[
https://issues.apache.org/jira/browse/OAK-9994?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Julian Reschke updated OAK-9994:
--------------------------------
Description:
With Guava being a compile-scope dependency, we currently leak out a dependency
to Guava 15 to any user of Oak. In particular, downstream projects might use
Guava without having explicitly declared a dependency, and will get a narrow
version scope (that is, for now 15).
If we change the scope to "provided", downstream users who do use Guava will
have to declare their dependency explicitly.
Like that:
{noformat}
<build>
<plugins>
<plugin>
<groupId>org.apache.felix</groupId>
<artifactId>maven-bundle-plugin</artifactId>
<configuration>
<instructions>
<Import-Package>
com.google.common.*;version="[15.0,21)",
*
</Import-Package>
</instructions>
</configuration>
</plugin>
</plugins>
</build>
{noformat}
The current recommended version range can be found in oak/oak-parent.xml as
"guava.osgi.import".
When *deploying* Oak, make sure that a matching version of Guava is present in
the class path (for instance, for now:
https://mvnrepository.com/artifact/com.google.guava/guava/15.0)
was:
With Guava being a compile-scope dependency, we currently leak out a dependency
to Guava 15 to any user of Oak. In particular, downstream projects might use
Guava without having explicitly declared a dependency, and will get a narrow
version scope (that is, for now 15).
If we change the scope to "provided", downstream users who do use Guava will
have to declare their dependency explicitly.
Like that:
{noformat}
<build>
<plugins>
<plugin>
<groupId>org.apache.felix</groupId>
<artifactId>maven-bundle-plugin</artifactId>
<configuration>
<instructions>
<Import-Package>
com.google.common.*;version="[15.0,21)",
*
</Import-Package>
</instructions>
</configuration>
</plugin>
</plugins>
</build>
{noformat}
The current recommended version range can be found in oak/oak-parent.xml as
"guava.osgi.import".
> avoid leaking out transitive dependencies to Guava
> --------------------------------------------------
>
> Key: OAK-9994
> URL: https://issues.apache.org/jira/browse/OAK-9994
> Project: Jackrabbit Oak
> Issue Type: Technical task
> Reporter: Julian Reschke
> Assignee: Julian Reschke
> Priority: Major
> Fix For: 1.46.0, 1.22.14
>
>
> With Guava being a compile-scope dependency, we currently leak out a
> dependency to Guava 15 to any user of Oak. In particular, downstream projects
> might use Guava without having explicitly declared a dependency, and will get
> a narrow version scope (that is, for now 15).
> If we change the scope to "provided", downstream users who do use Guava will
> have to declare their dependency explicitly.
> Like that:
> {noformat}
> <build>
> <plugins>
> <plugin>
> <groupId>org.apache.felix</groupId>
> <artifactId>maven-bundle-plugin</artifactId>
> <configuration>
> <instructions>
> <Import-Package>
> com.google.common.*;version="[15.0,21)",
> *
> </Import-Package>
> </instructions>
> </configuration>
> </plugin>
> </plugins>
> </build>
> {noformat}
> The current recommended version range can be found in oak/oak-parent.xml as
> "guava.osgi.import".
> When *deploying* Oak, make sure that a matching version of Guava is present
> in the class path (for instance, for now:
> https://mvnrepository.com/artifact/com.google.guava/guava/15.0)
>
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
