Say you depend on the foo jar and would like to exclude the servlet-api. For example:
Later the foo jar switches to using the geronimo version of the servlet spec. You upgrade to using the new foo jar and your exclusion of the javax.servlet:servlet-api is no longer valid. It would be nice if the dependency:analyze* goals could list all the exclusions that are not valid.
This type of thing happens for various reasons like:
- dependency switched to the "same" dependency but with a different groupId - technically these are different deps according to maven
- dependency changed minimum java language version where some apis are now included in the java runtime
- dependency switched to a new implementation of the same library
- dependency no longer uses a dependency
Without this kind of reporting it is very easy for an unwanted dependency slip in unnoticed.