Detected package version outside of dependency constraint: Microsoft.NET.Sdk.Functions 1.0.13 requires Newtonsoft.Json (= 9.0.1) but version Newtonsoft.Json
10.0.1 was resolved.
I am in need of updating Newtonsoft.Json (>10.0.1 but am unable to as Microsoft.NET.Sdk.Functions 1.0.13 requires Newtonsoft.Json (= 9.0.1). Can someone help me on this ?
Related
As per microservices implementation using spring boot application and using maven we are using dependency for spring-cloud-starter-vault-config.
I understand as per the current status spring-cloud-starter-vault-config is having a compile time dependency with spring-vault-core which in turn is having a dependency with jackson-databind
The issue happening is jackson-databind is having a dependency with jackson-core which is having the vulnerbility issue, As of now there is no published non-vulnerable
version available for jackson-core. Due to this reason we are unable to use the spring-cloud-starter-vault-config which finally having a dependency with jackson-core.
The logical dependency in short is as,
spring-cloud-starter-vault-config --> spring-vault-core --> jackson-databind --> jackson-core (having vulnerability)
Can you please guide how can we can use the spring-cloud-starter-vault-config library without any vulnerable dependency with jackson-core
I am expecting to use the spring-cloud-starter-vault-config library which is not compile time dependency with jackson-core
I have also tried the suggestion of making spring.http.converters.preferred-json-mapper=gson
as mentioned in
Is the Spring framework vulnerable because of Jackson dependency
still the issue persists, request to guide further on the same.
ie, by excluding jackson-core dependency from spring-cloud-starter-vault-config library it is not working.
I'm trying to use javaparser plugin of JQAssistant using command line. I have done the following:
Copied "jqassistant.plugin.javaparser-1.8.0.jar" to "plugin" folder.
I also noticed plugin has runtime dependency to "com.github.javaparser:javaparser-core:3.6.25". So I copied "javaparser-core-3.6.25.jar" to plugin folder too.
But when I try to scan a Java file I get the following error:
"ANTLR Tool version 4.9.2 used for code generation does not match the current runtime version 4.7.2"
The ANTLR version bundled with JQAssistant is 4.9.2 but plugin is expecting older version 4.7.2.
Has anyone been able to use javaparser plugin?
Some plugins (not only javaparser) indeed depend on JARs bundled with jQAssistant. Sometimes there are version conflicts, that's why it can only be guaranteed that Kontext E plugins with a certain version (let's say 1.8.x) are compatible with jQAssistant with the same major and minor version (so jQA 1.8 in this case). If you use javaparser 1.8.0 with jQAssistant 1.8.0 (which comes with org.antlr-antlr4-runtime-4.7.2), it works.
I'm trying to understand the version relationship between package.json dependencies and build.gradle dependencies. For example, I have the following dependency configured in package.json:
"firebase-auth": "^0.1.2"
I have the corresponding dependency configured in my build.gradle:
implementation "com.google.firebase:firebase-auth:19.1.0"
I think I had originally installed the firebase-auth package and encountered an error which led me down a path where I googled and determined that the build.gradle dependency above was required. Based on some more googling, I got lucky with the version 19.1.0 but I really don't know how version dependencies between package.json packages and build.gradle dependency references are correlated. Can someone here provide some insight on this?
The difference between package.json and gradle is the difference between storage.
package.json is literally a file for js, and the gradle is like a repository made to protect Maven's shortcomings and Ant's.
The relationship between the two is defined when making a module through npm, build.gradle has content related to building libraries (such as SDK version), you can find the version here.
The version listed in package.json is modified each time an update is made on the github, and depending on the module in the dependency, the link will install the corresponding android and iOS modules for the version of dependencies.
In intellij idea 16 EAP 144.3357.4 I have a pure Kotlin cmd project currently refusing to run with this error:
The binary version of its metadata is 1.0.1, expected version is 1.1.0
The project runs on the command-line - I invalidated caches and restarted Idea - nothing helped. Anyone had the same problem and found a way to get it working?
The problem seems to be mismatch between the kotlin library used in your project and the version of the plugin are not compatible.
Check the Kotlin plugin version and you'll most likely see something similar to:
Version: 1.0.0-rc-1007-IJ143-11
Then check the version of the Kotlin libraries by looking into META-INF/build.txt or META-INF/MANIFEST.MF and it'll most likely be other version like 1.0.0-beta-4589.
To resolve the problem update Kotlin libraries to version 1.0.0-rc-1007 which can be found in this maven repository: https://dl.bintray.com/kotlin/kotlin-eap.
Kotlin compiler marks each .class with #kotlin.Metadata to indicate, among others:
The version of the bytecode interface (naming conventions, signatures) of the class file annotated with this annotation.
That is how the compiler detected incompatibilities.
I recently installed FluentAutomation with selenium 2.32.1.0 from nuget. However, When I try to open a page using the I.Open("http://") method I get the following exception: Could not load file or assembly 'WebDriver, Version=2.25.1.0, Culture=neutral, PublicKeyToken=1c2bd1631853048f'
The FluentAutomation version in nuget says that it depends on Selenium.Support (≥ 2.25.1) which lead me to believe I could install 2.32.1.0. Does this mean that the FluentAutomation nuget package was built with a hard dependency on Selenium.Support 2.25 and I have to roll back my selenium components?
The issue here is the version of ChromeDriver.exe we package. The hard dependency is there. If you download the latest ChromeDriver.exe from Selenium and add it to your project (make sure it gets copied to the /bin directory), Fluent won't unpackage its own older copy and the mismatch problem should go away.
We are working on making this more transparent to the user and pulling latest into the project on setup, rather than packaging it into our DLLs.
(Author of FluentAutomation)