utils:jar:3.2.1:test - omitted for duplicate)
                  \- (org.apache.commons:commons-lang3:jar:3.9:test - version managed from 3.8.1; omitted for duplicate)
               +- (org.apache.maven:maven-plugin-api:jar:3.6.3:test - omitted for duplicate)
               +- (org.apache.maven:maven-model-builder:jar:3.6.3:test - omitted for duplicate)
               +- (org.apache.maven:maven-resolver-provider:jar:3.6.3:test - omitted for duplicate)
               +- (org.apache.maven.resolver:maven-resolver-impl:jar:1.4.1:test - omitted for duplicate)
               +- (org.apache.maven.resolver:maven-resolver-api:jar:1.4.1:test - omitted for duplicate)
               +- (org.apache.maven.resolver:maven-resolver-spi:jar:1.4.1:test - omitted for duplicate)
               +- (org.apache.maven.resolver:maven-resolver-util:jar:1.4.1:test - omitted for duplicate)
               +- (org.apache.maven.shared:maven-shared-utils:jar:3.2.1:test - omitted for duplicate)
               +- (org.eclipse.sisu:org.eclipse.sisu.plexus:jar:0.3.4:test - omitted for duplicate)
               +- (com.google.inject:guice:jar:no_aop:4.2.1:test - omitted for duplicate)
               +- (org.codehaus.plexus:plexus-utils:jar:3.2.1:test - version managed from 3.0.17; omitted for duplicate)
               +- (org.codehaus.plexus:plexus-classworlds:jar:2.5.2:test - version managed from 2.6.0; omitted for duplicate)
               +- org.codehaus.plexus:plexus-component-annotations:jar:2.1.0:test
               \- (org.apache.commons:commons-lang3:jar:3.9:test - version managed from 3.8.1; omitted for duplicate)
            +- org.apache.maven:maven-plugin-api:jar:3.6.3:test
               +- (org.apache.maven:maven-model:jar:3.6.3:test - omitted for duplicate)
               +- (org.apache.maven:maven-artifact:jar:3.6.3:test - omitted for duplicate)
               +- (org.eclipse.sisu:org.eclipse.sisu.plexus:jar:0.3.4:test - omitted for duplicate)
               +- (org.codehaus.plexus:plexus-utils:jar:3.2.1:test - version managed from 3.0.17; omitted for duplicate)
               \- (org.codehaus.plexus:plexus-classworlds:jar:2.5.2:test - version managed from 2.6.0; omitted for duplicate)
            +- org.apache.maven:maven-model:jar:3.6.3:test
               \- (org.codehaus.plexus:plexus-utils:jar:3.2.1:test - version managed from 3.0.17; omitted for duplicate)
            +- org.apache.maven:maven-model-builder:jar:3.6.3:test
               +- (org.codehaus.plexus:plexus-utils:jar:3.2.1:test - version managed from 3.0.17; omitted for duplicate)
               +- (org.codehaus.plexus:plexus-interpolation:jar:1.25:test - omitted for duplicate)
               +- (org.apache.maven:maven-model:jar:3.6.3:test - omitted for duplicate)
               +- (org.apache.maven:maven-artifact:jar:3.6.3:test - omitted for duplicate)
               \- (org.apache.maven:maven-builder-support:jar:3.6.3:test - omitted for duplicate)
            +- org.apache.maven:maven-builder-support:jar:3.6.3:test
            +- org.apache.maven.resolver:maven-resolver-api:jar:1.4.1:test
            +- org.apache.maven.resolver:maven-resolver-util:jar:1.4.1:test
               \- (org.apache.maven.resolver:maven-resolver-api:jar:1.4.1:test - omitted for duplicate)
            +- org.apache.maven.shared:maven-shared-utils:jar:3.2.1:test
               \- commons-io:commons-io:jar:2.8.0:test (version managed from 2.5)
            +- com.google.inject:guice:jar:no_aop:4.2.1:test
               \- com.google.guava:guava:jar:29.0-jre:test (version managed from 25.1-android)
                  +- com.google.guava:failureaccess:jar:1.0.1:test
                  \- com.google.guava:listenablefuture:jar:9999.0-empty-to-avoid-conflict-with-guava:test
            +- org.codehaus.plexus:plexus-utils:jar:3.2.1:test
            +- org.codehaus.plexus:plexus-classworlds:jar:2.5.2:test
            +- (org.eclipse.sisu:org.eclipse.sisu.plexus:jar:0.3.4:test - omitted for duplicate)
            +- commons-cli:commons-cli:jar:1.4:test
            \- (org.apache.commons:commons-lang3:jar:3.9:test - version managed from 3.4; omitted for duplicate)
         +- org.eclipse.sisu:org.eclipse.sisu.plexus:jar:0.3.4:test
         +- org.apache.maven:maven-settings-builder:jar:3.6.3:test
            +- (org.apache.maven:maven-builder-support:jar:3.6.3:test - omitted for duplicate)
            +- org.codehaus.plexus:plexus-interpolation:jar:1.25:test
            +- (org.apache.maven:maven-settings:jar:3.6.3:test - omitted for duplicate)
            \- org.sonatype.plexus:plexus-sec-dispatcher:jar:1.4:test
               \- org.sonatype.plexus:plexus-cipher:jar:1.4:test
         +- org.apache.maven:maven-resolver-provider:jar:3.6.3:test
            +- (org.apache.maven:maven-model:jar:3.6.3:test - omitted for duplicate)
            +- (org.apache.maven:maven-model-builder:jar:3.6.3:test - omitted for duplicate)
            +- org.apache.maven:maven-repository-metadata:jar:3.6.3:test
               \- (org.codehaus.plexus:plexus-utils:jar:3.2.1:test - version managed from 3.0.17; omitted for duplicate)
            +- (org.apache.maven.resolver:maven-resolver-api:jar:1.4.1:test - omitted for duplicate)
            +- org.apache.maven.resolver:maven-resolver-spi:jar:1.4.1:test
               \- (org.apache.maven.resolver:maven-resolver-api:jar:1.4.1:test - omitted for duplicate)
            +- (org.apache.maven.resolver:maven-resolver-util:jar:1.4.1:test - omitted for duplicate)
            +- org.apache.maven.resolver:maven-resolver-impl:jar:1.4.1:test
               +- (org.apache.maven.resolver:maven-resolver-api:jar:1.4.1:test - omitted for duplicate)
               +- (org.apache.maven.resolver:maven-resolver-spi:jar:1.4.1:test - omitted for duplicate)
               \- (org.apache.maven.resolver:maven-resolver-util:jar:1.4.1:test - omitted for duplicate)
            \- (org.codehaus.plexus:plexus-utils:jar:3.2.1:test - version managed from 3.0.17; omitted for duplicate)
         +- org.apache.maven.resolver:maven-resolver-connector-basic:jar:1.4.1:test
            +- (org.apache.maven.resolver:maven-resolver-api:jar:1.4.1:test - omitted for duplicate)
            +- (org.apache.maven.resolver:maven-resolver-spi:jar:1.4.1:test - omitted for duplicate)
            \- (org.apache.maven.resolver:maven-resolver-util:jar:1.4.1:test - omitted for duplicate)
         +- org.apache.maven.resolver:maven-resolver-transport-wagon:jar:1.4.1:test
            +- (org.apache.maven.resolver:maven-resolver-api:jar:1.4.1:test - omitted for duplicate)
            +- (org.apache.maven.resolver:maven-resolver-spi:jar:1.4.1:test - omitted for duplicate)
            +- (org.apache.maven.resolver:maven-resolver-util:jar:1.4.1:test - omitted for duplicate)
            \- (org.slf4j:slf4j-api:jar:1.7.30:test - version managed from 1.7.25; omitted for duplicate)
         +- org.apache.maven.wagon:wagon-http:jar:3.3.4:test
            +- org.apache.maven.wagon:wagon-http-shared:jar:3.3.4:test
               +- org.jsoup:jsoup:jar:1.12.1:test
               +- (org.apache.httpcomponents:httpclient:jar:4.5.13:test - version managed from 4.5.9; omitted for duplicate)
               +- (org.apache.httpcomponents:httpcore:jar:4.4.13:test - version managed from 4.4.11; omitted for duplicate)
               +- (commons-io:commons-io:jar:2.8.0:test - version managed from 2.6; omitted for duplicate)
               +- (org.slf4j:slf4j-api:jar:1.7.30:test - version managed from 1.7.25; omitted for duplicate)
               \- (org.apache.maven.wagon:wagon-provider-api:jar:3.3.4:test - omitted for duplicate)
