search

vaadin / framework

Vaadin 6, 7, 8 is a Java framework for modern Java web applications.
http://vaadin.com/
Other
1.77k stars 729 forks source link

Found duplicate classes/resources in compile classpath #12612

Closed rkovarik closed 2 months ago

rkovarik commented 2 months ago

Looks like there are duplicate classes in vaadin-server:8.24.0 and com.vaadin:open:8.5.0. There doesn't seems to be newer version of https://mvnrepository.com/artifact/com.vaadin/open or perhaps the entire content of this artifact has already been merged into vaadin-server and shouldn't be included anymore?

[WARNING] Found duplicate (but equal) classes in [com.vaadin:open:8.5.0, com.vaadin:vaadin-server:8.24.0]:
[WARNING]   com.vaadin.open.App
[WARNING]   com.vaadin.open.Docker
[WARNING]   com.vaadin.open.FileUtil
[WARNING]   com.vaadin.open.LinuxProcFileReader
[WARNING]   com.vaadin.open.OSUtils
[WARNING]   com.vaadin.open.Open
[WARNING]   com.vaadin.open.Options
[WARNING] Found duplicate classes/resources in runtime classpath.

mvn dependency:tree:

[INFO] |  +- com.vaadin:vaadin-server:jar:8.24.0:compile
[INFO] |  |  +- com.vaadin:vaadin-sass-compiler:jar:0.9.13:provided
[INFO] |  |  |  +- org.w3c.css:sac:jar:1.3:provided
[INFO] |  |  |  \- com.vaadin.external.flute:flute:jar:1.3.0.gg2:provided
[INFO] |  |  +- com.vaadin:license-checker:jar:1.12.8:compile
[INFO] |  |  |  +- com.github.oshi:oshi-core:jar:6.4.0:compile
[INFO] |  |  |  |  +- net.java.dev.jna:jna:jar:5.13.0:compile
[INFO] |  |  |  |  \- net.java.dev.jna:jna-platform:jar:5.13.0:compile
[INFO] |  |  |  +- com.nimbusds:nimbus-jose-jwt:jar:9.37.3:compile
[INFO] |  |  |  +- org.lucee:jcip-annotations:jar:1.0.0:compile
[INFO] |  |  |  \- com.vaadin:open:jar:8.5.0:compile
[INFO] |  |  +- com.vaadin.external:gentyref:jar:1.2.0.vaadin1:compile
[INFO] |  |  \- org.javassist:javassist:jar:3.29.2-GA:compile

Maybe this could be used as a workaround:

      <dependency>
        <groupId>com.vaadin</groupId>
        <artifactId>vaadin-server</artifactId>
        <exclusions>
          <exclusion>
            <groupId>com.vaadin</groupId>
            <artifactId>open</artifactId>
          </exclusion>
        </exclusions>
      </dependency>
thevaadinman commented 2 months ago

No, vaadin-open hasn't been merged into vaadin-server. Open is used by the license checker to launch a web browser so that you can easily validate your license. That's it. vaadin-server includes license-checker as a dependency. license-checker includes vaadin-open. There are no classes with the same package names in vaadin-server and vaadin-open - the classes in the first output listing in your report is the complete contents of vaadin-open, and they are unique to vaadin-open.

This is the first time I've seen this. To speed up testing, could you attempt to replicate this with a trivial project of some kind and provide it as a zip, or describe the steps you used to create it?

rkovarik commented 2 months ago

Indeed, I can’t find the duplicates in the source code. When I download the artifact though, unless I’m misunderstanding something, the files are present:

➜  test curl https://repo1.maven.org/maven2/com/vaadin/vaadin-server/8.24.0/vaadin-server-8.24.0.jar > vaadin-server-8.24.0.jar
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 2610k  100 2610k    0     0  1179k      0  0:00:02  0:00:02 --:--:-- 1179k
➜  test unzip vaadin-server-8.24.0.jar 
Archive:  vaadin-server-8.24.0.jar
...
  inflating: com/vaadin/open/App.class  
  inflating: com/vaadin/open/Docker.class  
  inflating: com/vaadin/open/FileUtil.class  
  inflating: com/vaadin/open/LinuxProcFileReader.class  
  inflating: com/vaadin/open/OSUtils.class  
  inflating: com/vaadin/open/Open.class  
  inflating: com/vaadin/open/Options.class  
  inflating: com/vaadin/open/xdg-open  
  inflating: com/vaadin/pro/licensechecker/BuildType.class  
...

➜  test curl https://repo1.maven.org/maven2/com/vaadin/open/8.5.0/open-8.5.0.jar > open-8.5.0.jar
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 25730  100 25730    0     0   213k      0 --:--:-- --:--:-- --:--:--  214k
➜  test unzip open-8.5.0.jar                                                                     
Archive:  open-8.5.0.jar
replace META-INF/MANIFEST.MF? [y]es, [n]o, [A]ll, [N]one, [r]ename: A
  inflating: META-INF/MANIFEST.MF    
  inflating: com/vaadin/open/xdg-open  
  inflating: com/vaadin/open/Open.class  
  inflating: com/vaadin/open/Options.class  
  inflating: com/vaadin/open/App.class  
  inflating: com/vaadin/open/OSUtils.class  
  inflating: META-INF/maven/com.vaadin/open/pom.xml  
  inflating: META-INF/maven/com.vaadin/open/pom.properties  
  inflating: META-INF/INDEX.LIST     
  inflating: com/vaadin/open/LinuxProcFileReader.class  
  inflating: com/vaadin/open/Docker.class  
  inflating: com/vaadin/open/FileUtil.class

Could maybe a maven plugin copy these files during the release process? 🤔

thevaadinman commented 2 months ago

That would be my guess, though a quick look through the pom.xml files did not reveal anything out of the ordinary. I'll need to take a good look at those.

thevaadinman commented 2 months ago

Fixed in the newly released 8.25.1.