[MPLUGIN-386] Exclude maven-archiver and maven-jxr from warning

[cstamas]

Those are not Maven Core components, they are merely in
wrong groupId. Extended ITs to use maven-jxr as well.

[rmannibucau]

Can we really do it outside maven plugin api subgraph? Dont think so today :(

[michael-o]

Can we really do it outside maven plugin api subgraph? Dont think so today :(

WDYM?

[rmannibucau]

@michael-o except maven-plugin-api which is intentionally exposed rest of maven sub-artifacts are random and either internals or public API so none can be assumed being provided so this sounds like a lot of false positive to me. What about not warning for all but the plugin api and maybe maven-core?

[kwin]

@rmannibucau Which other false positives do you foresee? I am actually thankful for the warnings for "maven-artifact" and "maven-model" (those are API IMHO since forever)

[rmannibucau]

Maven comes OOTB with:

apache-maven-3.8.4\lib\maven-artifact-3.8.4.jar
apache-maven-3.8.4\lib\maven-builder-support-3.8.4.jar
apache-maven-3.8.4\lib\maven-compat-3.8.4.jar
apache-maven-3.8.4\lib\maven-core-3.8.4.jar
apache-maven-3.8.4\lib\maven-embedder-3.8.4.jar
apache-maven-3.8.4\lib\maven-model-3.8.4.jar
apache-maven-3.8.4\lib\maven-model-builder-3.8.4.jar
apache-maven-3.8.4\lib\maven-plugin-api-3.8.4.jar
apache-maven-3.8.4\lib\maven-repository-metadata-3.8.4.jar
apache-maven-3.8.4\lib\maven-resolver-api-1.6.3.jar
apache-maven-3.8.4\lib\maven-resolver-connector-basic-1.6.3.jar
apache-maven-3.8.4\lib\maven-resolver-impl-1.6.3.jar
apache-maven-3.8.4\lib\maven-resolver-provider-3.8.4.jar
apache-maven-3.8.4\lib\maven-resolver-spi-1.6.3.jar
apache-maven-3.8.4\lib\maven-resolver-transport-wagon-1.6.3.jar
apache-maven-3.8.4\lib\maven-resolver-util-1.6.3.jar
apache-maven-3.8.4\lib\maven-settings-3.8.4.jar
apache-maven-3.8.4\lib\maven-settings-builder-3.8.4.jar
apache-maven-3.8.4\lib\maven-shared-utils-3.3.4.jar
apache-maven-3.8.4\lib\maven-slf4j-provider-3.8.4.jar

From there, maven-plugin-api and maven-model are public, part (part is important there) of maven-core is too and rest is fully undefined or private as of today - not 100% sure for artifact since it changed a bit but agree it used to leak so I assume it is okish to include it. This is only for built-in maven artifacts and not maven ecosystem so guess we can only whitelist the 2-3 dependencies and not include all and exclude a few in terms of impl.