Uploaded image for project: 'Jackrabbit Oak'
  1. Jackrabbit Oak
  2. OAK-7182 Make it possible to update Guava
  3. OAK-9994

avoid leaking out transitive dependencies to Guava

    XMLWordPrintableJSON

Details

    • Technical task
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 1.46.0, 1.22.14
    • None
    • None

    Description

      With Guava being a compile-scope dependency, we currently leak out a dependency to Guava 15 to any user of Oak. In particular, downstream projects might use Guava without having explicitly declared a dependency, and will get a narrow version scope (that is, for now 15).

      If we change the scope to "provided", downstream users who do use Guava will have to declare their dependency explicitly.

      Like that:

         <build>
          <plugins>
            <plugin>
              <groupId>org.apache.felix</groupId>
              <artifactId>maven-bundle-plugin</artifactId>
              <configuration>
                <instructions>
                  <Import-Package>
                    com.google.common.*;version="[15.0,21)",
                    *
                  </Import-Package>
                </instructions>
              </configuration>
            </plugin>
          </plugins>
        </build>
      

      The current recommended version range can be found in oak/oak-parent.xml as "guava.osgi.import".

      When deploying Oak, make sure that a matching version of Guava is present in the class path (for instance, for now: https://mvnrepository.com/artifact/com.google.guava/guava/15.0)
       

       

      Attachments

        Issue Links

          Activity

            People

              reschke Julian Reschke
              reschke Julian Reschke
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: