search

google / gson

A Java serialization/deserialization library to convert Java Objects into JSON and back
Apache License 2.0
23.13k stars 4.27k forks source link

errorprone cannot be considered optional #2681

Closed esaulpaugh closed 1 month ago

esaulpaugh commented 1 month ago

Gson version

2.11.0

Java / Android version

Java v21.0.3

Used tools

Gradle v8.7 with a verification-metadata.xml

Maven v3.9.6

Description

Gradle fails to build my project which depends on gson v2.11.0. Maven fails to build my project which depends on gson v2.11.0.

Expected behavior

I expected compiler warnings at most, as per "This dependency can be considered optional, but if missing it might lead to compiler warnings."

Actual behavior

Maven and gradle both fail to build my project due to errorprone being unavailable.

Reproduction steps

Step 1: Update a project's dependency from gson 2.10.1 to 2.11.0

Step 2: Attempt to build with maven or gradle without giving the build tool access to error_prone_annotations-2.27.0.jar

Exception stack trace

'gradle build' with error_prone_annotations-2.27.0.jar but without dependency hashes:

org.gradle.api.internal.artifacts.verification.exceptions.DependencyVerificationException: Dependency verification failed for configuration ':runtimeClasspath'
3 artifacts failed verification:
  - error_prone_annotations-2.27.0.jar (com.google.errorprone:error_prone_annotations:2.27.0) from repository MavenRepo
  - error_prone_annotations-2.27.0.pom (com.google.errorprone:error_prone_annotations:2.27.0) from repository MavenRepo
  - error_prone_parent-2.27.0.pom (com.google.errorprone:error_prone_parent:2.27.0) from repository MavenRepo

gradle build --offline with dependency hashes but without error_prone_annotations-2.27.0.jar:

Execution failed for task ':compileJava'.
> Could not resolve all files for configuration ':compileClasspath'.
   > Could not resolve com.google.errorprone:error_prone_annotations:2.27.0.
     Required by:
         project : > com.google.code.gson:gson:2.11.0
      > No cached version of com.google.errorprone:error_prone_annotations:2.27.0 available for offline mode.

Maven without error_prone_annotations-2.27.0.jar (disconnected from the internet and the dependency is not in the local .m2 repository):

Failed to collect dependencies at com.google.code.gson:gson:jar:2.11.0 -> com.google.errorprone:error_prone_annotations:jar:2.27.0

eamonnmcmanus commented 1 month ago

The full text from the release notes is this:

  • Added dependency on com.google.errorprone:error_prone_annotations\ This dependency can be considered optional, but if missing it might lead to compiler warnings. Therefore Gson does not declare it as optional.

Perhaps it could be worded a bit better, but to me this does explicitly say that the dependency is not optional.

esaulpaugh commented 1 month ago

Yeah, no idea who wrote that or why

Marcono1234 commented 1 month ago

Sorry, yes it was worded a bit misleading. What I meant by "can be considered optional" was:

You can in your project use Maven or Gradle dependency exclusions to remove the transitive error_prone_annotations dependency from Gson. Or if you are manually maintaining dependencies as JARs in your project you can omit error_prone_annotations. And it should still work correctly.

But Gson itself does declare it as required dependency, and if you don't perform any custom configuration, then Maven or Gradle will by default try to download error_prone_annotations and use it.

eamonnmcmanus commented 1 month ago

I updated the release notes by copying the text from @Marcono1234's comment more or less verbatim. I think anyway that most users should not really care. There isn't in general an expectation that you will always be able to build Gson or a project using Gson using only the dependencies that you happen to have in your local Maven repository. Gson is unusual in that it doesn't have any other non-test dependencies, but we've never guaranteed that.