Closed pmonks closed 5 years ago
Aha, well that's odd. I can see aether
in that stack trace, so maybe it's a conflicting version there, yeah. Definitely not from a change on depot's side, it's been pretty stable and hasn't changed much at all recently. Try clj -Stree
and have a look through there for things that don't seem to match up I guess?
I've never really had to resolve these sorts of conflicts in the past I'm afraid.
Here's the output from clj -Stree
:
$ clj -Stree
org.clojure/clojure 1.10.0
org.clojure/core.specs.alpha 0.2.44
org.clojure/spec.alpha 0.2.176
org.clojure/data.zip 0.1.3
aysylu/loom 1.0.2
tailrecursion/cljs-priority-map 1.2.1
org.clojure/clojurescript 1.7.170
org.clojure/data.json 0.2.6
org.clojure/google-closure-library 0.0-20151016-61277aea
org.clojure/google-closure-library-third-party 0.0-20151016-61277aea
org.mozilla/rhino 1.7R5
com.google.javascript/closure-compiler v20151015
org.clojure/tools.reader 0.10.0-alpha3
org.clojure/data.priority-map 0.0.5
org.owasp/dependency-check-maven 4.0.2
org.apache.maven.reporting/maven-reporting-api 3.0
org.apache.maven.doxia/doxia-sink-api 1.0
org.apache.maven.shared/maven-dependency-tree 3.0.1
org.eclipse.aether/aether-util 0.9.0.M2
org.apache.maven.shared/file-management 3.0.0
org.apache.maven.shared/maven-shared-io 3.0.0
org.apache.maven.wagon/wagon-provider-api 2.10
org.apache.maven/maven-compat 3.0
org.apache.maven/maven-plugin-api 3.0
org.sonatype.sisu/sisu-inject-plexus 1.4.2
org.sonatype.sisu/sisu-inject-bean 1.4.2
org.sonatype.sisu/sisu-guice$noaop 2.1.7
org.apache.maven/maven-model 3.0
org.owasp/dependency-check-core 4.0.2
joda-time/joda-time 1.6
org.apache.commons/commons-compress 1.18
com.h3xstream.retirejs/retirejs-core 3.0.1
com.esotericsoftware/minlog 1.3
com.github.spullara.mustache.java/compiler 0.8.17
org.json/json 20140107
org.apache.lucene/lucene-analyzers-common 7.6.0
com.h2database/h2 1.4.196
commons-io/commons-io 2.6
commons-collections/commons-collections 3.2.2
org.apache.lucene/lucene-core 7.6.0
org.apache.lucene/lucene-queryparser 7.6.0
org.apache.lucene/lucene-queries 7.6.0
org.apache.lucene/lucene-sandbox 7.6.0
org.apache.commons/commons-text 1.3
org.apache.commons/commons-lang3 3.7
com.google.guava/guava 27.0.1-jre
com.google.errorprone/error_prone_annotations 2.2.0
org.codehaus.mojo/animal-sniffer-annotations 1.17
com.google.guava/listenablefuture 9999.0-empty-to-avoid-conflict-with-guava
com.google.guava/failureaccess 1.0.1
com.google.j2objc/j2objc-annotations 1.1
org.checkerframework/checker-qual 2.5.2
com.google.code.findbugs/jsr305 3.0.2
org.apache.velocity/velocity 1.7
commons-lang/commons-lang 2.4
com.sun.mail/mailapi 1.6.3
com.vdurmont/semver4j 2.2.0
org.jsoup/jsoup 1.11.3
org.slf4j/slf4j-api 1.7.25
org.glassfish/javax.json 1.0.4
com.google.code.gson/gson 2.8.5
org.owasp/dependency-check-utils 4.0.2
org.apache.maven.shared/maven-artifact-transfer 0.10.1
commons-codec/commons-codec 1.11
org.codehaus.plexus/plexus-component-annotations 1.7.1
org.codehaus.plexus/plexus-utils 3.1.0
org.apache.maven/maven-core 3.0
org.sonatype.aether/aether-util 1.7
org.apache.maven/maven-model-builder 3.0
org.apache.maven/maven-settings-builder 3.0
org.apache.maven/maven-settings 3.0
org.apache.maven/maven-aether-provider 3.0
org.sonatype.aether/aether-impl 1.7
org.sonatype.aether/aether-spi 1.7
org.codehaus.plexus/plexus-classworlds 2.2.3
org.codehaus.plexus/plexus-interpolation 1.14
org.sonatype.aether/aether-api 1.7
org.apache.maven/maven-repository-metadata 3.0
org.apache.maven.shared/maven-common-artifact-filters 3.0.1
org.apache.maven.shared/maven-shared-utils 3.1.0
org.apache.maven/maven-artifact 3.0
org.sonatype.plexus/plexus-sec-dispatcher 1.4
org.sonatype.plexus/plexus-cipher 1.4
version-clj/version-clj 0.1.2
I see a few different aether
artifacts in there, but no obvious conflicts based solely on GAVs (though it's entirely possible that different JARs contain the same class, which would be unfortunate...).
So this wouldn't happen to be fixed in 1.8.4
would it?
I’m not in a position to check until late July, but if you’d like to try yourself the project where this is occurring is here.
Please update again this was due to a bad deploy and has since been fixed. Sorry about that!
On Wed, 3 Jul 2019, 04:18 Peter Monks, notifications@github.com wrote:
I’m not in a position to check until late July, but if you’d like to try yourself the project is here https://github.com/pmonks/clojars-dependencies.
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/Olical/depot/issues/23?email_source=notifications&email_token=AACM6XJJ7SIOAOYNJEBJO2LP5QLAHA5CNFSM4HSVBGNKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODZDEJHA#issuecomment-507921564, or mute the thread https://github.com/notifications/unsubscribe-auth/AACM6XPQBXURPPAVDGFU55LP5QLAHANCNFSM4HSVBGNA .
I actually thought this was a new issue and replied by email :man_facepalming: my bad! I realised my prompt to update looked pretty weird and pushy after that. I thought it was someone having an issue with the previous version which was a broken deploy. Take your time! :smile:
No worries - I appreciated the update, tbh! 😃
I’m traveling without a laptop right now, but once I get home I’ll give the new version a shot.
Thanks!
Ok finally had a chance to upgrade and try it again, but I'm still getting an error with v1.8.4:
$ clj -A:ancient
Execution error (NoSuchMethodError) at org.eclipse.aether.internal.impl.PrioritizedComponents/add (PrioritizedComponents.java:66).
org.eclipse.aether.util.ConfigUtils.getFloat(Ljava/util/Map;F[Ljava/lang/String;)F
Full report at:
/var/folders/x4/jg66qz6n3dqd4fwxgfsp3j2h0000gn/T/clojure-2910453177622845879.edn
Contents of /var/folders/x4/jg66qz6n3dqd4fwxgfsp3j2h0000gn/T/clojure-2910453177622845879.edn
:
{:clojure.main/message
"Execution error (NoSuchMethodError) at org.eclipse.aether.internal.impl.PrioritizedComponents/add (PrioritizedComponents.java:66).\norg.eclipse.aether.util.ConfigUtils.getFloat(Ljava/util/Map;F[Ljava/lang/String;)F\n",
:clojure.main/triage
{:clojure.error/class java.lang.NoSuchMethodError,
:clojure.error/line 66,
:clojure.error/cause
"org.eclipse.aether.util.ConfigUtils.getFloat(Ljava/util/Map;F[Ljava/lang/String;)F",
:clojure.error/symbol
org.eclipse.aether.internal.impl.PrioritizedComponents/add,
:clojure.error/source "PrioritizedComponents.java",
:clojure.error/phase :execution},
:clojure.main/trace
{:via
[{:type java.util.concurrent.ExecutionException,
:message
"java.lang.NoSuchMethodError: org.eclipse.aether.util.ConfigUtils.getFloat(Ljava/util/Map;F[Ljava/lang/String;)F",
:at [java.util.concurrent.FutureTask report "FutureTask.java" 122]}
{:type java.lang.NoSuchMethodError,
:message
"org.eclipse.aether.util.ConfigUtils.getFloat(Ljava/util/Map;F[Ljava/lang/String;)F",
:at
[org.eclipse.aether.internal.impl.PrioritizedComponents
add
"PrioritizedComponents.java"
