We're using Maven at work at quite regularly we get the error message "The artifact has no valid ranges". After a long time of Googling and experimenting I realised what this error message means: The artifact does have valid ranges, just too many of them.
For example, my master POM has a dependency on superframework v.1.0 only, but there is also a transitive dependency on superframework v.0.5-0.9.
Until now, whenever I had such a problem I've looked at the (very cryptic) error message and sorta guessed which POM I needed to change - basically a lot of trial an error. The problem is that mvn dependency:tree doesn't work if you have a dependency resolution problem.
The Eclipse plugin sometimes helps a little, but sometimes it is way off.
Any tips on how to resolve these problems?
This might not be the expected answer but my advice would be to actually not use dependency ranges as they worsen build reproducibility.
I prefer to use fixed versions (which also make dependencies conflicts resolution easier, see the note at the bottom of 9.4.3. Dependency Version Ranges) and use intensively the Dependency Convergence report to manage them.
This isn't a direct answer to my question but rather a word of advice. I learned something new since askin the question: the order in which dependencies are listed in the POM files, much to my surprise, does matter.
So, if you include a dependency on
superframework [0.5,1.5)
it will fetch the latest available version, say 1.1.
If you then have a transitive dependency further down that includes
superframework [0.5, 1.0)
Maven will generate this misleading error, since it will not select anything other than the 1.1 it already has, even though it could just select 0.9 without producing a version conflict. If you swap the order, weirdly, it works.
Am I right in thinking that this is a flaw in Maven's behaviour?
Related
Most of the time wile installing new npm dependecies in a project, I get warnings and issues ( either low moderate or even crtitical).
And running npm audit fix, or fix by force doesn't resolve the issues.
Can I ignore them or should i fix myself ? Especially when it's about dependency tree
Warnings are here to tell that a bug have been found and will be probably corrected in a future release. Nonetheless, to avoid breaking a package, an old dependency (which can also have issue) can still be used. So, those who maintain the package have either the choice to rebuild their package without the problematic dependencies. Or they wait that the dependencies (or work on it) get corrected.
if you want to fix yourself every problems of every dependencies of every packages you are using, you will certainly need to reincarnate thousand & thousands times on earth to clean that mess xD
the best is to have the less packages possibles. But here are 3 points i'm used to check before deciding to use a package or not:
does it have a future ? (stars, download, last update)
are there a lot of peoples working on it ? (forks, issues, pull)
does it have too much dependencies ?
choose wisely can avoid you to fall into a devellopement nightmare.
I have a new Java project started that is using Gradle (version 3.4.1) and IntelliJ. I used gradle init at the command line and then imported the project into IntelliJ, using the default wrapper (which is recommended, according the the IDE).
I have the following in the build.gradle file:
jar {
manifest {
attributes 'Main-Class': "com.testerstories.textadv.Voxam"
}
}
The attributes line, however, provides a consistent warning that says:
'attributes' cannot be applied to '(['Main-Class':groovy.lang.GString])'
The issue appears to be "incompatible types." But it's unclear what "attributes" is being "applied to". I would presume the manifest block. But then ... what does it want me to do exactly?
I realize this is a warning and I could just ignore it. I also realize I can block inspections. But in all the discussions about this, and I realize there are a few (although most of those seem to deal with 'groovy.lang.Closure'), I have yet to find anything that unambiguously states quite simply what the actual issue is and how to resolve it. I say "resolve it" in contrast to (1) just cover it up or (2) pretend it doesn't exist.
It concerns me that something that appears to be very basic Gradle usage is not recognized or is indicating a problem in one of the core IDEs that supports Java.
Finally, I'll note that before adding to the StackOverflow space, I had asked JetBrains support and their answer was to make sure my .iml file was indicating a "JAVA_MODULE" rather than a "WEB_MODULE", which I did verify. Their next answer was that I needed to provide (quoting directly) a "namespace to resolve the ambiguity, which should resolve erroneous type errors." Ironically, perhaps, that reply needed some ambiguity resolution of its own, but I have gotten no further responses.
UPDATE (RELATED TO ABOVE; BUT DIFFERENT CONTEXT)
If I use something like this in my Gradle:
systemProperties(System.getProperties())
I'm told that getProperties() is an ambiguous method call. Originally I thought that was unrelated to my original issue, but the IntelliJ inspector reports that this is also an issue with incompatible types.
The conclusion I'm reaching -- and what will probably be the "answer" -- is that Gradle and IntelliJ just don't play nice with each other in a variety of contexts.
I just finished skating around that infamous "cannot load main class start" thing, and I got blindsided with a sea of errors:
A friend suggests it might have something to do with com.google, but ultimately can't help me.
I haven't made a single alteration to any of the code so far. Eclipse just started up not being able to run and stayed that way. I think there's a way to fix it but it would require making acute changes at the sight of every single error; work that could be wiped by a cleanup if I'm proved wrong.
Anyone have a clue what the issue is? Thank you for the trouble.
UPDATE: Adding guava as a library relieved the error involving com.google, but threw in a handful of others. This one class file contains 3 of the most common unresolved types I've seen scattered throughout: Logger/LogManagaer, PropertyMap, and CrashReport
Your general problems revolve around not having dependencies in the build path. Eclipse's error messages are pretty clear about this; e.g. if a package name is underlined in red and can't be found, then that means it can't be found, and the obvious solution is to add the library that provides it, so that it can be found.
In virtually all cases here, a Google search for the missing packages and classes will lead you to the packages that contain it.
For each unresolved dependency, find the library, add it to the build path, then move on.
I also suggest consulting the documentation that comes with the source code you are attempting to compile, which often simply lists the dependencies, thus saving you the trouble of hunting them down as you go.
While we could do the internet searches for you and hash this out one step at a time, it's both better and faster for you to do it yourself. Better because if you're messing around with Minecraft source, having at least a basic knowledge of how your tools work is going to help you (I also suggest some of the material at http://docs.oracle.com/javase/tutorial/). Faster because the turnaround time of typing package names into the Google search box is a heck of a lot faster than constantly updating your question here and waiting for replies.
It looks like you are missing the Google Collections package, which now is called Guava.
Download the jar file, and add it as a library.
I love the maven-versions-plugin but sometimes I forget to run it for a while. Is there a way to make a maven build fail (and thus have a continuous build fail) when certain important dependencies are out of date?
I think you're approaching this incorrectly. Mail yourself the output of the maven-versions-plugin if you want, but don't fail the build due to changes outside of your control.
Even more, why would you want to needlessly update to the latest versions? I have seen many tricky problems appear due to upgrades which have brought slight changes to previous behaviour.
This, in general, is a bad practice - to update versions automatically. There is no practical reason of using the latest version of any package. If the library you're using satisfies your requirements you should stay with this version for security/stability reasons. And forever.
I think that maven-versions-plugin is an anti-pattern itself.
ps. When and if you want to do integration testing of modules developed by different teams/programmers, it is "integration testing". Even in this case I still think that on-fly version updating is the wrong approach. Root project should not do this integration testing, instead, every sub-module (or JAR, in your case), has to be responsible for integration testing of itself together with the rest of the system. When a sub-module increases its version it has to validate whether everything is still fine, and only then has to release a new version to the repository. And when the sub-module is doing the validation it has to be dependent on statically specified version numbers.
I mean, can I use the com.sun.org.apache (all subpackages) classes as I use they from org.apache (in any Apache lib)?
Will the OpenJDK maintain this package up to date with apache updates?
And the JDK7 will maintain this package?
Where can I find information about that?
It is a very bad idea to use it. Once upon a time, Sun took a copy of Xerces, chock full of bugs. They made some changes. Perhaps they subtracted some bugs. We know that there are many very serious bugs that they did not subtract.
And they renamed it to com.sun.... for one reason: to tell you not to use it. At any time, in any point release, in any patch, they can change those classes incompatibly or remove them.
Further, these classes may not be in IBM's copy of the JRE, or Apple's, or (haha) Microsoft's, or JRocket.
If you want Xerces, use Xerces. To find information about this, read the Xerces-j mailing list archive for many stern warnings from the Xerces developers about the version forked by Sun.
The fact that the classes are formally 'public' means nothing except that Sun needed to be able to new them from some other package.
Err I wouldn't, just based on the fact that they're internal classes and there is a risk of them changing over time. Use the org.apache classes instead.
No idea about the intentions with keeping them up to date, maybe try posting a message on the openjdk forum:
http://mail.openjdk.java.net/mailman/listinfo
My understanding is that this is a fork of the apache code. At one point they were the same, but no more. So you can't count on the same bug fixes being present in both versions.
If documentation for this package says that it is public, then it's OK to use.
Otherwise they can pool a floor underneath you when they decide not to support it in the future.
Usually, you should not rely on anything other than java and javax in JDK.