It was recently discovered another library is using one of the fastdouble shaded classes from jackson-core.
https://github.com/aws/event-ruler/blob/main/src/main/software/amazon/event/ruler/ByteMachine.java#L3 Since the relocated package is not included in the module-info, it seems pretty clear that there was no intention for downstream consumers to be able use this code. However, there is no way to prevent it when not using modules, and usage of shaded code is a common problem, which is often done by accident. Because of this and tendency to bloat application sizes, I generally find shading more trouble than its worth. However, it can be useful sometimes, and one approach is to randomize the package name of the relocated code in order to make consumption more obviously frowned upon as well as more difficult. Is there a specific reason for shading this dependency other than not wanting to expose a new dependency to consumers of jackson-core? If not, then might be easier or clearer to expose the dependency in the next release - 2.18. Thoughts? -- You received this message because you are subscribed to the Google Groups "jackson-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to jackson-user+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jackson-user/a1b10fe5-e283-4106-9c2a-eb63339e70f5n%40googlegroups.com.
