SpotBugs 4.8.1 fails parsing filter files in Spring Boot projects with NoSuchMethodError: Range.of(Comparable, Comparable) #2686
Comments
|
The error seems to be due to using mismatched versions of I tried reproducing the problem in SpotBugs but it worked for me and the @hazendaz I wonder if the transitive dependencies might be different in the gradle plugin (it needs to be using |
|
4.8.1 works fine in other projects not using Spring Boot, like a Quarkus project |
|
On the SpotBugs project the dependency tree is: but in your reproducer it is: So commons-text is downgraded: org.apache.commons:commons-lang3:3.13.0 -> 3.12.0 My understanding is that (unlike Maven) Gradle resolves conflicts by picking the highest version but that's not the case here. In the meantime I think we should revert to using |
gtoison
added a commit
to gtoison/spotbugs
that referenced
this issue
Nov 8, 2023
Upgrading to 1.11.0 caused a version conflict on commons-lang3 which is:
- a direct dependency
- a transitive dependency of commons-text
- a transitive dependency of BCEL
On a Spring/Gradle project the later wins:
+--- org.apache.bcel:bcel:6.6.1
| \--- org.apache.commons:commons-lang3:3.12.0
Fixes spotbugs#2686
gtoison
added a commit
to gtoison/spotbugs
that referenced
this issue
Nov 8, 2023
Upgrading to 1.11.0 caused a version conflict on commons-lang3 which is:
- a direct dependency
- a transitive dependency of commons-text
- a transitive dependency of BCEL
On a Spring/Gradle project the later wins:
+--- org.apache.bcel:bcel:6.6.1
| \--- org.apache.commons:commons-lang3:3.12.0
Revert to commons-text:1.10.0 which is compatible with
commons-lang3:3.12.0
Fixes spotbugs#2686
|
Will look more closely tonight. I don't think reverting is necessary. Spring boot is always heavy handed on purpose. What's broke now naturally won't in weeks. These things happen and they generally say override it if an issue. What happens if the reproducer has commons Lang added directly? Does that not just solve it? I know that always works easily enough with maven. Not sure with gradle but this isn't first override concern need. Anyways will look more closely tonight and given spring boot complexities we probably should incorporate that into the gradle plugin tests to avoid any potential needs for consumer overrides.
Sent from my Verizon, Samsung Galaxy smartphone
Get Outlook for Android<https://aka.ms/AAb9ysg>
________________________________
From: Guillaume Toison ***@***.***>
Sent: Wednesday, November 8, 2023 8:44:07 AM
To: spotbugs/spotbugs ***@***.***>
Cc: Jeremy Landis ***@***.***>; Mention ***@***.***>
Subject: Re: [spotbugs/spotbugs] SpotBugs 4.8.1 fails parsing filter files in Spring Boot projects with NoSuchMethodError: Range.of(Comparable, Comparable) (Issue #2686)
On the SpotBugs project the dependency tree is:
gradlew -q :spotbugs:dependencies
runtimeClasspath - Runtime classpath of source set 'main'.
