[
https://issues.apache.org/jira/browse/IGNITE-7799?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
PandaMonkey updated IGNITE-7799:
--------------------------------
Description:
Hi, by analyzing ignite-master\modules\aws\pom.xml, I found that there are two
versions of *org.apache.httpcomponents:httpclient*. Their introduced path is:
#
org.apache.ignite:ignite-aws:2.5.0-SNAPSHOT::null->com.amazonaws:aws-java-sdk-core:1.11.75::compile->org.apache.httpcomponents:httpclient:4.5.2::compile
#
org.apache.ignite:ignite-aws:2.5.0-SNAPSHOT::null->org.apache.httpcomponents:httpclient:4.5.1::compile
Of them, httpclient:4.5.2 is the transitive dependency, and httpclient:4.5.1 is
the direct dependency. By further analyzing the source code, we found they have
different features.
Maven provides the version arbitration mechanism-----"nearest wins strategy",
and then your project will explicitly use the older version: httpclient:4.5.1.
However, Maven doesn't know which version is actual required by your project.
If ignite depends on the methods of com.amazonaws:aws-java-sdk-core, at the
same time, those invoked methods need the features definded in
httpclient:4.5.2. It would be nice to keep the consistency of library version.
It is a minor issue, which will not lead to runtime errors at present stage,
however, it may be a potencial risk in long-term maintainance. For the project
long-term health, it would be nice to keep the consistency of library version,
then the potencial dependency conflict risks can be also elimited.
The dependency conflict problem brings high risks of "*NotClassDefFoundError:*"
or "*NoSuchMethodError*" issues at runtime. Please notice this problem. *The
solution is upgrading httpclient from 4.5.1 to 4.5.2.*
===============projectPath->org.apache.ignite:ignite-aws:2.5.0-SNAPSHOT@D:\ws\snapshot\ignite-master\modules\aws\pom.xml
=======conflict:<org.apache.httpcomponents:httpclient:4.5.2::compile><org.apache.httpcomponents:httpclient:4.5.1::compile>
size:2
org.apache.ignite:ignite-aws:2.5.0-SNAPSHOT::null->com.amazonaws:aws-java-sdk-core:1.11.75::compile->org.apache.httpcomponents:httpclient:4.5.2::compile
org.apache.ignite:ignite-aws:2.5.0-SNAPSHOT::null->org.apache.httpcomponents:httpclient:4.5.1::compile
*====Risk for ClassNotFoundException/NotClassDefFoundError:*
a) Classes that only exist in org.apache.httpcomponents:httpclient:4.5.1:
org.apache.http.client.utils.DateUtils$DateFormatHolder$1
b) Classes that only exist in org.apache.httpcomponents:httpclient:4.5.2:
org.apache.http.conn.ssl.DefaultHostnameVerifier$TYPE
org.apache.http.impl.client.DefaultClientConnectionReuseStrategy
org.apache.http.conn.ssl.DefaultHostnameVerifier$1
*====Risk for NoSuchMethodException/NoSuchMethodError:*
Methods that only exist in org.apache.httpcomponents:httpclient:4.5.2:
<org.apache.http.impl.cookie.PublicSuffixDomainFilter: java.util.Map
createLocalDomainMap()>
<org.apache.http.impl.cookie.IgnoreSpec: boolean
match(org.apache.http.cookie.Cookie,org.apache.http.cookie.CookieOrigin)>
<org.apache.http.impl.client.HttpClientBuilder:
org.apache.http.impl.client.HttpClientBuilder
setDnsResolver(org.apache.http.conn.DnsResolver)>
was:
Hi, by analyzing ignite-master\modules\aws\pom.xml, I found that there are two
versions of *org.apache.httpcomponents:httpclient*. Their introduced path is:
#
org.apache.ignite:ignite-aws:2.5.0-SNAPSHOT::null->com.amazonaws:aws-java-sdk-core:1.11.75::compile->org.apache.httpcomponents:httpclient:4.5.2::compile
#
org.apache.ignite:ignite-aws:2.5.0-SNAPSHOT::null->org.apache.httpcomponents:httpclient:4.5.1::compile
Of them, httpclient:4.5.2 is the transitive dependency, and httpclient:4.5.1 is
the direct dependency. By further analyzing the source code, we found they have
different features.
Maven provides the version arbitration mechanism-----"nearest wins strategy",
and then your project will explicitly use the older version: httpclient:4.5.1.
However, Maven doesn't know which version is actual required by your project.
If ignite depends on the methods of com.amazonaws:aws-java-sdk-core, at the
same time, those invoked methods need the features definded in
httpclient:4.5.2. The dependency conflict problem will appear. For the project
long-term health, it would be nice to keep the consistency of library version,
then the dependency conflict risks can be also elimited.