66]}],
:trace
[[org.eclipse.aether.internal.impl.PrioritizedComponents
add
"PrioritizedComponents.java"
66]
[org.eclipse.aether.internal.impl.DefaultLocalRepositoryProvider
newLocalRepositoryManager
"DefaultLocalRepositoryProvider.java"
104]
[org.eclipse.aether.internal.impl.DefaultRepositorySystem
newLocalRepositoryManager
"DefaultRepositorySystem.java"
392]
[depot.outdated$make_session invokeStatic "outdated.clj" 28]
[depot.outdated$make_session invoke "outdated.clj" 25]
[depot.outdated$coord__GT_version_status
invokeStatic
"outdated.clj"
36]
[depot.outdated$coord__GT_version_status invoke "outdated.clj" 32]
[depot.outdated$eval1375$fn__1377 invoke "outdated.clj" 63]
[clojure.lang.MultiFn invoke "MultiFn.java" 239]
[depot.outdated$current_latest_map invokeStatic "outdated.clj" 102]
[depot.outdated$current_latest_map invoke "outdated.clj" 98]
[depot.outdated$gather_outdated$fn__1401 invoke "outdated.clj" 112]
[clojure.core$pmap$fn__8462$fn__8463 invoke "core.clj" 7022]
[clojure.core$binding_conveyor_fn$fn__5754 invoke "core.clj" 2030]
[clojure.lang.AFn call "AFn.java" 18]
[java.util.concurrent.FutureTask run "FutureTask.java" 264]
[java.util.concurrent.ThreadPoolExecutor
runWorker
"ThreadPoolExecutor.java"
1128]
[java.util.concurrent.ThreadPoolExecutor$Worker
run
"ThreadPoolExecutor.java"
628]
[java.lang.Thread run "Thread.java" 834]],
:cause
"org.eclipse.aether.util.ConfigUtils.getFloat(Ljava/util/Map;F[Ljava/lang/String;)F"}}
:thinking: not sure if anyone else is having this issue so I'm still wondering if it's to do with your other dependencies in your project. Like one of them is shifting some transitive dependency version slightly. Haven't had time to take a proper look at a bug, if I do it won't be for a little while yet :disappointed:
If I could reproduce it maybe I could work out some sort of workaround, just not sure how right now.
The project where this is happening is open source, so you should be able to clone that repo and reproduce at will:
$ git clone https://github.com/pmonks/clojars-dependencies.git
$ cd clojars-dependencies
$ clj -A:ancient
So I commented out the dependencies one at the time and it worked after I got rid of org.owasp/dependency-check-maven
, updating it to the latest version doesn't seem to work either, sadly. Maybe there's a way to exclude it while trying to use depot? I can't see it messing with any dependencies that depot requires, so it's pretty confusing.
Maybe it's treated as an optional dependency by some other dependency in the tree, so it's presence triggers some other path in some tool that I'm not aware of. I'm afraid I don't have any simple answers for this one.
Sounds like a transitive dependency conflict, unless you also checked those?
We now know it’s a conflict between one of aether’s dependencies and either dependency-check-maven itself or one of its dependencies, which narrows down the hunt somewhat.
