Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove guava dependency #4

Open
trajano opened this issue Sep 24, 2015 · 4 comments
Open

Remove guava dependency #4

trajano opened this issue Sep 24, 2015 · 4 comments

Comments

@trajano
Copy link

trajano commented Sep 24, 2015

Though Guava can provide an easier API to do some common operations, there can be dependency convergence problems when different versions of Guava are used between different dependencies.

Guava also has the tendency to deprecate APIs between versions.

Primarily to avoid situations like this http://stackoverflow.com/questions/28368289/use-multiple-guava-versions-in-same-maven-project

@fge
Copy link
Owner

fge commented Sep 24, 2015

I have to agree with that.

Since my current job has led me to experience such problems, the two solutions would be to:

  • either get rid of Guava entirely,
  • or repackage it for this library.

Not sure where the library should go:

  • getting rid of Guava would mean recoding some parts of it for this package exclusively;
  • repackaging it would lead to a very large jar whereas it is rather slim at the moment...

@trajano
Copy link
Author

trajano commented Sep 24, 2015

I would go with the later. Something along the lines of using the maven-shade-plugin. Not because it's nicer, in fact it's way way uglier with the larger disk space. However, it is more pragmatic and we can slowly introduce pull requests to get rid of it as time passes by.

trajano added a commit to trajano/uri-template that referenced this issue Sep 29, 2015
@trajano
Copy link
Author

trajano commented Sep 29, 2015

Chose the first approach for my PR. Only copied the classes that are relevant and took out the "Guava" checks in the Guava code.

@jameskhedley
Copy link

Additionally, the current Guava level (16.0.1, see project.gradle) is vulnerable according to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10237.

Using Guava 26.0 breaks because the character definitions in CharMatcher have been removed (had been deprecated for a while).

google/guava@f1249c4#diff-27c92738a318c1015c6a15340c0f0d37

Guava 25.1 will work for the time being.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants