-
Notifications
You must be signed in to change notification settings - Fork 17
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove guava dependency #4
Comments
I have to agree with that. Since my current job has led me to experience such problems, the two solutions would be to:
Not sure where the library should go:
|
I would go with the later. Something along the lines of using the maven-shade-plugin. Not because it's nicer, in fact it's way way uglier with the larger disk space. However, it is more pragmatic and we can slowly introduce pull requests to get rid of it as time passes by. |
Chose the first approach for my PR. Only copied the classes that are relevant and took out the "Guava" checks in the Guava code. |
Additionally, the current Guava level (16.0.1, see project.gradle) is vulnerable according to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10237. Using Guava 26.0 breaks because the character definitions in CharMatcher have been removed (had been deprecated for a while). google/guava@f1249c4#diff-27c92738a318c1015c6a15340c0f0d37 Guava 25.1 will work for the time being. |
Though Guava can provide an easier API to do some common operations, there can be dependency convergence problems when different versions of Guava are used between different dependencies.
Guava also has the tendency to deprecate APIs between versions.
Primarily to avoid situations like this http://stackoverflow.com/questions/28368289/use-multiple-guava-versions-in-same-maven-project
The text was updated successfully, but these errors were encountered: