3064                                                       软件学报  2025  年第  36  卷第  7  期


                     challenges. In: Proc. of the 2017 ACM/IEEE Int’l Symp. on Empirical Software Engineering and Measurement (ESEM). Toronto: IEEE,
                     2017. 38–47. [doi: 10.1109/ESEM.2017.11]
                 [13]  Cao YL, Chen L, Ma WWN, Li YH, Zhou YM, Wang LZ. Towards better dependency management: A first look at dependency smells in
                     Python projects. IEEE Trans. on Software Engineering, 2023, 49(4): 1741–1765. [doi: 10.1109/TSE.2022.3191353]
                 [14]  Jafari  AJ,  Costa  DE,  Abdalkareem  R,  Shihab  E,  Tsantalis  N.  Dependency  smells  in  JavaScript  projects.  IEEE  Trans.  on  Software
                     Engineering, 2022, 48(10): 3790–3807. [doi: 10.1109/TSE.2021.3106247]
                 [15]  Welcome to apache Maven. 2024. https://maven.apache.org/
                 [16]  Gradle build tool. 2024. https://gradle.org/
                 [17]  Huang KF, Chen BH, Shi BW, Wang Y, Xu CY, Peng X. Interactive, effort-aware library version harmonization. In: Proc. of the 28th
                     ACM Joint Meeting on European Software Engineering Conf. and Symp. on the Foundations of Software Engineering. ACM, 2020.
                     518–529. [doi: 10.1145/3368089.3409689]
                 [18]  Patra  J,  Dixit  PN,  Pradel  M.  ConflictJS:  Finding  and  understanding  conflicts  between  JavaScript  libraries.  In:  Proc.  of  the  40th
                     IEEE/ACM Int’l Conf. on Software Engineering. Gothenburg: IEEE, 2018. 741–751. [doi: 10.1145/3180155.3180184]
                 [19]  Zhang LY, Liu CW, Xu ZZ, Chen S, Fan LL, Zhao LD, Wu JH, Liu Y. Compatible remediation on vulnerabilities from third-party
                     libraries for Java projects. In: Proc. of the 45th IEEE/ACM Int’l Conf. on Software Engineering. Melbourne: IEEE, 2023. 2540–2552.
                     [doi: 10.1109/ICSE48619.2023.00212]
                 [20]  Zhao LD, Chen S, Xu ZZ, Liu CW, Zhang LY, Wu JH, Sun J, Liu Y. Software composition analysis for vulnerability detection: An
                     empirical study on Java projects. In: Proc. of the 31st ACM Joint European Software Engineering Conf. and Symp. on the Foundations of
                     Software Engineering. San Francisco: ACM, 2023. 960–972. [doi: 10.1145/3611643.3616299]
                 [21]  Vázquez HC, Bergel A, Vidal S, Díaz Pace JA, Marcos C. Slimming JavaScript applications: An approach for removing unused functions
                     from javascript libraries. Information and Software Technology, 2019, 107: 18–29. [doi: 10.1016/j.infsof.2018.10.009]
                 [22]  Soto-Valero  C,  Tiwari  D,  Toady  T,  Baudry  B.  Automatic  specialization  of  third-party  Java  dependencies.  IEEE  Trans.  on  Software
                     Engineering, 2023, 49(11): 5027–5045. [doi: 10.1109/TSE.2023.3324950]
                 [23]  Wang Y, Wen M, Liu YP, Wang YB, Li ZM, Wang C, Yu H, Cheung SC, Xu C, Zhu ZL. Watchman: Monitoring dependency conflicts
                     for  Python  library  ecosystem.  In:  Proc.  of  the  42nd  ACM/IEEE  Int’l  Conf.  on  Software  Engineering.  Seoul:  IEEE,  2020.  125–135.
                     [doi: 10.1145/3377811.3380426]
                 [24]  Qian CX, Koo H, Oh CS, Kim T, Lee W. Slimium: Debloating the chromium browser with feature subsetting. In: Proc. of the 2020 ACM
                     SIGSAC Conf. on Computer and Communications Security. ACM, 2020. 461–476. [doi: 10.1145/3372297.3417866]
                 [25]  Wang HY, Liu SG, Zhang LY, Xu C. Automatically resolving dependency-conflict building failures via behavior-consistent loosening of
                     library version constraints. In: Proc. of the 31st ACM Joint European Software Engineering Conf. and Symp. on the Foundations of
                     Software Engineering. San Francisco: ACM, 2023. 198–210. [doi: 10.1145/3611643.3616264]
                 [26]  Konat G, Erdweg S, Visser E. Scalable incremental building with dynamic task dependencies. In: Proc. of the 33rd IEEE/ACM Int’l
                     Conf. on Automated Software Engineering. Montpellier: IEEE, 2018. 76–86. [doi: 10.1145/3238147.3238196]
                 [27]  Mitchell N, Sevitsky G. The causes of bloat, the limits of health. In: Proc. of the 22nd Annual ACM SIGPLAN Conf. on Object-oriented
                     Programming Systems, Languages and Applications. Montreal: ACM, 2007. 245–260. [doi: 10.1145/1297027.1297046]
                 [28]  Vassallo C, Proksch S, Jancso A, Gall HC, Di Penta M. Configuration smells in continuous delivery pipelines: A linter and a six-month
                     study on GitLab. In: Proc. of the 28th ACM Joint Meeting on European Software Engineering Conf. and Symp. on the Foundations of
                     Software Engineering. ACM, 2020. 327–337. [doi: 10.1145/3368089.3409709]
                 [29]  Zhang  C,  Chen  BH,  Hu  JH,  Peng  X,  Zhao  WY.  BuildSonic:  Detecting  and  repairing  performance-related  configuration  smells  for
                     continuous integration builds. In: Proc. of the 37th IEEE/ACM Int’l Conf. on Automated Software Engineering. Rochester: ACM, 2022.
                     18. [doi: 10.1145/3551349.3556923]
                 [30]  GitHub. 2023. https://github.com/
                 [31]  Creswell JW. Qualitative Inquiry and Research Design: Choosing Among Five Approaches. 3rd ed., SAGE Publications Inc., 2012.
                 [32]  Cavisson  NS-ND  integration  performance  publisher  bundles  Jenkins  test  harness,  leading  to  java.lang.NoClassDefFoundError  and
                     memory leaks. JENKINS-66060, 2024. https://issues.jenkins.io/browse/JENKINS-66060
                 [33]  The dropwizard-dependencies bom has declared some dependencies with scope. #3769, 2024. https://github.com/dropwizard/dropwizard/
                     issues/3769
                 [34]  Maven Core bug regarding resolution scopes for Mojos. MNG-8041, 2024. https://issues.apache.org/jira/browse/MNG-8041