            +- (org.apache.httpcomponents:httpclient:jar:4.5.13:test - version managed from 4.5.3; omitted for duplicate)
            +- (org.apache.httpcomponents:httpcore:jar:4.4.13:test - version managed from 4.4.11; omitted for duplicate)
            +- (org.codehaus.plexus:plexus-utils:jar:3.2.1:test - version managed from 3.2.0; omitted for duplicate)
            \- org.apache.maven.wagon:wagon-provider-api:jar:3.3.4:test
               \- (org.codehaus.plexus:plexus-utils:jar:3.2.1:test - version managed from 3.2.0; omitted for duplicate)
         \- org.apache.maven.wagon:wagon-file:jar:3.3.4:test
            +- (org.codehaus.plexus:plexus-utils:jar:3.2.1:test - version managed from 3.2.0; omitted for duplicate)
            \- (org.apache.maven.wagon:wagon-provider-api:jar:3.3.4:test - omitted for duplicate)
      +- io.quarkus:quarkus-bootstrap-gradle-resolver:jar:1.9.2.Final:test
         +- (io.quarkus:quarkus-bootstrap-app-model:jar:1.9.2.Final:test - omitted for duplicate)
         \- (org.jboss.slf4j:slf4j-jboss-logging:jar:1.2.0.Final:test - omitted for duplicate)
      \- io.smallrye.common:smallrye-common-io:jar:1.4.0:test
   +- org.eclipse.sisu:org.eclipse.sisu.inject:jar:0.3.4:test
   +- io.quarkus:quarkus-test-common:jar:1.9.2.Final:test
      +- io.quarkus:quarkus-core-deployment:jar:1.9.2.Final:test
         +- (org.wildfly.common:wildfly-common:jar:1.5.4.Final-format-001:test - version managed from 1.5.0.Final; omitted for duplicate)
         +- io.quarkus.gizmo:gizmo:jar:1.0.4.Final:test
            +- (org.ow2.asm:asm:jar:8.0.1:test - omitted for duplicate)
            +- org.ow2.asm:asm-util:jar:8.0.1:test
               +- (org.ow2.asm:asm:jar:8.0.1:test - omitted for duplicate)
               +- org.ow2.asm:asm-tree:jar:8.0.1:test
                  \- (org.ow2.asm:asm:jar:8.0.1:test - omitted for duplicate)
               \- org.ow2.asm:asm-analysis:jar:8.0.1:test
                  \- (org.ow2.asm:asm-tree:jar:8.0.1:test - omitted for duplicate)
            \- (org.jboss:jandex:jar:2.2.1.Final:test - version managed from 2.1.3.Final; omitted for duplicate)
         +- (org.jboss:jandex:jar:2.2.1.Final:test - version managed from 2.1.3.Final; omitted for duplicate)
         +- (org.ow2.asm:asm:jar:8.0.1:test - omitted for duplicate)
         +- (io.quarkus:quarkus-development-mode-spi:jar:1.9.2.Final:test - omitted for duplicate)
         +- (io.quarkus:quarkus-bootstrap-core:jar:1.9.2.Final:test - omitted for duplicate)
         +- io.quarkus:quarkus-devtools-utilities:jar:1.9.2.Final:test
         +- (org.eclipse.sisu:org.eclipse.sisu.inject:jar:0.3.4:test - omitted for duplicate)
         +- (io.quarkus:quarkus-core:jar:1.9.2.Final:test - omitted for duplicate)
         +- io.quarkus:quarkus-builder:jar:1.9.2.Final:test
            +- (org.wildfly.common:wildfly-common:jar:1.5.4.Final-format-001:test - version managed from 1.5.0.Final; omitted for duplicate)
            +- (org.jboss.logging:jboss-logging:jar:3.4.1.Final:test - version managed from 3.3.1.Final; omitted for duplicate)
            \- (org.jboss.threads:jboss-threads:jar:3.1.1.Final:test - omitted for duplicate)
         \- (org.graalvm.sdk:graal-sdk:jar:20.2.0:test - omitted for duplicate)
      +- io.quarkus:quarkus-jsonp-deployment:jar:1.9.2.Final:test
         +- (io.quarkus:quarkus-core-deployment:jar:1.9.2.Final:test - omitted for duplicate)
         \- io.quarkus:quarkus-jsonp:jar:1.9.2.Final:test
            +- (io.quarkus:quarkus-core:jar:1.9.2.Final:test - omitted for duplicate)
            \- org.glassfish:jakarta.json:jar:1.1.6:test
      +- org.jboss:jandex:jar:2.2.1.Final:test
      \- org.jboss.logging:commons-logging-jboss-logging:jar:1.0.0.Final:test
         \- (org.jboss.logging:jboss-logging:jar:3.4.1.Final:test - version managed from 3.3.1.Final; omitted for duplicate)
