Closed pmonks closed 5 years ago
Olical
commented
5 years ago Aha, well that's odd. I can see aether in that stack trace, so maybe it's a conflicting version there, yeah. Definitely not from a change on depot's side, it's been pretty stable and hasn't changed much at all recently. Try clj -Stree and have a look through there for things that don't seem to match up I guess?
I've never really had to resolve these sorts of conflicts in the past I'm afraid.
pmonks
commented
5 years ago Here's the output from clj -Stree:
$ clj -Stree
org.clojure/clojure 1.10.0
org.clojure/core.specs.alpha 0.2.44
org.clojure/spec.alpha 0.2.176
org.clojure/data.zip 0.1.3
aysylu/loom 1.0.2
tailrecursion/cljs-priority-map 1.2.1
org.clojure/clojurescript 1.7.170
org.clojure/data.json 0.2.6
org.clojure/google-closure-library 0.0-20151016-61277aea
org.clojure/google-closure-library-third-party 0.0-20151016-61277aea
org.mozilla/rhino 1.7R5
com.google.javascript/closure-compiler v20151015
org.clojure/tools.reader 0.10.0-alpha3
org.clojure/data.priority-map 0.0.5
org.owasp/dependency-check-maven 4.0.2
org.apache.maven.reporting/maven-reporting-api 3.0
org.apache.maven.doxia/doxia-sink-api 1.0
org.apache.maven.shared/maven-dependency-tree 3.0.1
org.eclipse.aether/aether-util 0.9.0.M2
org.apache.maven.shared/file-management 3.0.0
org.apache.maven.shared/maven-shared-io 3.0.0
org.apache.maven.wagon/wagon-provider-api 2.10
org.apache.maven/maven-compat 3.0
org.apache.maven/maven-plugin-api 3.0
org.sonatype.sisu/sisu-inject-plexus 1.4.2
org.sonatype.sisu/sisu-inject-bean 1.4.2
org.sonatype.sisu/sisu-guice$noaop 2.1.7
org.apache.maven/maven-model 3.0
org.owasp/dependency-check-core 4.0.2
joda-time/joda-time 1.6
org.apache.commons/commons-compress 1.18
com.h3xstream.retirejs/retirejs-core 3.0.1
com.esotericsoftware/minlog 1.3
com.github.spullara.mustache.java/compiler 0.8.17
org.json/json 20140107
org.apache.lucene/lucene-analyzers-common 7.6.0
com.h2database/h2 1.4.196
commons-io/commons-io 2.6
commons-collections/commons-collections 3.2.2
org.apache.lucene/lucene-core 7.6.0
org.apache.lucene/lucene-queryparser 7.6.0
org.apache.lucene/lucene-queries 7.6.0
org.apache.lucene/lucene-sandbox 7.6.0
org.apache.commons/commons-text 1.3
org.apache.commons/commons-lang3 3.7
com.google.guava/guava 27.0.1-jre
com.google.errorprone/error_prone_annotations 2.2.0
org.codehaus.mojo/animal-sniffer-annotations 1.17
com.google.guava/listenablefuture 9999.0-empty-to-avoid-conflict-with-guava
com.google.guava/failureaccess 1.0.1
com.google.j2objc/j2objc-annotations 1.1
org.checkerframework/checker-qual 2.5.2
com.google.code.findbugs/jsr305 3.0.2
org.apache.velocity/velocity 1.7
commons-lang/commons-lang 2.4
com.sun.mail/mailapi 1.6.3
com.vdurmont/semver4j 2.2.0
org.jsoup/jsoup 1.11.3
org.slf4j/slf4j-api 1.7.25
org.glassfish/javax.json 1.0.4
com.google.code.gson/gson 2.8.5
org.owasp/dependency-check-utils 4.0.2
org.apache.maven.shared/maven-artifact-transfer 0.10.1
commons-codec/commons-codec 1.11
org.codehaus.plexus/plexus-component-annotations 1.7.1
org.codehaus.plexus/plexus-utils 3.1.0
org.apache.maven/maven-core 3.0
org.sonatype.aether/aether-util 1.7
org.apache.maven/maven-model-builder 3.0
org.apache.maven/maven-settings-builder 3.0
org.apache.maven/maven-settings 3.0
org.apache.maven/maven-aether-provider 3.0
org.sonatype.aether/aether-impl 1.7
org.sonatype.aether/aether-spi 1.7
org.codehaus.plexus/plexus-classworlds 2.2.3
org.codehaus.plexus/plexus-interpolation 1.14
org.sonatype.aether/aether-api 1.7
org.apache.maven/maven-repository-metadata 3.0
org.apache.maven.shared/maven-common-artifact-filters 3.0.1
org.apache.maven.shared/maven-shared-utils 3.1.0
org.apache.maven/maven-artifact 3.0
org.sonatype.plexus/plexus-sec-dispatcher 1.4
org.sonatype.plexus/plexus-cipher 1.4
version-clj/version-clj 0.1.2I see a few different aether artifacts in there, but no obvious conflicts based solely on GAVs (though it's entirely possible that different JARs contain the same class, which would be unfortunate...).