I may have been a little optimistic; running clj -Aancient -Stree
gives this tree:
org.clojure/clojure 1.10.1
org.clojure/core.specs.alpha 0.2.44
org.clojure/spec.alpha 0.2.176
org.clojure/data.zip 0.1.3
aysylu/loom 1.0.2
tailrecursion/cljs-priority-map 1.2.1
org.clojure/data.priority-map 0.0.5
org.owasp/dependency-check-maven 4.0.2
org.apache.maven.reporting/maven-reporting-api 3.0
org.apache.maven.doxia/doxia-sink-api 1.0
org.apache.maven.shared/maven-dependency-tree 3.0.1
org.eclipse.aether/aether-util 0.9.0.M2
org.apache.maven.shared/file-management 3.0.0
org.apache.maven.shared/maven-shared-io 3.0.0
org.apache.maven/maven-compat 3.0
org.owasp/dependency-check-core 4.0.2
org.apache.commons/commons-compress 1.18
com.h3xstream.retirejs/retirejs-core 3.0.1
com.esotericsoftware/minlog 1.3
com.github.spullara.mustache.java/compiler 0.8.17
org.json/json 20140107
org.apache.lucene/lucene-analyzers-common 7.6.0
com.h2database/h2 1.4.196
commons-io/commons-io 2.6
commons-collections/commons-collections 3.2.2
org.apache.lucene/lucene-core 7.6.0
org.apache.lucene/lucene-queryparser 7.6.0
org.apache.lucene/lucene-queries 7.6.0
org.apache.lucene/lucene-sandbox 7.6.0
org.apache.commons/commons-text 1.3
org.apache.commons/commons-lang3 3.7
com.google.guava/guava 27.0.1-jre
com.google.errorprone/error_prone_annotations 2.2.0
org.codehaus.mojo/animal-sniffer-annotations 1.17
com.google.guava/listenablefuture 9999.0-empty-to-avoid-conflict-with-guava
com.google.guava/failureaccess 1.0.1
com.google.j2objc/j2objc-annotations 1.1
org.checkerframework/checker-qual 2.5.2
com.google.code.findbugs/jsr305 3.0.2
org.apache.velocity/velocity 1.7
commons-lang/commons-lang 2.4
com.sun.mail/mailapi 1.6.3
com.vdurmont/semver4j 2.2.0
org.jsoup/jsoup 1.11.3
org.slf4j/slf4j-api 1.7.25
org.glassfish/javax.json 1.0.4
com.google.code.gson/gson 2.8.5
org.owasp/dependency-check-utils 4.0.2
org.apache.maven.shared/maven-artifact-transfer 0.10.1
commons-codec/commons-codec 1.11
org.codehaus.plexus/plexus-component-annotations 1.7.1
org.codehaus.plexus/plexus-utils 3.1.0
org.apache.maven.shared/maven-common-artifact-filters 3.0.1
org.apache.maven.shared/maven-shared-utils 3.1.0
org.sonatype.plexus/plexus-sec-dispatcher 1.4
org.sonatype.plexus/plexus-cipher 1.4
olical/depot 1.8.4
org.clojure/tools.cli 0.4.1
rewrite-clj/rewrite-clj 0.6.1
org.clojure/clojurescript 1.10.520
org.clojure/data.json 0.2.6
org.clojure/google-closure-library 0.0-20170809-b9c14c6b
org.clojure/google-closure-library-third-party 0.0-20170809-b9c14c6b
org.mozilla/rhino 1.7R5
com.cognitect/transit-clj 0.8.309
com.cognitect/transit-java 0.8.332
com.fasterxml.jackson.core/jackson-core 2.8.7
org.msgpack/msgpack 0.6.12
com.googlecode.json-simple/json-simple 1.1.1
org.javassist/javassist 3.18.1-GA
org.clojure/tools.reader 1.3.0
com.google.javascript/closure-compiler-unshaded v20180805
com.google.jsinterop/jsinterop-annotations 1.0.0
com.google.javascript/closure-compiler-externs v20180805
args4j/args4j 2.0.26
com.google.protobuf/protobuf-java 3.0.2
org.clojure/tools.deps.alpha 0.7.516
org.springframework.build/aws-maven 5.0.0.RELEASE
org.apache.maven.resolver/maven-resolver-transport-wagon 1.1.1
org.apache.maven.wagon/wagon-provider-api 3.0.0
org.apache.maven.resolver/maven-resolver-transport-http 1.1.1
org.slf4j/jcl-over-slf4j 1.7.25
org.apache.httpcomponents/httpcore 4.4.8
org.apache.httpcomponents/httpclient 4.5.4
org.apache.maven.resolver/maven-resolver-transport-file 1.1.1
org.apache.maven/maven-core 3.5.2
org.eclipse.sisu/org.eclipse.sisu.plexus 0.3.3
javax.enterprise/cdi-api 1.0
javax.annotation/jsr250-api 1.0
org.apache.maven/maven-settings-builder 3.5.2
org.apache.maven/maven-settings 3.5.2
org.codehaus.plexus/plexus-classworlds 2.5.2
com.google.inject/guice$no_aop 4.0
aopalliance/aopalliance 1.0
org.eclipse.sisu/org.eclipse.sisu.inject 0.3.3
org.apache.maven/maven-builder-support 3.5.2
org.apache.maven/maven-plugin-api 3.5.2
