JUnit and Jetbrains annotations leaked as transitive dependencies

jorabin / KeePassJava2

Java API for KeePass Password Databases - Read/Write 2.x (File versions 3 and 4), Read 1.x

Apache License 2.0

250 stars 71 forks source link

JUnit and Jetbrains annotations leaked as transitive dependencies #71

Closed Avalancs closed 6 minutes ago

Avalancs commented 1 week ago

I have a project of mine where I use KeePassJava2 and was trying to slim down the number of jars that I need to include in my deployment when I noticed that using any KeePassJava2 dependency from version 2.2.2 will include junit:junit:4.13.2 and org.jetbrains:annotations:24.1.0.

Neither of them are libraries which are supposed to be included in the released pom.xml. If I exclude them in my project using Gradle the application runs fine, so they are not needed as transitive compile/runtime dependencies.

This will require some maven restructuring in the project as far as I see.

jorabin commented 1 week ago

Thank you for this. I'll have a look and see why it is happening.

jorabin commented 6 days ago

Two reasons for it happening: the first is that the Maven Run Listener is not in src/test and the other is that the tests defined in the test module are not either. I have always avoided using test-jar but that's probably the way to go here so they can be used by the modules that need to use them as tests, and make it clear that the test module is not needed at runtime at all.

The annotations are a compile dependency. I had not considered using scope provided as the jar is not needed at runtime, as you point out.

jorabin commented 5 days ago

Further thoughts on this: thanks for your pull request.

Changing MavenRunListener to a test class makes it invisible to compilation of other modules. Anyway, I have done a bit of a major hack around, which I think addresses the main points of what you are after, namely not having a run-time dependency on junit or annotations.

Additionally, I've made the changes to the test module, to make it a test-jar which means that test files are no longer part of the run-time either, which they would have been before.

A bit more to do to address #70 as well, then I will make this 2.2.3.

Avalancs commented 3 days ago

Changing MavenRunListener to a test class makes it invisible to compilation of other modules.

Aww :( I'm more familiar with Gradle than maven, seen the test-jar recommended many times but couldn't quite figure it out. Thank you for taking the time to fix this :)

jorabin commented 4 hours ago

The way it ended up is that MavenRunListener is in a new module called util which is not needed at run time and that as mentioned the tests ended up in test-jar.

Avalancs commented 6 minutes ago

Sounds good to me, thank you! 😃