Olical
commented
5 years ago So this wouldn't happen to be fixed in 1.8.4 would it?
pmonks
commented
5 years ago I’m not in a position to check until late July, but if you’d like to try yourself the project where this is occurring is here.
Olical
commented
5 years ago Please update again this was due to a bad deploy and has since been fixed. Sorry about that!
On Wed, 3 Jul 2019, 04:18 Peter Monks, notifications@github.com wrote:
I’m not in a position to check until late July, but if you’d like to try yourself the project is here https://github.com/pmonks/clojars-dependencies.
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/Olical/depot/issues/23?email_source=notifications&email_token=AACM6XJJ7SIOAOYNJEBJO2LP5QLAHA5CNFSM4HSVBGNKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODZDEJHA#issuecomment-507921564, or mute the thread https://github.com/notifications/unsubscribe-auth/AACM6XPQBXURPPAVDGFU55LP5QLAHANCNFSM4HSVBGNA .
Olical
commented
5 years ago I actually thought this was a new issue and replied by email :man_facepalming: my bad! I realised my prompt to update looked pretty weird and pushy after that. I thought it was someone having an issue with the previous version which was a broken deploy. Take your time! :smile:
pmonks
commented
5 years ago No worries - I appreciated the update, tbh! 😃
I’m traveling without a laptop right now, but once I get home I’ll give the new version a shot.
Thanks!
pmonks
commented
5 years ago Ok finally had a chance to upgrade and try it again, but I'm still getting an error with v1.8.4:
$ clj -A:ancient
Execution error (NoSuchMethodError) at org.eclipse.aether.internal.impl.PrioritizedComponents/add (PrioritizedComponents.java:66).
org.eclipse.aether.util.ConfigUtils.getFloat(Ljava/util/Map;F[Ljava/lang/String;)F
Full report at:
/var/folders/x4/jg66qz6n3dqd4fwxgfsp3j2h0000gn/T/clojure-2910453177622845879.ednContents of /var/folders/x4/jg66qz6n3dqd4fwxgfsp3j2h0000gn/T/clojure-2910453177622845879.edn:
{:clojure.main/message
"Execution error (NoSuchMethodError) at org.eclipse.aether.internal.impl.PrioritizedComponents/add (PrioritizedComponents.java:66).\norg.eclipse.aether.util.ConfigUtils.getFloat(Ljava/util/Map;F[Ljava/lang/String;)F\n",
:clojure.main/triage
{:clojure.error/class java.lang.NoSuchMethodError,
:clojure.error/line 66,
:clojure.error/cause
"org.eclipse.aether.util.ConfigUtils.getFloat(Ljava/util/Map;F[Ljava/lang/String;)F",
:clojure.error/symbol
org.eclipse.aether.internal.impl.PrioritizedComponents/add,
:clojure.error/source "PrioritizedComponents.java",
:clojure.error/phase :execution},
:clojure.main/trace
{:via
[{:type java.util.concurrent.ExecutionException,
:message
"java.lang.NoSuchMethodError: org.eclipse.aether.util.ConfigUtils.getFloat(Ljava/util/Map;F[Ljava/lang/String;)F",
:at [java.util.concurrent.FutureTask report "FutureTask.java" 122]}
{:type java.lang.NoSuchMethodError,
:message
"org.eclipse.aether.util.ConfigUtils.getFloat(Ljava/util/Map;F[Ljava/lang/String;)F",
:at
