aggregate-add-third-party: Many warnings about unused dependencies

[digulla]

I have a multi-module project. One module depends on org.apache.httpcomponents:httpclient:4.1.2 which uses the generic string "Apache License" in the POM (it's APLv2).

In order to get the correct version of the license in our legal reports, I added an override URL to the plugin configuration.

I'm now getting a dozen repetitions of this:

[WARNING] dependency [org.apache.httpcomponents--httpmime--4.1.2] does not exist in project.
[WARNING] dependency [org.apache.httpcomponents--httpcore--4.1.2] does not exist in project.
[WARNING] dependency [org.apache.httpcomponents--httpclient-cache--4.1.2] does not exist in project.
[WARNING] dependency [org.apache.httpcomponents--httpclient--4.1.2] does not exist in project.

I don't think this warning makes sense for the goal aggregate-add-third-party.

When using overrideUrl with a classpath resource, I might not make sense for other reports as well. Scenario: There is a company-wide file with overrides that have been cleared with the legal department. Almost no company project will use all dependencies in their projects.

I think it's being printed by DefaultThirdPartyTool.overrideLicenses() and maybe in DefaultThirdPartyTool.loadUnsafeMapping().

Not sure how to fix; it could be suppressed when an aggregated report is being run or with a config flag.

[ppalaga]

Could you please look whether this one is not a duplicate of #201 and eventually close the current issue?

[ppalaga]

BTW there is a PR for #201 with unresolved review requests #300 You may want to check whether the fix works for you and eventually add the missing parts so that it can be merged.

[digulla]

Duplicate of #201
Note: #201 talks about another but related error message logged by DefaultThirdPartyTool.loadUnsafeMapping()