java-client maven dependency cglib issue
truebit opened this issue · comments
Description
java-client maven dependency cglib misusage
Environment
java-client 4.0.0
Details
- run dependency check with command
mvn dependency:tree -Dverbose -Dincludes=cglibwith output:
[INFO] --- maven-dependency-plugin:2.8:tree (default-cli) @ java-client ---
[INFO] io.appium:java-client:jar:5.0.0-SNAPSHOT
[INFO] +- org.seleniumhq.selenium:selenium-java:jar:2.53.0:compile
[INFO] | \- org.seleniumhq.selenium:selenium-chrome-driver:jar:2.53.0:compile
[INFO] | \- org.seleniumhq.selenium:selenium-remote-driver:jar:2.53.0:compile
[INFO] | \- cglib:cglib-nodep:jar:2.1_3:compile
[INFO] - cglib:cglib:jar:3.2.1:compile
- According to cglib wiki:
cglib-#.##.jar - binary distribution, CGLIB classes only, it must be used to extend cglib classes dependant on ASM API
cglib-nodep-#.##.jar - binary distribution, CGLIB and renamed ASM classes, not extendable
IMO, the explicit dependency in java-client should use cglib-nodep instead of cglib. or just remove cglib dependency in java-client pom to use the one already included by selenium-remote-driver
example pom.xml file to use cglib-nodep instead of cglib
@@ -31,6 +31,12 @@
<groupId>org.seleniumhq.selenium</groupId>
<artifactId>selenium-java</artifactId>
<version>2.53.0</version>
+ <exclusions>
+ <exclusion>
+ <groupId>cglib</groupId>
+ <artifactId>cglib-nodep</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>junit</groupId>
@@ -50,8 +56,8 @@
</dependency>
<dependency>
<groupId>cglib</groupId>
- <artifactId>cglib</artifactId>
- <version>3.2.1</version>
+ <artifactId>cglib-nodep</artifactId>
+ <version>3.2.2</version>
</dependency>
<dependency>
<groupId>commons-validator</groupId>