+--- org.ow2.asm:asm:9.6
+--- org.ow2.asm:asm-analysis:9.6
| \--- org.ow2.asm:asm-tree:9.6
| \--- org.ow2.asm:asm:9.6
+--- org.ow2.asm:asm-commons:9.6
| +--- org.ow2.asm:asm:9.6
| \--- org.ow2.asm:asm-tree:9.6 (*)
+--- org.ow2.asm:asm-tree:9.6 (*)
+--- org.ow2.asm:asm-util:9.6
| +--- org.ow2.asm:asm:9.6
| +--- org.ow2.asm:asm-tree:9.6 (*)
| \--- org.ow2.asm:asm-analysis:9.6 (*)
+--- org.apache.bcel:bcel:6.6.1
| \--- org.apache.commons:commons-lang3:3.12.0 -> 3.13.0
+--- com.github.stephenc.jcip:jcip-annotations:1.0-1
+--- org.dom4j:dom4j:2.1.4
+--- org.apache.commons:commons-lang3:3.13.0
+--- org.apache.commons:commons-text:1.11.0
| \--- org.apache.commons:commons-lang3:3.13.0
+--- org.slf4j:slf4j-api:2.0.9
+--- project :spotbugs-annotations
| +--- com.google.code.findbugs:jsr305:3.0.2
| \--- org.apache.logging.log4j:log4j-core:{strictly [2.17.1, 3[} -> 2.21.1 (c)
+--- com.google.code.gson:gson:2.10.1
+--- jaxen:jaxen:2.0.0
+--- net.sf.saxon:Saxon-HE:12.3
| \--- org.xmlresolver:xmlresolver:5.2.0
| +--- org.apache.httpcomponents.client5:httpclient5:5.1.3
| | +--- org.apache.httpcomponents.core5:httpcore5:5.1.3
| | +--- org.apache.httpcomponents.core5:httpcore5-h2:5.1.3
| | | \--- org.apache.httpcomponents.core5:httpcore5:5.1.3
| | +--- org.slf4j:slf4j-api:1.7.25 -> 2.0.9
| | \--- commons-codec:commons-codec:1.15
| \--- org.apache.httpcomponents.core5:httpcore5:5.1.3
+--- org.apache.logging.log4j:log4j-core:2.21.1
| \--- org.apache.logging.log4j:log4j-api:2.21.1
\--- org.apache.logging.log4j:log4j-core:{strictly [2.17.1, 3[} -> 2.21.1 (c)
but in your reproducer it is:
spotbugs - configuration for the SpotBugs engine
\--- com.github.spotbugs:spotbugs:4.8.1
+--- jaxen:jaxen:2.0.0
+--- net.sf.saxon:Saxon-HE:12.3
| \--- org.xmlresolver:xmlresolver:5.2.0
| +--- org.apache.httpcomponents.client5:httpclient5:5.1.3 -> 5.2.1
| | +--- org.apache.httpcomponents.core5:httpcore5:5.2 -> 5.2.3
| | +--- org.apache.httpcomponents.core5:httpcore5-h2:5.2 -> 5.2.3
| | | \--- org.apache.httpcomponents.core5:httpcore5:5.2.3
| | \--- org.slf4j:slf4j-api:1.7.36 -> 2.0.9
| \--- org.apache.httpcomponents.core5:httpcore5:5.1.3 -> 5.2.3
+--- org.apache.logging.log4j:log4j-core:2.21.1 -> 2.20.0
| \--- org.apache.logging.log4j:log4j-api:2.20.0
+--- org.ow2.asm:asm:9.6
+--- org.ow2.asm:asm-analysis:9.6
| \--- org.ow2.asm:asm-tree:9.6
| \--- org.ow2.asm:asm:9.6
+--- org.ow2.asm:asm-commons:9.6
| +--- org.ow2.asm:asm:9.6
| \--- org.ow2.asm:asm-tree:9.6 (*)
+--- org.ow2.asm:asm-tree:9.6 (*)
+--- org.ow2.asm:asm-util:9.6
| +--- org.ow2.asm:asm:9.6
| +--- org.ow2.asm:asm-tree:9.6 (*)
| \--- org.ow2.asm:asm-analysis:9.6 (*)
+--- org.apache.bcel:bcel:6.6.1
| \--- org.apache.commons:commons-lang3:3.12.0
+--- com.github.stephenc.jcip:jcip-annotations:1.0-1
+--- org.dom4j:dom4j:2.1.4
+--- org.apache.commons:commons-lang3:3.13.0 -> 3.12.0
+--- org.apache.commons:commons-text:1.11.0
| \--- org.apache.commons:commons-lang3:3.13.0 -> 3.12.0
+--- org.slf4j:slf4j-api:2.0.9
+--- com.github.spotbugs:spotbugs-annotations:4.8.1
| +--- com.google.code.findbugs:jsr305:3.0.2
| \--- org.apache.logging.log4j:log4j-core:{strictly [2.17.1, 3[} -> 2.20.0 (c)
+--- com.google.code.gson:gson:2.10.1
\--- org.apache.logging.log4j:log4j-core:{strictly [2.17.1, 3[} -> 2.20.0 (c)
So commons-text is downgraded: org.apache.commons:commons-lang3:3.13.0 -> 3.12.0
My understanding is that (unlike Maven) Gradle resolves conflicts by picking the highest version but that's not the case here.
Do you know if Spring might be altering the default version conflict resolution?
In the meantime I think we should revert to using commons-text:1.10.0
—
Reply to this email directly, view it on GitHub<#2686 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AAHODI2RIHPF6P4JVLKQKULYDOECPAVCNFSM6AAAAAA7CNVBSWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMBRHEYTSNJTGA>.
You are receiving this because you were mentioned.Message ID: ***@***.***>
|
|
I made a PR to revert right before seeing your message |
No worries. I didn't get time to look at this one tonight so I'll try again tomorrow night. I sort of expect we do another release by sometime next week. I opened a discussion on that. |
C-Otto
added a commit
to C-Otto/java-platform
that referenced
this issue
Nov 9, 2023
|
Any update on this? 🙏 |
hazendaz
pushed a commit
that referenced
this issue
Nov 27, 2023
Upgrading to 1.11.0 caused a version conflict on commons-lang3 which is:
- a direct dependency
- a transitive dependency of commons-text
- a transitive dependency of BCEL
On a Spring/Gradle project the later wins:
+--- org.apache.bcel:bcel:6.6.1
| \--- org.apache.commons:commons-lang3:3.12.0
Revert to commons-text:1.10.0 which is compatible with
commons-lang3:3.12.0
Fixes #2686
|
Since #2877 updates commons-text to 1.11.0, this issue resurfices on the current master, even with having bcel updated to 6.8.2 and commons-lang3 to 3.14.0. There is already an issue about the problem at commons-text's Jira board: https://issues.apache.org/jira/projects/TEXT/issues/TEXT-233 |
gtoison
added a commit
to gtoison/spotbugs
that referenced
this issue
Mar 7, 2024
Upgrading to 1.11.0 caused a version conflict on commons-lang3 which is:
- a direct dependency
- a transitive dependency of commons-text
- a transitive dependency of BCEL
On a Spring/Gradle project the later wins:
+--- org.apache.bcel:bcel:6.6.1
| \--- org.apache.commons:commons-lang3:3.12.0
Revert to commons-text:1.10.0 which is compatible with
commons-lang3:3.12.0
Fixes spotbugs#2686
hazendaz
pushed a commit
that referenced
this issue
Mar 8, 2024
Upgrading to 1.11.0 caused a version conflict on commons-lang3 which is:
- a direct dependency
- a transitive dependency of commons-text
- a transitive dependency of BCEL
On a Spring/Gradle project the later wins:
+--- org.apache.bcel:bcel:6.6.1
| \--- org.apache.commons:commons-lang3:3.12.0
Revert to commons-text:1.10.0 which is compatible with
commons-lang3:3.12.0
Fixes #2686
PatrikScully
pushed a commit
to PatrikScully/spotbugs
that referenced
this issue
Jun 14, 2024
Upgrading to 1.11.0 caused a version conflict on commons-lang3 which is:
- a direct dependency
- a transitive dependency of commons-text
- a transitive dependency of BCEL
On a Spring/Gradle project the later wins:
+--- org.apache.bcel:bcel:6.6.1
| \--- org.apache.commons:commons-lang3:3.12.0
Revert to commons-text:1.10.0 which is compatible with
commons-lang3:3.12.0
Fixes spotbugs#2686
1 task
|
Since #3202 got merged, I tried out the reproducer provided at this issue with the latest master. Unfortunately, I could reproduce the issue - or at least a really similar bug (the underlying issue is the same, the exception is a However, there are good news as well:
I can see the following possible solutions:
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
SpotBugs 4.8.1 fails to parse filter files in projects with Spring Boot which worked with SpotBugs 4.8.0.
Minimal reproducer: https://github.com/josephearl/spotbugs-spring-boot-filter-repro
Error:
Expected: SpotBugs 4.8.1 can parse filter files in projects with Spring Boot as 4.8.0 was able to
The text was updated successfully, but these errors were encountered: