Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dependency convergence error #76

Open
lukehutch opened this issue Jan 2, 2025 · 6 comments
Open

Dependency convergence error #76

lukehutch opened this issue Jan 2, 2025 · 6 comments

Comments

@lukehutch
Copy link

maven-enforcer-plugin gives these errors with openai-java 0.8.0:

[ERROR] Rule 0: org.apache.maven.enforcer.rules.dependency.DependencyConvergence failed with message:
[ERROR] Failed while enforcing releasability.
[ERROR] 
[ERROR] Dependency convergence error for org.jetbrains.kotlin:kotlin-stdlib-jdk8:jar:1.9.10 paths to dependency are:
[ERROR] +-com.mycompany.myproject:my-project:jar:1.0.0
[ERROR]   +-com.openai:openai-java:jar:0.8.0:compile
[ERROR]     +-com.openai:openai-java-client-okhttp:jar:0.8.0:compile
[ERROR]       +-com.squareup.okhttp3:okhttp:jar:4.12.0:runtime
[ERROR]         +-com.squareup.okio:okio:jar:3.6.0:runtime
[ERROR]           +-com.squareup.okio:okio-jvm:jar:3.6.0:runtime
[ERROR]             +-org.jetbrains.kotlin:kotlin-stdlib-jdk8:jar:1.9.10:runtime
[ERROR] and
[ERROR] +-com.mycompany.myproject:my-project:jar:1.0.0
[ERROR]   +-com.openai:openai-java:jar:0.8.0:compile
[ERROR]     +-com.openai:openai-java-client-okhttp:jar:0.8.0:compile
[ERROR]       +-com.squareup.okhttp3:okhttp:jar:4.12.0:runtime
[ERROR]         +-org.jetbrains.kotlin:kotlin-stdlib-jdk8:jar:1.8.21:runtime
[ERROR] and
[ERROR] +-com.mycompany.myproject:my-project:jar:1.0.0
[ERROR]   +-com.openai:openai-java:jar:0.8.0:compile
[ERROR]     +-com.openai:openai-java-client-okhttp:jar:0.8.0:compile
[ERROR]       +-com.squareup.okhttp3:logging-interceptor:jar:4.12.0:runtime
[ERROR]         +-org.jetbrains.kotlin:kotlin-stdlib-jdk8:jar:1.8.21:runtime

and

[ERROR] Dependency convergence error for org.jetbrains.kotlin:kotlin-stdlib:jar:1.9.23 paths to dependency are:
[ERROR] +-com.mycompany.myproject:my-project:jar:1.0.0
[ERROR]   +-com.openai:openai-java:jar:0.8.0:compile
[ERROR]     +-com.openai:openai-java-client-okhttp:jar:0.8.0:compile
[ERROR]       +-com.openai:openai-java-core:jar:0.8.0:compile
[ERROR]         +-org.jetbrains.kotlin:kotlin-stdlib:jar:1.9.23:compile
[ERROR] and
[ERROR] +-com.mycompany.myproject:my-project:jar:1.0.0
[ERROR]   +-com.openai:openai-java:jar:0.8.0:compile
[ERROR]     +-com.openai:openai-java-client-okhttp:jar:0.8.0:compile
[ERROR]       +-com.openai:openai-java-core:jar:0.8.0:compile
[ERROR]         +-com.fasterxml.jackson.module:jackson-module-kotlin:jar:2.18.1:runtime
[ERROR]           +-org.jetbrains.kotlin:kotlin-reflect:jar:1.8.10:runtime
[ERROR]             +-org.jetbrains.kotlin:kotlin-stdlib:jar:1.8.10:runtime
[ERROR] and
[ERROR] +-com.mycompany.myproject:my-project:jar:1.0.0
[ERROR]   +-com.openai:openai-java:jar:0.8.0:compile
[ERROR]     +-com.openai:openai-java-client-okhttp:jar:0.8.0:compile
[ERROR]       +-org.jetbrains.kotlin:kotlin-stdlib:jar:1.9.23:compile
[ERROR] and
[ERROR] +-com.mycompany.myproject:my-project:jar:1.0.0
[ERROR]   +-com.openai:openai-java:jar:0.8.0:compile
[ERROR]     +-org.jetbrains.kotlin:kotlin-stdlib:jar:1.9.23:compile
@TomerAberbach
Copy link
Collaborator

Is this actually causing you issues? We're using Gradle and its default behavior is to choose the highest version of a dependency if there are multiple versions in use transitively

@lukehutch
Copy link
Author

If I disable maven-enforcer-plugin then it goes away. Maybe the defaults of that plugin are to require only one version of each transitive dep, I don't know. I am just reporting it in case it signals the need for a dep upgrade in the OpenAI library.

@TomerAberbach
Copy link
Collaborator

What was the reason for using maven-enforcer-plugin? i.e. What was it helping you with/what were your concerns?

@lukehutch
Copy link
Author

It came as part of a Maven template project that I was using. I don't need to enforce anything currently. However, I have it enabled in a separate widely-used open source project that I maintain, and it has been able to catch a lot of issues in the past, so it is conceivable this plugin will be put to work in my new project soon. For now, I just disabled it.

@TomerAberbach
Copy link
Collaborator

Thanks for the info! Can you elaborate on "it has been able to catch a lot of issues in the past"? Did it help you find bugs? Outdated dependencies? etc.

Just trying to understand the benefit of prioritizing and looking into this :)

@lukehutch
Copy link
Author

Mostly I have used maven-enforcer-plugin together with animal-sniffer-enforcer-rule, to enforce API compatibility, when compiling jarfiles to be compatible with an earlier JRE than the JDK that was used to compile them (e.g. in Java 7/8 compat mode).

The craziest thing this was able to catch was when some methods in the Java API changed in a non-backwards-compatible way, to return ByteBuffer rather than Buffer. Without casting the result to Buffer, you would get a runtime exception that was not able to be predicted by javac at compiletime:

classgraph/classgraph#284
classgraph/classgraph#403

But maven-enforcer-plugin also comes with built-in checks, which is what was causing the OpenAI transitive dep graph to fail:

https://medium.com/@gualtierotesta/the-maven-enforcer-plugin-e45d68c0fa80

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lukehutch @TomerAberbach