Open AlexanderGunnarssonMW opened 4 weeks ago
chillaq
commented
3 weeks ago Hi @AlexanderGunnarssonMW , The only version change in your diff is Snakeyaml package to version 1.26, however, when I download snakeyaml-1.26.jar, I don't see javax in its classes.
What version of Guava are you using? Our latest SDK uses Guava 32.0.1-jre, which compiles fine without issues on our end.
Thakns Bilal
AlexanderGunnarssonMW
commented
3 weeks ago We are using a different guava version, but 32.0.1-jre also depends on jsr305 which includes these javax classes so it should be the same. Our application compiles and starts, but we are developing on a framework that detects "jar hell" and refuses to start when the same class is provided by two separate jars. I believe it would have worked if the framework did not reject this.
Our solution for now is to exclude the transient jsr305 dependency, and use the classes from java-client.jar which works as they appear to be identical. But I still think it's incorrect for them to be bundled in the jar, it does not bundle any other dependency. I don't suspect the snakeyaml version changed caused it, the only remaining candidate would be the changes under maven-shade-plugin.
chillaq
commented
3 weeks ago Hi @AlexanderGunnarssonMW , it is probably the maven-shade-plugin, as it creates a large jar file given no overlap within the artifacts included.
I will check internally to see if we can remove those additional apache and google artifacts.
Thanks Bilal
We are having classpath collisions due to classes such as
javax.annotation.Nullablebeing bundled into thejava-client.jar. Manually downloading and inspecting jars from mvn repository, I see that this started appearing between 4.4.0 and 4.4.1 and still exist in the latest release.I don't understand how the changes between these versions would cause this, but I believe the right solution is that they should not be bundled. We get the same classes from
com.google.code.findbugs:jsr305, a dependency of guava.