jitsi / ice4j

A Java implementation of the ICE protocol
Apache License 2.0
437 stars 232 forks source link

Could org.jitsi:ice4j:3.0-SNAPSHOT drop off redundant dependencies? #256

Closed Celebrate-future closed 2 years ago

Celebrate-future commented 2 years ago

Hi! I found the pom file of project org.jitsi:ice4j:3.0-SNAPSHOT introduced 68 dependencies. However, among them, 10 libraries (14%) are not used by your project. I list the redundant dependencies below (labelled as red ones in the figure):

Redundant dependencies

com.google.guava:listenablefuture:jar:9999.0-empty-to-avoid-conflict-with-guava:compile com.google.j2objc:j2objc-annotations:jar:1.3:compile io.mockk:mockk-dsl:jar:1.10.0:test net.java.dev.jna:jna:jar:5.9.0:compile com.google.errorprone:error_prone_annotations:jar:2.7.1:compile com.google.code.findbugs:jsr305:jar:3.0.2:compile org.apiguardian:apiguardian-api:jar:1.1.2:test org.junit.platform:junit-platform-suite-api:jar:1.6.2:test org.jetbrains.kotlin:kotlin-stdlib-common:jar:1.5.31:compile io.mockk:mockk-common:jar:1.10.0:test


Removing the redundant dependencies can reduce the size of project and prevent potential dependency conflict issues (i.e., multiple versions of the same library). More importantly, one of the redundant dependencies org.junit.platform:junit-platform-suite-api:jar:1.6.2:test incorporates an incompatible license ECLIPSE PUBLIC LICENSE V2.0 (ECLIPSE PUBLIC LICENSE V2.0 cannot be used by the project with license Apache-2.0). 2 of the redundant dependencies io.mockk:mockk-dsl:jar:1.10.0:test, org.apiguardian:apiguardian-api:jar:1.1.2:test induced dependency conflict in the dependency graph. As such, I suggest a refactoring operation for org.jitsi:ice4j:3.0-SNAPSHOT’s pom file.

The attached PR helps resolve the reported problem. It is safe to remove the unused libraries (we considered Java reflection relations when analyzing the dependencies). These changes have passed org.jitsi:ice4j:3.0-SNAPSHOT’s maven tests.

Best regards

jitsi-jenkins commented 2 years ago

Hi, thanks for your contribution! If you haven't already done so, could you please make sure you sign our CLA (https://jitsi.org/icla for individuals and https://jitsi.org/ccla for corporations)? We would unfortunately be unable to merge your patch unless we have that piece :(.

Celebrate-future commented 2 years ago

Hi, thanks for your contribution! If you haven't already done so, could you please make sure you sign our CLA (https://jitsi.org/icla for individuals and https://jitsi.org/ccla for corporations)? We would unfortunately be unable to merge your patch unless we have that piece :(.

I have already finished it, thanks.