search

spring-attic / spring-security-oauth

Support for adding OAuth1(a) and OAuth2 features (consumer and provider) for Spring web applications.
http://github.com/spring-projects/spring-security-oauth
Apache License 2.0
4.69k stars 4.04k forks source link

Could org.springframework.security.oauth:spring-security-oauth:2.5.3.BUILD-SNAPSHOT drop off redundant dependencies? #1964

Closed Celebrate-future closed 2 years ago

Celebrate-future commented 2 years ago

image Hi! I found the pom file of project org.springframework.security.oauth:spring-security-oauth:2.5.3.BUILD-SNAPSHOT introduced 27 dependencies. However, among them, 1 libraries (3%) are not used by your project. I list the redundant dependencies below (labelled as red ones in the figure):

Redundant dependencies

aopalliance:aopalliance:jar:1.0:compile

Removing the redundant dependencies can reduce the size of project and prevent potential dependency conflict issues (i.e., multiple versions of the same library). More importantly, one of the redundant dependencies aopalliance:aopalliance:jar:1.0:compile induced dependency conflict in the dependency graph. As such, I suggest a refactoring operation for org.springframework.security.oauth:spring-security-oauth:2.5.3.BUILD-SNAPSHOT’s pom file.

The attached PR helps resolve the reported problem. It is safe to remove the unused libraries (we considered Java reflection relations when analyzing the dependencies). These changes have passed org.springframework.security.oauth:spring-security-oauth:2.5.3.BUILD-SNAPSHOT’s maven tests.

Best regards

jgrandja commented 2 years ago

@Celebrate-future This project has reached it's end-of-life. Please see latest announcement.