[org.eclipse.aether.internal.impl.PrioritizedComponents
add
"PrioritizedComponents.java"
66]}],
:trace
[[org.eclipse.aether.internal.impl.PrioritizedComponents
add
"PrioritizedComponents.java"
66]
[org.eclipse.aether.internal.impl.DefaultLocalRepositoryProvider
newLocalRepositoryManager
"DefaultLocalRepositoryProvider.java"
104]
[org.eclipse.aether.internal.impl.DefaultRepositorySystem
newLocalRepositoryManager
"DefaultRepositorySystem.java"
392]
[depot.outdated$make_session invokeStatic "outdated.clj" 28]
[depot.outdated$make_session invoke "outdated.clj" 25]
[depot.outdated$coord__GT_version_status
invokeStatic
"outdated.clj"
36]
[depot.outdated$coord__GT_version_status invoke "outdated.clj" 32]
[depot.outdated$eval1375$fn__1377 invoke "outdated.clj" 63]
[clojure.lang.MultiFn invoke "MultiFn.java" 239]
[depot.outdated$current_latest_map invokeStatic "outdated.clj" 102]
[depot.outdated$current_latest_map invoke "outdated.clj" 98]
[depot.outdated$gather_outdated$fn__1401 invoke "outdated.clj" 112]
[clojure.core$pmap$fn__8462$fn__8463 invoke "core.clj" 7022]
[clojure.core$binding_conveyor_fn$fn__5754 invoke "core.clj" 2030]
[clojure.lang.AFn call "AFn.java" 18]
[java.util.concurrent.FutureTask run "FutureTask.java" 264]
[java.util.concurrent.ThreadPoolExecutor
runWorker
"ThreadPoolExecutor.java"
1128]
[java.util.concurrent.ThreadPoolExecutor$Worker
run
"ThreadPoolExecutor.java"
628]
[java.lang.Thread run "Thread.java" 834]],
:cause
"org.eclipse.aether.util.ConfigUtils.getFloat(Ljava/util/Map;F[Ljava/lang/String;)F"}}:thinking: not sure if anyone else is having this issue so I'm still wondering if it's to do with your other dependencies in your project. Like one of them is shifting some transitive dependency version slightly. Haven't had time to take a proper look at a bug, if I do it won't be for a little while yet :disappointed:
If I could reproduce it maybe I could work out some sort of workaround, just not sure how right now.
pmonks
commented
5 years ago The project where this is happening is open source, so you should be able to clone that repo and reproduce at will:
$ git clone https://github.com/pmonks/clojars-dependencies.git
$ cd clojars-dependencies
$ clj -A:ancientSo I commented out the dependencies one at the time and it worked after I got rid of org.owasp/dependency-check-maven, updating it to the latest version doesn't seem to work either, sadly. Maybe there's a way to exclude it while trying to use depot? I can't see it messing with any dependencies that depot requires, so it's pretty confusing.
Maybe it's treated as an optional dependency by some other dependency in the tree, so it's presence triggers some other path in some tool that I'm not aware of. I'm afraid I don't have any simple answers for this one.
pmonks
commented
5 years ago Sounds like a transitive dependency conflict, unless you also checked those?
We now know it’s a conflict between one of aether’s dependencies and either dependency-check-maven itself or one of its dependencies, which narrows down the hunt somewhat.
