Open trajano opened 9 years ago
fge
commented
9 years ago I have to agree with that.
Since my current job has led me to experience such problems, the two solutions would be to:
Not sure where the library should go:
trajano
commented
9 years ago I would go with the later. Something along the lines of using the maven-shade-plugin. Not because it's nicer, in fact it's way way uglier with the larger disk space. However, it is more pragmatic and we can slowly introduce pull requests to get rid of it as time passes by.
trajano
commented
9 years ago Chose the first approach for my PR. Only copied the classes that are relevant and took out the "Guava" checks in the Guava code.
jameskhedley
commented
6 years ago Additionally, the current Guava level (16.0.1, see project.gradle) is vulnerable according to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10237.
Using Guava 26.0 breaks because the character definitions in CharMatcher have been removed (had been deprecated for a while).
Guava 25.1 will work for the time being.
Though Guava can provide an easier API to do some common operations, there can be dependency convergence problems when different versions of Guava are used between different dependencies.
Guava also has the tendency to deprecate APIs between versions.
Primarily to avoid situations like this http://stackoverflow.com/questions/28368289/use-multiple-guava-versions-in-same-maven-project