New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Using the unexpected method, due to dependency conflicts on com.squareup.okhttp3:okhttp #12
Comments
Executing the following test case on com.squareup.okhttp3:okhttp:3.14.4 and 3.8.1 separately, the risky method <okhttp3.Handshake: toString()Ljava/lang/String;> will get different return values: @Test(timeout = 4000)
public void test01() throws Throwable {
TlsVersion tlsVersion0 = TlsVersion.TLS_1_1;
CipherSuite cipherSuite0 = CipherSuite.TLS_DH_anon_WITH_AES_128_CBC_SHA256;
LinkedList<Certificate> linkedList0 = new LinkedList<Certificate>();
Handshake handshake0 = Handshake.get(tlsVersion0, cipherSuite0, (List<Certificate>) linkedList0, (List<Certificate>) linkedList0);
Assert.assertEquals("Handshake{tlsVersion=TLS_1_1 cipherSuite=TLS_DH_anon_WITH_AES_128_CBC_SHA256 peerCertificates=[] localCertificates=[]}", handshake0.toString());
} Output results: [Handshake{tlsVersion=TLS_1_1 cipherSuite=TLS_DH_anon_WITH_AES_128_CBC_SHA256 peerCertificates=[] localCertificates=[]}] //On **com.squareup.okhttp3:okhttp:3.14.4**
[okhttp3.Handshake@75526d62] //On **com.squareup.okhttp3:okhttp:3.8.1** Variable b (defined in class com.qiniu.util.StringMap of library com.qiniu:qiniu-java-sdk:jar:7.2.29) is assigned by the return value of method <okhttp3.Handshake: toString()Ljava/lang/String;>. As such, b value would be changed when the client project references com.squareup.okhttp3:okhttp:3.8.1 (compared with the shadowed but expected version 3.14.4), which could affect program semantic behaviors. public String formString() {
final StringBuilder b = new StringBuilder();
forEach(new Consumer() {
private boolean notStart = false;
@Override
public void accept(String key, Object value) {
if (notStart) {
b.append("&");
}
try {
b.append(URLEncoder.encode(key, "UTF-8")).append('=')
.append(URLEncoder.encode(value.toString(), "UTF-8"));
} catch (UnsupportedEncodingException e) {
throw new AssertionError(e);
}
notStart = true;
}
});
return b.toString();
} |
@Jamling Could please help me check this issue? |
Because the SmartQQ is out of service since 2019.1.1, I have no plan to fix the issue, you can pull a request to fix it |
Fix the dependency conflict issue Jamling#12 by Solution2 Declare version com.squareup.okhttp3:okhttp:3.14.4 as a direct dependency.
Fix the dependency conflict issue #12 by Solution2 Declare version com.squareup.okhttp3:okhttp:3.14.4 as a direct dependency.
Issue description
Hi, in SmartIM/smartqq, there are mulptiple versions of library com.squareup.okhttp3:okhttp. However, according to Maven's dependency management strategy: "first declaration wins", only com.squareup.okhttp3:okhttp:3.8.1 can be loaded, and com.squareup.okhttp3:okhttp:3.14.4 will be shadowed.
In total, there are 11 conflicting API pairs between these two library version.
Your project expects to reference the method <okhttp3.Handshake: toString()Ljava/lang/String;> via com.qiniu:qiniu-java-sdk7.2.29, which is included in the shaded version com.squareup.okhttp3:okhttp:3.14.4 (original dependency path). However, this method is missing in the actual loaded versioncom.squareup.okhttp3:okhttp:3.8.1. Surprisingly, it will not cause NoSuchMethodError at rumtime.
By further analyzing, I found that the caller(com.qiniu:qiniu-java-sdk) would invoke the method java.lang.Object.toString() defined in okhttp3.Handshake's superclass , due to dynamic binding mechanism (actual dependency path).
However, methods java.lang.Object.toString() and <okhttp3.Handshake: toString()Ljava/lang/String;> have different implementations, which will lead to buggy behaviors-----
Code snippet of <okhttp3.Handshake: toString()Ljava/lang/String;> in com.squareup.okhttp3:okhttp:3.14.4 (shadowed but expected to invoke):
Code snippet of <toString()Ljava/lang/String;> in com.squareup.okhttp3:okhttp:3.8.1 (loaded version):
Actual dependency path:
The detailed informantion of the remaining 10 conflicting API pairs can be found in the following attachment.
11 conflicting API pairs in project smartqq.txt
Dependency tree--
[INFO] cn.ieclipse.smartim:smartqq:jar:0.0.1
[INFO] +- cn.ieclipse.smartim:core:jar:0.0.1:compile
[INFO] | +- (org.slf4j:slf4j-api:jar:1.7.25:compile - omitted for duplicate)
[INFO] | +- (ch.qos.logback:logback-classic:jar:1.2.3:compile - omitted for duplicate)
[INFO] | +- (com.squareup.okhttp3:okhttp:jar:3.8.1:compile - omitted for duplicate)
[INFO] | +- (com.google.code.gson:gson:jar:2.8.0:compile - omitted for duplicate)
[INFO] | - (com.github.jamling:JavaUtils:jar:933b1c6551:compile - omitted for duplicate)
[INFO] +- com.qiniu:qiniu-java-sdk:jar:7.2.29:compile
[INFO] | +- (com.squareup.okhttp3:okhttp:jar:3.14.4:runtime - omitted for conflict with 3.8.1)
[INFO] | - (com.google.code.gson:gson:jar:2.8.5:runtime - omitted for conflict with 2.8.0)
[INFO] +- org.slf4j:slf4j-api:jar:1.7.25:compile
[INFO] +- ch.qos.logback:logback-classic:jar:1.2.3:compile
[INFO] | +- ch.qos.logback:logback-core:jar:1.2.3:compile
[INFO] | - (org.slf4j:slf4j-api:jar:1.7.25:compile - omitted for duplicate)
[INFO] +- com.squareup.okhttp3:okhttp:jar:3.8.1:compile
[INFO] | - com.squareup.okio:okio:jar:1.13.0:compile
[INFO] +- junit:junit:jar:4.12:test
[INFO] | - org.hamcrest:hamcrest-core:jar:1.3:test
[INFO] +- com.google.code.gson:gson:jar:2.8.0:compile
[INFO] - com.github.jamling:JavaUtils:jar:933b1c6551:compile
[INFO] +- com.github.jamling.JavaUtils:core:jar:933b1c6551:compile
[INFO] | - (org.slf4j:slf4j-api:jar:1.7.21:runtime - omitted for conflict with 1.7.25)
[INFO] +- com.github.jamling.JavaUtils:jee:jar:933b1c6551:compile
[INFO] | +- (org.slf4j:slf4j-api:jar:1.7.21:runtime - omitted for conflict with 1.7.25)
[INFO] | +- javax.servlet:javax.servlet-api:jar:3.1.0:runtime
[INFO] | - (com.github.jamling.JavaUtils:core:jar:933b1c6551:runtime - omitted for duplicate)
[INFO] +- com.github.jamling.JavaUtils:playground:jar:933b1c6551:compile
[INFO] | - (org.slf4j:slf4j-api:jar:1.7.21:runtime - omitted for conflict with 1.7.25)
[INFO] - com.github.jamling.JavaUtils:swing:jar:933b1c6551:compile
[INFO] - (org.slf4j:slf4j-api:jar:1.7.21:runtime - omitted for conflict with 1.7.25)
Suggested solutions:
Solution1: Remove the dependency com.squareup.okhttp3:okhttp:3.8.1.
Solution2: Declare version com.squareup.okhttp3:okhttp:3.14.4 as a direct dependency.
Thanks.
Best regards,
Coco
The text was updated successfully, but these errors were encountered: