Wrong version of commons-fileupload dependency in pom.xml of org.eclipse.rap.fileupload

[bwolff]

This seems to be a regression of #41 and #45. This issue affects the artefact and pom.xml file deployed to Maven Central. It possibly affects other Maven build setups as well, in which the pom.xml information is used to pull in the dependencies.

( I'm repeating my comment from here: #41 (comment) )

I run into a Maven dependency resolution issue related to the version bump of commons-fileupload to 1.4.0 in my project. The resulting POM dependency entry of org.apache.commons.fileupload looks like this:

<dependency>
  <groupId>commons-fileupload</groupId>
  <artifactId>commons-fileupload</artifactId>
  <version>1.4.0</version>
</dependency>

It refers to version 1.4.0, but the actual version of the commons-fileupload artefact is 1.4. See: https://search.maven.org/artifact/commons-fileupload/commons-fileupload/1.4/jar

Maven treats versions 1.4 and 1.4.0 differently and fails to resolve the correct dependency from Maven central. The workaround is to enforce the version of the transitive commons-fileupload dependency to 1.4 (e.g. by using a strict dependency constraint).

I'm not sure how the pom.xml is generated, but it probably takes the information from the bundle dependencies, which afaik requires the use of the 3 part semvers. So there might be a version incompatibility between the bundle and Maven dependency worlds.

NB: I should mention that I'm experiencing this problem in a Gradle build and haven't tested it with a Maven build. However, since the version in the pom does not correspond to the artefact version in Maven central, other Maven builds might run into this issue as well.

[mknauer]

Would it be possible for you to add another Maven repository source for testing?

I created a temporary fix in

https://oss.sonatype.org/content/repositories/orgeclipserap-1091/

that I would push to Maven Central after a confirmation that it solves your problem as a workaround.

The basic idea is to redeploy the two jar files org.eclipse.rap.fileupload and org.eclipse.rap.filedialog (because it depends on the first one) with a new Maven version number 3.22.1 and fix the dependency there to the correct commons-fileupload version 1.4. Please note that the jar files are binary identical to their older counterparts, only the dependency in Maven has changed.

With the current publishing procedure the Maven dependency information is maintained separately from the bundle dependencies as defined in the MANIFEST.MF which kind of explains why this error happened.

For the next RAP release 3.23 we can see if we can either find a better way of publishing the bundles, or at least fixing the problem in our pom.xml.

[bwolff]

Thanks a lot for taking care of this, @mknauer .

I tested the version in the tmp Maven repo and can confirm that this fixes the issue, no need for the workaround of pinning the commons-fileupload version anymore.

Checking the MANIFEST.MF of commons-fileupload shows that the Bundle-Version is 1.4.0, but is otherwise specified as 1.4 in the Maven world. So resolving this dependency from a target platform probably works without problems, but not when resolving it via Maven. This mismatch is unfortunate and probably a legacy versioning issue on the commons-fileupload dep, but we can't change that.

I would recommend to fix it in the RAP pom.xml for 3.23 and call it a "known-issue" for 3.22 to be done with it ;).

Let me know if I can provide any further help.

Cheers,
Ben

[mknauer]

Thank you very much for your fast response and confirmation.
I clicked the "release" button of the staging repo, the updated content should appear in Maven Central soon.

Closing this bug as fixed.