The dependency conflict problem brings high risks of "*NotClassDefFoundError:*"
or "*NoSuchMethodError*" issues at runtime. Please notice this problem. *The
solution is upgrading httpclient from 4.5.1 to 4.5.2.*
===============projectPath->org.apache.ignite:ignite-aws:2.5.0-SNAPSHOT@D:\ws\snapshot\ignite-master\modules\aws\pom.xml
=======conflict:<org.apache.httpcomponents:httpclient:4.5.2::compile><org.apache.httpcomponents:httpclient:4.5.1::compile>
size:2
org.apache.ignite:ignite-aws:2.5.0-SNAPSHOT::null->com.amazonaws:aws-java-sdk-core:1.11.75::compile->org.apache.httpcomponents:httpclient:4.5.2::compile
org.apache.ignite:ignite-aws:2.5.0-SNAPSHOT::null->org.apache.httpcomponents:httpclient:4.5.1::compile
*====Risk for ClassNotFoundException/NotClassDefFoundError:*
a) Classes that only exist in org.apache.httpcomponents:httpclient:4.5.1:
org.apache.http.client.utils.DateUtils$DateFormatHolder$1
b) Classes that only exist in org.apache.httpcomponents:httpclient:4.5.2:
org.apache.http.conn.ssl.DefaultHostnameVerifier$TYPE
org.apache.http.impl.client.DefaultClientConnectionReuseStrategy
org.apache.http.conn.ssl.DefaultHostnameVerifier$1
*====Risk for NoSuchMethodException/NoSuchMethodError:*
Methods that only exist in org.apache.httpcomponents:httpclient:4.5.2:
<org.apache.http.impl.cookie.PublicSuffixDomainFilter: java.util.Map
createLocalDomainMap()>
<org.apache.http.impl.cookie.IgnoreSpec: boolean
match(org.apache.http.cookie.Cookie,org.apache.http.cookie.CookieOrigin)>
<org.apache.http.impl.client.HttpClientBuilder:
org.apache.http.impl.client.HttpClientBuilder
setDnsResolver(org.apache.http.conn.DnsResolver)>
> Dependency Conflict : Conlicting JARs org.apache.httpcomponents:httpclient
> --------------------------------------------------------------------------
>
> Key: IGNITE-7799
> URL: https://issues.apache.org/jira/browse/IGNITE-7799
> Project: Ignite
> Issue Type: Bug
> Components: aws
> Affects Versions: 2.5
> Reporter: PandaMonkey
> Priority: Minor
> Fix For: 3.0
>
>
> Hi, by analyzing ignite-master\modules\aws\pom.xml, I found that there are
> two versions of *org.apache.httpcomponents:httpclient*. Their introduced path
> is:
> #
> org.apache.ignite:ignite-aws:2.5.0-SNAPSHOT::null->com.amazonaws:aws-java-sdk-core:1.11.75::compile->org.apache.httpcomponents:httpclient:4.5.2::compile
> #
> org.apache.ignite:ignite-aws:2.5.0-SNAPSHOT::null->org.apache.httpcomponents:httpclient:4.5.1::compile
> Of them, httpclient:4.5.2 is the transitive dependency, and httpclient:4.5.1
> is the direct dependency. By further analyzing the source code, we found they
> have different features.
> Maven provides the version arbitration mechanism-----"nearest wins strategy",
> and then your project will explicitly use the older version:
> httpclient:4.5.1. However, Maven doesn't know which version is actual
> required by your project.
> If ignite depends on the methods of com.amazonaws:aws-java-sdk-core, at the
> same time, those invoked methods need the features definded in
> httpclient:4.5.2. It would be nice to keep the consistency of library
> version. It is a minor issue, which will not lead to runtime errors at
> present stage, however, it may be a potencial risk in long-term maintainance.
> For the project long-term health, it would be nice to keep the consistency of
> library version, then the potencial dependency conflict risks can be also
> elimited.
> The dependency conflict problem brings high risks of
> "*NotClassDefFoundError:*" or "*NoSuchMethodError*" issues at runtime. Please
> notice this problem. *The solution is upgrading httpclient from 4.5.1 to
> 4.5.2.*
>
> ===============projectPath->org.apache.ignite:ignite-aws:2.5.0-SNAPSHOT@D:\ws\snapshot\ignite-master\modules\aws\pom.xml
>
> =======conflict:<org.apache.httpcomponents:httpclient:4.5.2::compile><org.apache.httpcomponents:httpclient:4.5.1::compile>
> size:2
>
> org.apache.ignite:ignite-aws:2.5.0-SNAPSHOT::null->com.amazonaws:aws-java-sdk-core:1.11.75::compile->org.apache.httpcomponents:httpclient:4.5.2::compile
>
> org.apache.ignite:ignite-aws:2.5.0-SNAPSHOT::null->org.apache.httpcomponents:httpclient:4.5.1::compile
> *====Risk for ClassNotFoundException/NotClassDefFoundError:*
> a) Classes that only exist in org.apache.httpcomponents:httpclient:4.5.1:
> org.apache.http.client.utils.DateUtils$DateFormatHolder$1
> b) Classes that only exist in org.apache.httpcomponents:httpclient:4.5.2:
> org.apache.http.conn.ssl.DefaultHostnameVerifier$TYPE
> org.apache.http.impl.client.DefaultClientConnectionReuseStrategy
> org.apache.http.conn.ssl.DefaultHostnameVerifier$1
> *====Risk for NoSuchMethodException/NoSuchMethodError:*
> Methods that only exist in org.apache.httpcomponents:httpclient:4.5.2:
> <org.apache.http.impl.cookie.PublicSuffixDomainFilter: java.util.Map
> createLocalDomainMap()>
> <org.apache.http.impl.cookie.IgnoreSpec: boolean
> match(org.apache.http.cookie.Cookie,org.apache.http.cookie.CookieOrigin)>
> <org.apache.http.impl.client.HttpClientBuilder:
> org.apache.http.impl.client.HttpClientBuilder
> setDnsResolver(org.apache.http.conn.DnsResolver)>
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
