Gradle metadata for jackson-core 2.15.0 adds dependency on ch.randelshofer:fastdoubleparser
#999
Comments
|
Can you modify your gradle script to exclude it? While we work out how to fix this. |
We probably have several affected scripts, but we can if we need to. In the meantime, I have also raised this issue. |
|
Honestly, gradle should support a flag where you can force pom usage. Just in case. |
|
I think this is something @jjohannes needs to be looped in. Also... I wonder why this did not come up during our RC phase. :-( |
Perhaps all the testing was with Maven? |
|
@chrisr3 Project itself does not use Gradle, but I'd have expected user base has many Gradle users. But maybe use of Module metadata (GMM) is not quite as wide-spread yet. But honestly I am getting quite disillusioned by usefulness of RC phase. For any issues that are reported (there are some) there are multiple that aren't until .0 lands. And I am not sure longer RC phase would help either. Having some integration tests for Gradle side would help of course. I think |
|
Could we reconsider the gradle modules? Gradle works fine with poms. I don't see the real benefit and all this downside about testability of the gradle modules. I haven't added the gradle modules to the Scala module - in large part because I'm bewildered by why do they even exist. |
Gradle modules claim to provide a "richer" metadata view than POMs do. However, Jackson clearly needs to support both Maven and Gradle equally, and so I don't see that "richer" Gradle metadata being of any use to you. (And particularly seeing as that metadata is wrong here anyway...)
My only theory on that subject would be summarised as "Embrace, Extend, Extinguish"... 🤔 |
|
Addition of Gradle module metadata (which Jackson does not use, but provides) was a contribution, meant to improve interoperability. Similar to how OSGi metadata is provided; or Java 9+ module info. As long as there are community members willing to help, I think it makes sense to offer this. And as long as information is not net-negative (breaking use cases). |
|
The real impetus is behind SBOMs to provide the richer metadata - like the digests of the dependency jars used in the build. SBOMs are not tied to one build tool - the aim is to support them across the industry. But of course, there are competing SBOM standards (CycloneDX and SPDX, hopefully no other ones). |
|
Sounds like SBOM could provide improvements in future and as such should be supported. And maybe remove/reduce need for earlier tool-specific metadata approaches. |
|
Sorry about this. I also could have thought of this effect when we first encountered problems in combining the I think I would have to find a solution in the plugin. To somehow react to the shade plugin and take it's configuration into account. Just as reminder, this is why we publish the metadata - version alignment through the BOM: This is something you can not express in POM. Otherwise, I agree that there would be no point in adding the Gradle Metadata on top. I know at least one other library (JUnit5) that also has this feature (but the build with Gradle). The difference here is that we do this although the build is Maven. It was a bit of an experiment to do this back in the day, but it seemed to have worked flawlessly for the first 2 years or so. The issue now is that the shade plugin came into play and combining plugins in Maven is tricky, as there is no clear concept in Maven how plugins can/should interact. But anyway, if you feel it's not worth the trouble anymore, you could also remove the Gradle Metadata publishing again. Just let me know, as Jackson is the main reason right now for me to further extend that Maven plugin. What I would do (if I hopefully find the time this weekend):
|
|
A solution where we can list dependencies to ignore in the gradle module might be an option. |
|
Yes I think I have to drop my "Gradle thinking" that I somehow would like this to work automatically. It's not really expected to do it like this in Maven (if I understand things correctly). And even if I would get it working for the shade combination there may be other plugins that cause such issues as well. I propose to add this: Then I would also extend the test so that if in the future another dependency is shaded and it is forgotten to adjust "both places", the test would catch that. Do you think that would work for you? |
|
Seems workable to me |
It now fails if the dependencies in Gradle Metadata differ from the dependencies in the corresponding POM. See: FasterXML/jackson-core#999
|
Done. I found another issue in the plugin (handling of optional dependencies) through the test. Fixed now and new version is released. I listed what needs to be done in the different repos in the integration test PR: FasterXML/jackson-integration-tests#19 |
|
I started preparing for fixes with FasterXML/jackson-bom#63 that upgrades GMM plugin version in parent pom. |
cowtowncoder
changed the title
jackson-core 2.15.0 adds dependency on ch.randelshofer:fastdoubleparser
It now fails if the dependencies in Gradle Metadata differ from the dependencies in the corresponding POM. See: FasterXML/jackson-core#999
) It now fails if the dependencies in Gradle Metadata differ from the dependencies in the corresponding POM. See: FasterXML/jackson-core#999
We have updated our Gradle build to use Jackson 2.15.0, but have noticed that
'ch.randelshofer:fastdoubleparser:0.8.0'has now been included as a transitive compile dependency. This appears to be due to:
being included in
jackson-core-2.15.0.module, which unfortunately is clobbering the contents of the POM.The text was updated successfully, but these errors were encountered: