search

fuzhengwei / itstack-demo-design

:art: 《重学Java设计模式》是一本互联网真实案例实践书籍。以落地解决方案为核心,从实际业务中抽离出,交易、营销、秒杀、中间件、源码等22个真实场景,来学习设计模式的运用。欢迎关注小傅哥,微信(fustack),公众号:bugstack虫洞栈,博客:https://bugstack.cn
https://bugstack.cn
Apache License 2.0
6.42k stars 1.91k forks source link

Could org.itstack:itstack-demo-design:1.0-SNAPSHOT drop off redundant dependencies? #57

Open Celebrate-future opened 2 years ago

Celebrate-future commented 2 years ago

image This figure presents the dependency tree between multiple modules in itstack-demo-design. As shown in this figure, Library

ch.qos.logback:logback-core:jar:1.0.9:compile org.slf4j:jcl-over-slf4j:jar:1.7.5:compile ch.qos.logback:logback-classic:jar:1.0.9:compile

in **_itstack-demo-design-1-01

itstack-demo-design-1-00 
    <module>itstack-demo-design-1-02</module>
    <module>itstack-demo-design-2-00</module>
    <module>itstack-demo-design-2-01</module>
    <module>itstack-demo-design-2-02</module>
    <module>itstack-demo-design-3-00</module>
    <module>itstack-demo-design-3-01</module>
    <module>itstack-demo-design-3-02</module>
    <module>itstack-demo-design-4-00</module>
    <module>itstack-demo-design-4-01</module>
    <module>itstack-demo-design-4-02</module>
    <module>itstack-demo-design-5-00</module>
    <module>itstack-demo-design-6-00</module>
    <module>itstack-demo-design-6-01</module>
    <module>itstack-demo-design-6-02</module>
    <module>itstack-demo-design-7-01</module>
    <module>itstack-demo-design-7-02</module>
    <module>itstack-demo-design-8-01</module>
    <module>itstack-demo-design-8-02</module>
    <module>itstack-demo-design-9-00</module>
    <module>itstack-demo-design-9-01</module>
    <module>itstack-demo-design-9-02</module>
    <module>itstack-demo-design-10-00</module>
    <module>itstack-demo-design-10-01</module>
    <module>itstack-demo-design-10-02</module>
    <module>itstack-demo-design-11-02</module>
    <module>itstack-demo-design-11-01</module>
    <module>itstack-demo-design-12-00</module>
    <module>itstack-demo-design-13-00</module>
    <module>itstack-demo-design-13-01</module>
    <module>itstack-demo-design-13-02</module>
    <module>itstack-demo-design-14-00</module>
    <module>itstack-demo-design-14-01</module>
    <module>itstack-demo-design-14-02</module>
    <module>itstack-demo-design-15-00</module>
    <module>itstack-demo-design-16-01</module>
    <module>itstack-demo-design-16-02</module>
    <module>itstack-demo-design-17-00</module>
    <module>itstack-demo-design-18-00</module>
    <module>itstack-demo-design-18-01</module>
    <module>itstack-demo-design-18-02</module>
    <module>itstack-demo-design-19-00</module>
    <module>itstack-demo-design-19-01</module>
    <module>itstack-demo-design-19-02</module>
    <module>itstack-demo-design-20-01</module>
    <module>itstack-demo-design-20-02</module>
    <module>itstack-demo-design-21-00</module>
    <module>itstack-demo-design-22-00</module>_**

is inherited from their parent module. However, it is not used by itstack-demo-design-18-00, itstack-demo-design-20-01, itstack-demo-design-3-00, itstack-demo-design-4-00, itstack-demo-design-9-00. We can perform refactoring operations in the pom, by removing such redundant dependencies in itstack-demo-design-18-00, itstack-demo-design-20-01, itstack-demo-design-3-00, itstack-demo-design-4-00, itstack-demo-design-9-00.

Specifically, the scope of org.slf4j:jcl-over-slf4j, ch.qos.logback:logback-classic in itstack-demo-design-18-00, itstack-demo-design-20-01, itstack-demo-design-3-00, itstack-demo-design-4-00, itstack-demo-design-9-00 can be changed from compile to provided. The revisions in the pom are described as follows: image

Removing the redundant dependencies can reduce the size of project and prevent potential dependency conflict issues (i.e., multiple versions of the same library). More importantly, one of the redundant dependencies ch.qos.logback:logback-core:jar:1.0.9:compile incorporates a medium-level vulnerability SNYK-JAVA-CHQOSLOGBACK-1726923.