Remove `com.vaadin.flow.server.frontend.scanner` from `flow-server`

[AB-xdev]

Description of the bug

It looks like all code inside com.vaadin.flow.server.frontend.scanner is only used by:

1. The dev server
2. The plugins

The classes inside com.vaadin.flow.server.frontend.scanner also depend on asm and are therefore the only reason why asm is used as a compile dependency.

Expected behavior

The code + asm is not used at all in production and should therefore not be shipped.
It unnecessarily increases the attack surface and bloats the built artifact.
Consider moving it into a separate maven module and only use this module where required.

The final dependency graph could look like this:

graph TD;
  flow-server --> flow-frontend-scanner
  asm --> flow-frontend-scanner
  flow-frontend-scanner --> vaadin-dev-server
  flow-frontend-scanner --> vaadin-plugins
  flow-server --> actual-vaadin-project

Loading

instead of this (currently)

graph TD;
  asm --> flow-server-with-frontend-scanner
  flow-server-with-frontend-scanner --> vaadin-dev-server
  flow-server-with-frontend-scanner --> vaadin-plugins
  flow-server-with-frontend-scanner --> actual-vaadin-project

Loading

Minimal reproducible example

https://github.com/vaadin/flow/tree/main/flow-server/src/main/java/com/vaadin/flow/server/frontend/scanner

Versions

• Vaadin / Flow version: 24.7.8

[mstahv]

This would also be needed to get rid of commons-io (vai commons-compress).

[knoobie]

I'm wondering if that's something for @Artur- little colleague 😅

[Artur-]

Slow colleague... took some time. But now there is #23161