keturn
commented
3 years ago reflections-0.9.10.jar + reflections-0.9.12-MB.jar - I think the second one might be built via our fork?
Correct. And this is the one that worries me. On the one hand, if by some chance we have some dependency with a transitive dependency on the upstream reflections-0.9.10, it might be a little bloat but I don't know if it's risky beyond that.
But the Reflections class is a part of the public interface of gestalt-module. So if we somehow end up with multiple different implementations of Reflections that we're trying to pass around among engine, gestalt-module, and nui.reflect or whatever else, that sounds like it might make for some very hard-to-debug situations.
I guess the thing to do is look at the dependency graph in a build scan and see what is depending on each of them.
On semi-randomly poking around I noticed by change that our game zip ships with a few dependencies that look to be duplicated with different versions. This could have snuck in and not matter, could be transitive dependencies etc, but it seemed worth mentioning since it includes big scary ole Reflections.
Suspicious sets:
annotations-13.0.jar+annotations-2.0.1.jarDiscordIPC-0.4.jar+DiscordRPC.jar(in the Discord subsystem, I only see the IPC - I guess the other could just be transitive)google-http-client-1.20.0.jar+google-http-client-jackson2-1.20.0.jar- I suspect this might be coming in indirectly via the CrashReporter - but do we need both? I also seehttpclient-4.5.2.jarreflections-0.9.10.jar+reflections-0.9.12-MB.jar- I think the second one might be built via our fork?TeraMath-1.5.0.jar- not a dupe, but what's that still doing in here 🤔Can probably be investigated pretty quick with some Gradle dependency graph trawling but I've got enough tangents open right now as-is :-)