org.sonatype.sisu/sisu-inject-plexus 1.4.2
org.sonatype.sisu/sisu-inject-bean 1.4.2
org.sonatype.sisu/sisu-guice$noaop 2.1.7
org.apache.maven/maven-artifact 3.5.2
org.apache.maven.resolver/maven-resolver-api 1.1.1
org.apache.maven/maven-resolver-provider 3.5.2
javax.inject/javax.inject 1
org.apache.maven/maven-model-builder 3.5.2
org.codehaus.plexus/plexus-interpolation 1.24
org.apache.maven/maven-model 3.5.2
org.apache.maven/maven-repository-metadata 3.5.2
org.clojure/data.xml 0.2.0-alpha5
org.clojure/data.codec 0.1.0
org.apache.maven.resolver/maven-resolver-spi 1.1.1
org.slf4j/slf4j-nop 1.6.2
s3-wagon-private/s3-wagon-private 1.3.1
com.fasterxml.jackson.core/jackson-databind 2.5.5
com.fasterxml.jackson.core/jackson-annotations 2.5.0
com.amazonaws/aws-java-sdk-s3 1.11.184
com.amazonaws/jmespath-java 1.11.184
com.amazonaws/aws-java-sdk-core 1.11.184
joda-time/joda-time 2.8.1
com.fasterxml.jackson.dataformat/jackson-dataformat-cbor 2.6.7
software.amazon.ion/ion-java 1.0.2
commons-logging/commons-logging 1.1.3
com.amazonaws/aws-java-sdk-kms 1.11.184
org.clojure/tools.gitlibs 0.2.64
com.jcraft/jsch.agentproxy.jsch 0.0.9
org.eclipse.jgit/org.eclipse.jgit 4.10.0.201712302008-r
com.googlecode.javaewah/JavaEWAH 1.1.6
com.jcraft/jsch 0.1.54
com.jcraft/jsch.agentproxy.connector-factory 0.0.9
com.jcraft/jsch.agentproxy.sshagent 0.0.9
com.jcraft/jsch.agentproxy.usocket-jna 0.0.9
net.java.dev.jna/jna 4.1.0
net.java.dev.jna/jna-platform 4.1.0
com.jcraft/jsch.agentproxy.pageant 0.0.9
com.jcraft/jsch.agentproxy.core 0.0.9
com.jcraft/jsch.agentproxy.usocket-nc 0.0.9
org.apache.maven.resolver/maven-resolver-connector-basic 1.1.1
org.apache.maven.resolver/maven-resolver-impl 1.1.1
org.apache.maven.resolver/maven-resolver-util 1.1.1
version-clj/version-clj 0.1.2
Which has no obvious (to my eye) conflicts, at least at the artifact level. It's possible the problematic class (org.eclipse.aether.util.ConfigUtils
) moved JARs at some point, but tracking that down is going to be a royal pita. 😢
Upgrading org.owasp/dependency-check-maven
to v5.2.1 didn't help either, FWIW.
Yep, I'm not sure if it's a straight conflict, like I couldn't see anything in a minimal depot project that is shared in this error stack. Which is what makes me think it's the presence of the library that causes something to require it and try to do something with it, like an optional dependency?
What's a tad annoying is that I only use org.owasp/dependency-check-maven
for its (very handy) XmlInputStream
class. I guess I wasn't the only one who got fed up with the garbage POM files on Maven Central, but I digress...
Given that that class is based on a StackOverflow answer (plus it's Apache licensed) it's tempting to just copy that code out into my own project and ditch that dependency...
Hmm, yeah, ripping it out to remove the rest of the dep is probably the easiest and best thing to do. It's still annoying but I'm not sure what I can do to fix this, especially since it impacts a fraction of the potential projects out there.
So I'm chalking this up to "extremely rare and unlikely dependency conflict of some kind that I don't fully understand". I think working around this for the small amount of possible cases is the way to go for now.
If this is more common than I think right now I'll dig deeper and work out what's causing it. I'm still considering a rewrite of this one day to unify the "find updates" and "apply updates" halves of the code base, so it could go away with that.
Closing for now, thank you for all of the data and help! I'm sure it'll help a lot as and when I get around to patching this issue out somehow.
I've been happily using depot for some time, including on a project I'm actively working on, but recently it started throwing this exception with this project:
I assume (but have not confirmed) that a change in my project's own dependencies conflicted with depot's own dependencies. Here's my
deps.edn
: