There are several problems with the dependencies of some ModeShape artifacts (which don't prevent the build/code from running, but should be fixed nonetheless).
- CassandraBinaryStore imports org.apache.commons.compress.utils.IOUtils without really needing it or listing commons-compress as a dependency.
- modeshape-jcr has tika-parsers as a compile dependency, although all it really needs is tika-core
- most of the ModeShape modules don't explicitly define all the dependencies (compile) they use. Rather, they just list 1 or 2 artifacts relying on those to bring in transitive dependencies.
We can prevent these cases by updating the build system to use the maven-enforcer-plugin with a de.is24.maven.enforcer.rules.IllegalTransitiveDependencyCheck, similar to the way the integration-plaform-bom is doing.
There may be some modules (for example the WF subsystem) where the complexity of the transitive graph is so large, that it doesn't make sense/it's not practical to list all direct dependencies there. In such case we should selectively disable the plugin from running.