Closed HelloCoCooo closed 3 years ago
@jhunters @xiemalin Could please help me check this issue? May I pull a request to fix it? Thanks again.
we fixed this problem at version jprotobuf-precompile-plugin-1.4.1 by ur Solution2. many thanks for ur suggestions.
Thank you for your support.
Hi, in jprotobuf/jprotobuf-precompile-plugin, there are mulptiple versions of library commons-io:commons-io. However, according to Maven's dependency management strategy: "first declaration wins", only commons-io:commons-io:1.4 can be loaded, and commons-io:commons-io:2.6 will be shadowed.
In total, there are 4 conflicting API pairs between these two library version.
As shown in the following figure, your project expects to invoke method <org.apache.commons.io.input.ProxyInputStream: read([B)I> in library commons-io:commons-io:2.6 (along the original dependency path). As it has been shadowed, this method defined in commons-io:commons-io:1.4 is actually forced to be referenced via the following invocation path (along the actual dependency path):
Although both of these conflicting libraries contain the referenced methods (with the same signature), they have different implementations. This issue will not cause runtime crashes, but it can introduce inconsistent semantic program hehaviors----
Code snippet of <org.apache.commons.io.input.ProxyInputStream: read([B)I> in commons-io:commons-io:2.6 (shadowed but expected to invoke method):
Code snippet of <org.apache.commons.io.input.ProxyInputStream: read([B)I> in commons-io:commons-io:1.4 (loaded version):
The detailed informantion of the remaining 3 conflicting API pairs can be found in the following attachment. 4 conflicting API pairs in project jprotobuf-precompile-plugin.txt
Dependency tree--
[INFO] com.baidu:jprotobuf-precompile-plugin:maven-plugin:1.4.0 [INFO] +- org.apache.maven:maven-toolchain:jar:1.0:compile [INFO] | +- org.apache.maven:maven-core:jar:2.0.6:compile [INFO] | | +- org.apache.maven:maven-settings:jar:2.0.6:compile [INFO] | | | +- (org.apache.maven:maven-model:jar:2.0.6:compile - omitted for duplicate) [INFO] | | | +- (org.codehaus.plexus:plexus-utils:jar:1.4.1:compile - omitted for duplicate) [INFO] | | | - (org.codehaus.plexus:plexus-container-default:jar:1.0-alpha-9-stable-1:compile - omitted for duplicate) [INFO] | | +- org.apache.maven.wagon:wagon-file:jar:1.0-beta-2:runtime [INFO] | | | - (org.apache.maven.wagon:wagon-provider-api:jar:1.0-beta-2:runtime - omitted for duplicate) [INFO] | | +- org.apache.maven:maven-plugin-parameter-documenter:jar:2.0.6:compile [INFO] | | | +- (org.codehaus.plexus:plexus-utils:jar:1.4.1:compile - omitted for duplicate) [INFO] | | | - (org.codehaus.plexus:plexus-container-default:jar:1.0-alpha-9-stable-1:compile - omitted for duplicate) [INFO] | | +- org.apache.maven.wagon:wagon-http-lightweight:jar:1.0-beta-2:runtime [INFO] | | | +- org.apache.maven.wagon:wagon-http-shared:jar:1.0-beta-2:runtime [INFO] | | | | +- jtidy:jtidy:jar:4aug2000r7-dev:runtime [INFO] | | | | - (org.apache.maven.wagon:wagon-provider-api:jar:1.0-beta-2:runtime - omitted for duplicate) [INFO] | | | +- xml-apis:xml-apis:jar:1.0.b2:runtime [INFO] | | | - (org.apache.maven.wagon:wagon-provider-api:jar:1.0-beta-2:runtime - omitted for duplicate) [INFO] | | +- org.apache.maven.reporting:maven-reporting-api:jar:2.0.6:compile [INFO] | | | - org.apache.maven.doxia:doxia-sink-api:jar:1.0-alpha-7:compile [INFO] | | +- org.apache.maven:maven-profile:jar:2.0.6:compile [INFO] | | | +- (org.apache.maven:maven-model:jar:2.0.6:compile - omitted for duplicate) [INFO] | | | +- (org.codehaus.plexus:plexus-utils:jar:1.4.1:compile - omitted for duplicate) [INFO] | | | - (org.codehaus.plexus:plexus-container-default:jar:1.0-alpha-9-stable-1:compile - omitted for duplicate) [INFO] | | +- org.apache.maven:maven-model:jar:2.0.6:compile [INFO] | | | - (org.codehaus.plexus:plexus-utils:jar:1.4.1:compile - omitted for duplicate) [INFO] | | +- (org.apache.maven:maven-artifact:jar:2.0.6:compile - omitted for duplicate) [INFO] | | +- (org.apache.maven.wagon:wagon-provider-api:jar:1.0-beta-2:compile - omitted for conflict with 1.0-beta-6) [INFO] | | +- (org.codehaus.plexus:plexus-container-default:jar:1.0-alpha-9-stable-1:compile - omitted for duplicate) [INFO] | | +- (org.apache.maven:maven-repository-metadata:jar:2.0.6:compile - omitted for conflict with 2.2.1) [INFO] | | +- org.apache.maven:maven-error-diagnostics:jar:2.0.6:compile [INFO] | | | - (org.codehaus.plexus:plexus-container-default:jar:1.0-alpha-9-stable-1:compile - omitted for duplicate) [INFO] | | +- org.apache.maven:maven-project:jar:2.0.6:compile [INFO] | | | +- (org.apache.maven:maven-settings:jar:2.0.6:compile - omitted for duplicate) [INFO] | | | +- (org.apache.maven:maven-profile:jar:2.0.6:compile - omitted for duplicate) [INFO] | | | +- (org.apache.maven:maven-model:jar:2.0.6:compile - omitted for duplicate) [INFO] | | | +- (org.apache.maven:maven-artifact-manager:jar:2.0.6:compile - omitted for duplicate) [INFO] | | | +- org.apache.maven:maven-plugin-registry:jar:2.0.6:compile [INFO] | | | | +- (org.codehaus.plexus:plexus-utils:jar:1.4.1:compile - omitted for duplicate) [INFO] | | | | - (org.codehaus.plexus:plexus-container-default:jar:1.0-alpha-9-stable-1:compile - omitted for duplicate) [INFO] | | | +- (org.codehaus.plexus:plexus-utils:jar:1.4.1:compile - omitted for duplicate) [INFO] | | | +- (org.apache.maven:maven-artifact:jar:2.0.6:compile - omitted for duplicate) [INFO] | | | - (org.codehaus.plexus:plexus-container-default:jar:1.0-alpha-9-stable-1:compile - omitted for duplicate) [INFO] | | +- commons-cli:commons-cli:jar:1.0:compile [INFO] | | +- (org.apache.maven:maven-plugin-api:jar:2.0.6:compile - omitted for conflict with 2.2.1) [INFO] | | +- org.apache.maven.wagon:wagon-ssh-external:jar:1.0-beta-2:runtime [INFO] | | | +- (org.codehaus.plexus:plexus-utils:jar:1.0.4:runtime - omitted for conflict with 1.4.1) [INFO] | | | +- org.apache.maven.wagon:wagon-ssh-common:jar:1.0-beta-2:runtime [INFO] | | | | +- (org.codehaus.plexus:plexus-utils:jar:1.0.4:runtime - omitted for conflict with 1.4.1) [INFO] | | | | +- (org.codehaus.plexus:plexus-interactivity-api:jar:1.0-alpha-4:runtime - omitted for duplicate) [INFO] | | | | - (org.apache.maven.wagon:wagon-provider-api:jar:1.0-beta-2:runtime - omitted for duplicate) [INFO] | | | - (org.apache.maven.wagon:wagon-provider-api:jar:1.0-beta-2:runtime - omitted for duplicate) [INFO] | | +- org.apache.maven:maven-plugin-descriptor:jar:2.0.6:compile [INFO] | | | +- (org.apache.maven:maven-plugin-api:jar:2.0.6:compile - omitted for duplicate) [INFO] | | | +- (org.apache.maven:maven-artifact:jar:2.0.6:compile - omitted for duplicate) [INFO] | | | - (org.codehaus.plexus:plexus-container-default:jar:1.0-alpha-9-stable-1:compile - omitted for duplicate) [INFO] | | +- org.codehaus.plexus:plexus-interactivity-api:jar:1.0-alpha-4:compile [INFO] | | | - (classworlds:classworlds:jar:1.1-alpha-2:compile - omitted for duplicate) [INFO] | | +- (org.apache.maven:maven-artifact-manager:jar:2.0.6:compile - omitted for conflict with 2.2.1) [INFO] | | +- org.apache.maven:maven-monitor:jar:2.0.6:compile [INFO] | | +- org.apache.maven.wagon:wagon-ssh:jar:1.0-beta-2:runtime [INFO] | | | +- com.jcraft:jsch:jar:0.1.27:runtime [INFO] | | | +- (org.codehaus.plexus:plexus-interactivity-api:jar:1.0-alpha-4:runtime - omitted for duplicate) [INFO] | | | +- (org.codehaus.plexus:plexus-utils:jar:1.0.4:runtime - omitted for conflict with 1.4.1) [INFO] | | | +- (org.apache.maven.wagon:wagon-ssh-common:jar:1.0-beta-2:runtime - omitted for duplicate) [INFO] | | | - (org.apache.maven.wagon:wagon-provider-api:jar:1.0-beta-2:runtime - omitted for duplicate) [INFO] | | +- (org.codehaus.plexus:plexus-utils:jar:1.4.1:compile - omitted for conflict with 1.5.15) [INFO] | | - classworlds:classworlds:jar:1.1:compile [INFO] | - (org.apache.maven:maven-artifact:jar:2.0.6:compile - omitted for conflict with 2.2.1) [INFO] +- org.apache.maven:maven-artifact:jar:2.2.1:compile [INFO] | - org.codehaus.plexus:plexus-utils:jar:1.5.15:compile [INFO] +- org.apache.maven:maven-artifact-manager:jar:2.2.1:compile [INFO] | +- org.apache.maven:maven-repository-metadata:jar:2.2.1:compile [INFO] | | - (org.codehaus.plexus:plexus-utils:jar:1.5.15:compile - omitted for duplicate) [INFO] | +- (org.codehaus.plexus:plexus-utils:jar:1.5.15:compile - omitted for duplicate) [INFO] | +- (org.apache.maven:maven-artifact:jar:2.2.1:compile - omitted for duplicate) [INFO] | +- org.codehaus.plexus:plexus-container-default:jar:1.0-alpha-9-stable-1:compile [INFO] | | +- junit:junit:jar:3.8.1:compile [INFO] | | +- (org.codehaus.plexus:plexus-utils:jar:1.0.4:compile - omitted for conflict with 1.5.15) [INFO] | | - (classworlds:classworlds:jar:1.1-alpha-2:compile - omitted for conflict with 1.1) [INFO] | +- org.apache.maven.wagon:wagon-provider-api:jar:1.0-beta-6:compile [INFO] | | - (org.codehaus.plexus:plexus-utils:jar:1.4.2:compile - omitted for conflict with 1.5.15) [INFO] | - backport-util-concurrent:backport-util-concurrent:jar:3.1:compile [INFO] +- org.apache.maven:maven-plugin-api:jar:2.2.1:compile [INFO] +- org.apache.maven.plugin-tools:maven-plugin-annotations:jar:3.3:provided [INFO] | - (org.apache.maven:maven-artifact:jar:3.0:provided - omitted for conflict with 2.2.1) [INFO] +- org.jodd:jodd-core:jar:3.5.2:compile [INFO] +- com.baidu:jprotobuf:jar:1.13.0:compile [INFO] | +- com.google.protobuf:protobuf-java:jar:2.5.0:compile [INFO] | +- com.squareup:protoparser:jar:3.1.5:compile [INFO] | +- org.javassist:javassist:jar:3.26.0-GA:compile [INFO] | +- (commons-io:commons-io:jar:2.6:compile - omitted for conflict with 1.4) [INFO] | - org.slf4j:slf4j-api:jar:1.7.2:compile [INFO] - commons-io:commons-io:jar:1.4:compile
Suggested solutions:
Solution1: Update direct dependency commons-io:commons-io from 1.4 to 2.6.
Solution2: Remove the dependency commons-io:commons-io:1.4.
Thanks. Best regards, Coco