Could cn.hippo4j:hippo4j-config-spring-boot-starter:1.5.0-SNAPSHOT drop off redundant dependencies?

[slimming-fat]

Hi, I found that cn.hippo4j:hippo4j-config-spring-boot-starter:1.5.0-SNAPSHOT’s pom file introduced 182 dependencies. However, among them, 12 libraries (7% have not been used by your project), the redundant dependencies are listed below.

More seriously, 4 redundant libraries have not been maintained by developers for more than 3 years (outdated dependencies).

1 redundant library has introduced an open source license conflict jakarta.annotation:jakarta.annotation-api:1.3.5. The dependent open source license is EPL 2.0(EPL 2.0 cannot be used by the project with license The Apache Software License, Version 2.0).

Reduce these unused dependencies can help prevent introducing bugs/vulnerabilities from dependencies with outdated and open source license conflict. Meanwhile, it can minimize the project size. To safely remove redundant dependencies, I constructed a complete call graph (resolved most of Java reflection and dynamic binding), and validated that they have not been used by the client code.

This PR cn.hippo4j:hippo4j-config-spring-boot-starter:1.5.0-SNAPSHOT for removing the redundant dependencies have passed the tests.

Best regards

Redundant dependencies

Redundant direct dependencies:

    org.springframework.boot:spring-boot-configuration-processor:2.3.2.RELEASE:compile [113 KB]

Redundant indirect dependencies:

    io.prometheus:simpleclient_common:0.11.0:compile [7 KB]
    com.tencent.polaris:polaris-circuitbreaker-api:1.7.2:compile [2 KB]
    org.apache.yetus:audience-annotations:0.5.0:compile [19 KB]
    org.springframework.security:spring-security-crypto:5.3.3.RELEASE:compile [78 KB]
    com.tencent.polaris:circuitbreaker-common:1.7.2:compile [32 KB]
    jakarta.annotation:jakarta.annotation-api:1.3.5:compile [24 KB]
    org.bouncycastle:bcpkix-jdk15on:1.64:compile [857 KB]
    org.springframework.security:spring-security-rsa:1.0.9.RELEASE:compile [19 KB]
    io.prometheus:simpleclient_httpserver:0.11.0:compile [10 KB]
    com.google.errorprone:error_prone_annotations:2.4.0:compile [13 KB]
    org.checkerframework:checker-qual:3.4.1:compile [207 KB]

Outdated dependencies

org.bouncycastle:bcpkix-jdk15on:1.64 (1278 days without maintenance)
org.apache.yetus:audience-annotations:0.5.0 (2099 days without maintenance)
jakarta.annotation:jakarta.annotation-api:1.3.5 (1349 days without maintenance)
org.springframework.security:spring-security-rsa:1.0.9.RELEASE (1220 days without maintenance)

Open source license conflict dependencies

jakarta.annotation:jakarta.annotation-api:1.3.5

[codecov]

Codecov Report

Patch and project coverage have no change.

Comparison is base (f54d915) 27.99% compared to head (356a568) 27.99%.
Report is 145 commits behind head on develop.

❗ Current head 356a568 differs from pull request most recent head 7f23dfe. Consider uploading reports for the commit 7f23dfe to get more accurate results

Additional details and impacted files

@@            Coverage Diff             @@
##             develop    #1155   +/-   ##
==========================================
  Coverage      27.99%   27.99%           
  Complexity       721      721           
==========================================
  Files            260      260           
  Lines           5894     5894           
  Branches         539      539           
==========================================
  Hits            1650     1650           
  Misses          4089     4089           
  Partials         155      155           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[weihubeats]

Please resolve conflicts

[slimming-fat]

Please resolve conflicts

Removing bloated dependencies will resolve the conflict