   +- org.junit.jupiter:junit-jupiter:jar:5.7.0:test
      +- org.junit.jupiter:junit-jupiter-api:jar:5.7.0:test
         +- org.apiguardian:apiguardian-api:jar:1.1.0:test
         +- org.opentest4j:opentest4j:jar:1.2.0:test
         \- org.junit.platform:junit-platform-commons:jar:1.7.0:test
            \- (org.apiguardian:apiguardian-api:jar:1.1.0:test - omitted for duplicate)
      +- org.junit.jupiter:junit-jupiter-params:jar:5.7.0:test
         +- (org.apiguardian:apiguardian-api:jar:1.1.0:test - omitted for duplicate)
         \- (org.junit.jupiter:junit-jupiter-api:jar:5.7.0:test - omitted for duplicate)
      \- org.junit.jupiter:junit-jupiter-engine:jar:5.7.0:test
         +- (org.apiguardian:apiguardian-api:jar:1.1.0:test - omitted for duplicate)
         +- org.junit.platform:junit-platform-engine:jar:1.7.0:test
            +- (org.apiguardian:apiguardian-api:jar:1.1.0:test - omitted for duplicate)
            +- (org.opentest4j:opentest4j:jar:1.2.0:test - omitted for duplicate)
            \- (org.junit.platform:junit-platform-commons:jar:1.7.0:test - omitted for duplicate)
         \- (org.junit.jupiter:junit-jupiter-api:jar:5.7.0:test - omitted for duplicate)
   +- (io.quarkus:quarkus-core:jar:1.9.2.Final:test - omitted for duplicate)
   \- com.thoughtworks.xstream:xstream:jar:1.4.11.1:test (version managed from 1.4.13)
      +- xmlpull:xmlpull:jar:1.1.3.1:test
      \- xpp3:xpp3_min:jar:1.1.4c:test
\- io.rest-assured:rest-assured:jar:4.3.0:test
   +- org.codehaus.groovy:groovy:jar:3.0.5:test (version managed from 3.0.2)
   +- org.codehaus.groovy:groovy-xml:jar:3.0.2:test
      \- (org.codehaus.groovy:groovy:jar:3.0.5:test - version managed from 3.0.2; omitted for duplicate)
   +- org.apache.httpcomponents:httpclient:jar:4.5.13:test
      +- org.apache.httpcomponents:httpcore:jar:4.4.13:test
      +- commons-logging:commons-logging:jar:1.2:test
      \- commons-codec:commons-codec:jar:1.14:test (version managed from 1.11)
   +- org.apache.httpcomponents:httpmime:jar:4.5.13:test (version managed from 4.5.3)
      \- (org.apache.httpcomponents:httpclient:jar:4.5.13:test - version managed from 4.5.3; omitted for duplicate)
   +- org.hamcrest:hamcrest:jar:2.1:test
   +- org.ccil.cowan.tagsoup:tagsoup:jar:1.2.1:test
   +- io.rest-assured:json-path:jar:4.3.0:test
      +- org.codehaus.groovy:groovy-json:jar:3.0.5:test (version managed from 3.0.2)
         \- (org.codehaus.groovy:groovy:jar:3.0.5:test - version managed from 3.0.2; omitted for duplicate)
      +- (org.codehaus.groovy:groovy:jar:3.0.5:test - version managed from 3.0.2; omitted for duplicate)
      \- io.rest-assured:rest-assured-common:jar:4.3.0:test
         +- (org.codehaus.groovy:groovy:jar:3.0.5:test - version managed from 3.0.2; omitted for duplicate)
         \- (org.apache.commons:commons-lang3:jar:3.9:test - version managed from 3.4; omitted for duplicate)
   \- io.rest-assured:xml-path:jar:4.3.0:test
      +- (org.codehaus.groovy:groovy-xml:jar:3.0.2:test - omitted for duplicate)
      +- (org.codehaus.groovy:groovy:jar:3.0.5:test - version managed from 3.0.2; omitted for duplicate)
      +- (io.rest-assured:rest-assured-common:jar:4.3.0:test - omitted for duplicate)
      +- org.apache.commons:commons-lang3:jar:3.9:test
      +- (org.ccil.cowan.tagsoup:tagsoup:jar:1.2.1:test - omitted for duplicate)
      +- jakarta.xml.bind:jakarta.xml.bind-api:jar:2.3.2:test
         \- jakarta.activation:jakarta.activation-api:jar:1.2.1:test
      +- com.sun.xml.bind:jaxb-osgi:jar:2.3.0.1:test
      \- org.apache.sling:org.apache.sling.javax.activation:jar:0.1.0:test
         \- javax.activation:activation:jar:1.1.1:test
arajkumar commented 3 years ago

Status bar & popup no longer displays the dependency count.