Thanks for reporting this, I’ve noticed in my own work that some of the AMPS banned dependencies have been agressive for things the products do not provide over OSGi. I’m raising this internally.
Please if you notice more things, that are too optimistically banned, say them here!
I checked Bamboo and it is exposing org.json:json it’s just the module usage report wiki is wrong. Please set this dependency as provided scope. If you have any problems, please mention here