pmonks
commented
5 years ago I may have been a little optimistic; running clj -Aancient -Stree gives this tree:
org.clojure/clojure 1.10.1
org.clojure/core.specs.alpha 0.2.44
org.clojure/spec.alpha 0.2.176
org.clojure/data.zip 0.1.3
aysylu/loom 1.0.2
tailrecursion/cljs-priority-map 1.2.1
org.clojure/data.priority-map 0.0.5
org.owasp/dependency-check-maven 4.0.2
org.apache.maven.reporting/maven-reporting-api 3.0
org.apache.maven.doxia/doxia-sink-api 1.0
org.apache.maven.shared/maven-dependency-tree 3.0.1
org.eclipse.aether/aether-util 0.9.0.M2
org.apache.maven.shared/file-management 3.0.0
org.apache.maven.shared/maven-shared-io 3.0.0
org.apache.maven/maven-compat 3.0
org.owasp/dependency-check-core 4.0.2
org.apache.commons/commons-compress 1.18
com.h3xstream.retirejs/retirejs-core 3.0.1
com.esotericsoftware/minlog 1.3
com.github.spullara.mustache.java/compiler 0.8.17
org.json/json 20140107
org.apache.lucene/lucene-analyzers-common 7.6.0
com.h2database/h2 1.4.196
commons-io/commons-io 2.6
commons-collections/commons-collections 3.2.2
org.apache.lucene/lucene-core 7.6.0
org.apache.lucene/lucene-queryparser 7.6.0
org.apache.lucene/lucene-queries 7.6.0
org.apache.lucene/lucene-sandbox 7.6.0
org.apache.commons/commons-text 1.3
org.apache.commons/commons-lang3 3.7
com.google.guava/guava 27.0.1-jre
com.google.errorprone/error_prone_annotations 2.2.0
org.codehaus.mojo/animal-sniffer-annotations 1.17
com.google.guava/listenablefuture 9999.0-empty-to-avoid-conflict-with-guava
com.google.guava/failureaccess 1.0.1
com.google.j2objc/j2objc-annotations 1.1
org.checkerframework/checker-qual 2.5.2
com.google.code.findbugs/jsr305 3.0.2
org.apache.velocity/velocity 1.7
commons-lang/commons-lang 2.4
com.sun.mail/mailapi 1.6.3
com.vdurmont/semver4j 2.2.0
org.jsoup/jsoup 1.11.3
org.slf4j/slf4j-api 1.7.25
org.glassfish/javax.json 1.0.4
com.google.code.gson/gson 2.8.5
org.owasp/dependency-check-utils 4.0.2
org.apache.maven.shared/maven-artifact-transfer 0.10.1
commons-codec/commons-codec 1.11
org.codehaus.plexus/plexus-component-annotations 1.7.1
org.codehaus.plexus/plexus-utils 3.1.0
org.apache.maven.shared/maven-common-artifact-filters 3.0.1
org.apache.maven.shared/maven-shared-utils 3.1.0
org.sonatype.plexus/plexus-sec-dispatcher 1.4
org.sonatype.plexus/plexus-cipher 1.4
olical/depot 1.8.4
org.clojure/tools.cli 0.4.1
rewrite-clj/rewrite-clj 0.6.1
org.clojure/clojurescript 1.10.520
org.clojure/data.json 0.2.6
org.clojure/google-closure-library 0.0-20170809-b9c14c6b
org.clojure/google-closure-library-third-party 0.0-20170809-b9c14c6b
org.mozilla/rhino 1.7R5
com.cognitect/transit-clj 0.8.309
com.cognitect/transit-java 0.8.332
com.fasterxml.jackson.core/jackson-core 2.8.7
org.msgpack/msgpack 0.6.12
com.googlecode.json-simple/json-simple 1.1.1
org.javassist/javassist 3.18.1-GA
org.clojure/tools.reader 1.3.0
com.google.javascript/closure-compiler-unshaded v20180805
com.google.jsinterop/jsinterop-annotations 1.0.0
com.google.javascript/closure-compiler-externs v20180805
args4j/args4j 2.0.26
com.google.protobuf/protobuf-java 3.0.2
org.clojure/tools.deps.alpha 0.7.516
org.springframework.build/aws-maven 5.0.0.RELEASE
org.apache.maven.resolver/maven-resolver-transport-wagon 1.1.1
org.apache.maven.wagon/wagon-provider-api 3.0.0
org.apache.maven.resolver/maven-resolver-transport-http 1.1.1
org.slf4j/jcl-over-slf4j 1.7.25
org.apache.httpcomponents/httpcore 4.4.8
org.apache.httpcomponents/httpclient 4.5.4
org.apache.maven.resolver/maven-resolver-transport-file 1.1.1
org.apache.maven/maven-core 3.5.2
org.eclipse.sisu/org.eclipse.sisu.plexus 0.3.3
javax.enterprise/cdi-api 1.0
javax.annotation/jsr250-api 1.0
org.apache.maven/maven-settings-builder 3.5.2
org.apache.maven/maven-settings 3.5.2
org.codehaus.plexus/plexus-classworlds 2.5.2
com.google.inject/guice$no_aop 4.0
aopalliance/aopalliance 1.0
org.eclipse.sisu/org.eclipse.sisu.inject 0.3.3
org.apache.maven/maven-builder-support 3.5.2
org.apache.maven/maven-plugin-api 3.5.2
org.sonatype.sisu/sisu-inject-plexus 1.4.2
org.sonatype.sisu/sisu-inject-bean 1.4.2
org.sonatype.sisu/sisu-guice$noaop 2.1.7
org.apache.maven/maven-artifact 3.5.2
org.apache.maven.resolver/maven-resolver-api 1.1.1
org.apache.maven/maven-resolver-provider 3.5.2
javax.inject/javax.inject 1
org.apache.maven/maven-model-builder 3.5.2
org.codehaus.plexus/plexus-interpolation 1.24
org.apache.maven/maven-model 3.5.2
org.apache.maven/maven-repository-metadata 3.5.2
org.clojure/data.xml 0.2.0-alpha5
org.clojure/data.codec 0.1.0
org.apache.maven.resolver/maven-resolver-spi 1.1.1
org.slf4j/slf4j-nop 1.6.2
s3-wagon-private/s3-wagon-private 1.3.1
com.fasterxml.jackson.core/jackson-databind 2.5.5
com.fasterxml.jackson.core/jackson-annotations 2.5.0
com.amazonaws/aws-java-sdk-s3 1.11.184
com.amazonaws/jmespath-java 1.11.184
com.amazonaws/aws-java-sdk-core 1.11.184
joda-time/joda-time 2.8.1
com.fasterxml.jackson.dataformat/jackson-dataformat-cbor 2.6.7
software.amazon.ion/ion-java 1.0.2
commons-logging/commons-logging 1.1.3
com.amazonaws/aws-java-sdk-kms 1.11.184
org.clojure/tools.gitlibs 0.2.64
com.jcraft/jsch.agentproxy.jsch 0.0.9
org.eclipse.jgit/org.eclipse.jgit 4.10.0.201712302008-r
com.googlecode.javaewah/JavaEWAH 1.1.6
com.jcraft/jsch 0.1.54
com.jcraft/jsch.agentproxy.connector-factory 0.0.9
com.jcraft/jsch.agentproxy.sshagent 0.0.9
com.jcraft/jsch.agentproxy.usocket-jna 0.0.9
net.java.dev.jna/jna 4.1.0
net.java.dev.jna/jna-platform 4.1.0
com.jcraft/jsch.agentproxy.pageant 0.0.9
com.jcraft/jsch.agentproxy.core 0.0.9
com.jcraft/jsch.agentproxy.usocket-nc 0.0.9
org.apache.maven.resolver/maven-resolver-connector-basic 1.1.1
org.apache.maven.resolver/maven-resolver-impl 1.1.1
org.apache.maven.resolver/maven-resolver-util 1.1.1
version-clj/version-clj 0.1.2Which has no obvious (to my eye) conflicts, at least at the artifact level. It's possible the problematic class (org.eclipse.aether.util.ConfigUtils) moved JARs at some point, but tracking that down is going to be a royal pita. 😢
pmonks
commented
5 years ago Upgrading org.owasp/dependency-check-maven to v5.2.1 didn't help either, FWIW.
Olical
commented
5 years ago Yep, I'm not sure if it's a straight conflict, like I couldn't see anything in a minimal depot project that is shared in this error stack. Which is what makes me think it's the presence of the library that causes something to require it and try to do something with it, like an optional dependency?
pmonks
commented
5 years ago What's a tad annoying is that I only use org.owasp/dependency-check-maven for its (very handy) XmlInputStream class. I guess I wasn't the only one who got fed up with the garbage POM files on Maven Central, but I digress...
Given that that class is based on a StackOverflow answer (plus it's Apache licensed) it's tempting to just copy that code out into my own project and ditch that dependency...
Olical
commented
5 years ago Hmm, yeah, ripping it out to remove the rest of the dep is probably the easiest and best thing to do. It's still annoying but I'm not sure what I can do to fix this, especially since it impacts a fraction of the potential projects out there.
Olical
commented
5 years ago So I'm chalking this up to "extremely rare and unlikely dependency conflict of some kind that I don't fully understand". I think working around this for the small amount of possible cases is the way to go for now.
If this is more common than I think right now I'll dig deeper and work out what's causing it. I'm still considering a rewrite of this one day to unify the "find updates" and "apply updates" halves of the code base, so it could go away with that.
Closing for now, thank you for all of the data and help! I'm sure it'll help a lot as and when I get around to patching this issue out somehow.
I've been happily using depot for some time, including on a project I'm actively working on, but recently it started throwing this exception with this project:
I assume (but have not confirmed) that a change in my project's own dependencies conflicted with depot's own dependencies. Here's my
deps.edn: