New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use newer org.apache.commons.codec #1554
Comments
That's what's being used in the release repository: There is quite a bit of garbage so I don't think the file you mention is even used. But there are two of those bundles that embed the jar which seems like an abomination! I think that should be cleaned up... |
I opened this because I had a conflict with https://mvnrepository.com/artifact/org.opensaml/opensaml-core/4.1.1 which uses commons-codec 1.15. I removed the following folder from the JAR manually and it fixed the issue. I cannot currently be yet sure which exact version ends up in the inside the runtime JAR, but if I had to guess, I would guess it is commons-codec-1.3. |
The timestamps are quite old. In any case you are looking at the 4.13 release but there is a 4.14 release: https://download.eclipse.org/birt/updates/release/4.14.0/ But that looks not much different: The build does so many inexplicable things with various ant scripts and maven magic. Some hunting will be required. (But then again, no one funds such work, so self-serve would be the better option.) |
I can personally try to update the version for Birt, but while I think shading the dependency would better, the build seems so unorthodox and complicated, I might not know how to shade it. |
The build is horrible. I think maybe that thing is created by this monstrosity: https://github.com/eclipse-birt/birt/blob/master/build/birt-packages/birt-runtime/build.xml As launched by this: birt/build/birt-packages/birt-runtime/pom.xml Lines 54 to 89 in f32bef1
That thing tells me next to nothing about where the classes we see in the jar actually come from. Detective work is required... 😱 |
I guess since the JAR is available at https://download.eclipse.org/birt/updates/release/4.14.0/plugins/org.apache.commons.commons-codec_1.16.0.jar it must be inside the runtime JAR accidentally. Need to investigate a bit, why that happens. It also contains some other 3rd party classes as well. |
For some reason BIRT bundles commons-codec inside it and uses such an old version it causes issue with other libraries trying to use a newer version.
https://github.com/eclipse-birt/birt/blob/f32bef1d44ecccc4f22aeb682ba35b9cafb84ea4/build/org.eclipse.birt.build/externalRepo.properties#L27C83-L27C107
BIRT could use 1.16.0 for example https://mvnrepository.com/artifact/commons-codec/commons-codec
Alternatively, try not to use commons-codec at all, or if necessary use https://maven.apache.org/plugins/maven-shade-plugin/ to shade the classes there to avoid conflicts with other libraries that try to use newer versions.
The text was updated successfully, but these errors were encountered: