Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update dependency com.google.guava:guava to v32.1.3-android #1332

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): update dependency com.google.guava:guava to v32.1.3-android #1332

wants to merge 1 commit into from

Conversation

renovate-bot
Copy link
Contributor

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
com.google.guava:guava 32.0.0-android -> 32.1.3-android age adoption passing confidence

Release Notes

google/guava (com.google.guava:guava)

v32.1.2: 32.1.2

Compare Source

Maven
<dependency>
  <groupId>com.google.guava</groupId>
  <artifactId>guava</artifactId>
  <version>32.1.2-jre</version>
  <!-- or, for Android: -->
  <version>32.1.2-android</version>
</dependency>
Jar files

Guava requires one runtime dependency, which you can download here:

Javadoc
JDiff
Changelog

v32.1.1: 32.1.1

Compare Source

Maven
<dependency>
  <groupId>com.google.guava</groupId>
  <artifactId>guava</artifactId>
  <version>32.1.1-jre</version>
  <!-- or, for Android: -->
  <version>32.1.1-android</version>
</dependency>
Jar files

Guava requires one runtime dependency, which you can download here:

Javadoc
JDiff
Changelog
  • Fixed our broken Gradle metadata from 32.1.0. Sorry again for the trouble. If you use Gradle, please still read the release notes from that version: You may still see errors from the new checking that the metadata enables, and the release notes discuss how to fix those errors.

v32.1.0: 32.1.0

Compare Source

Warning: Our Gradle-metadata version numbers are broken. Read these notes, but upgrade straight to 32.1.2.

We made a mistake in our release script, so the new Gradle metadata (discussed below) has broken version numbers in 32.1.0. Sorry for the trouble and for the need for another quick patch release. We recommend upgrading straight to release 32.1.2, especially if you use Gradle or if you publish a library whose users might use Gradle. Still, read the release notes below if you use Gradle, since the fixed Gradle metadata in 32.1.2 may still require action on your part.

Maven
<dependency>
  <groupId>com.google.guava</groupId>
  <artifactId>guava</artifactId>
  <version>32.1.0-jre</version>
  <!-- or, for Android: -->
  <version>32.1.0-android</version>
</dependency>
Jar files

Guava requires one runtime dependency, which you can download here:

Javadoc
JDiff
Changelog
Gradle Module Metadata

Warning: We made a mistake in our release script, so this is broken in 32.1.0. We recommend upgrading straight to release 32.1.2, especially if you use Gradle or if you publish a library whose users might use Gradle. Still, read the release notes below if you use Gradle, since the fixed Gradle metadata in 32.1.2 may still require action on your part.

The Gradle team has contributed a metadata file for Guava. If you use Gradle 6 or higher, you will see better handling of two kinds of dependency conflicts, plus another small feature related to our dependencies. As a result of this change, you may see errors, which you can resolve as documented below. If you encounter a problem that isn't documented below, or if the documentation is unclear, please let us know.

If you use Gradle 6 (not 5, not 7+)

You may see an error like this one:

> Could not resolve all artifacts for configuration ':classpath'.
   > Could not resolve com.google.guava:guava:30.1-jre.
     Required by:
         project : > com.google.cloud.tools.jib:com.google.cloud.tools.jib.gradle.plugin:2.8.0 > gradle.plugin.com.google.cloud.tools:jib-gradle-plugin:2.8.0
      > The consumer was configured to find a runtime of a library compatible with Java 15, packaged as a jar, and its dependencies declared externally. However we cannot choose between the following variants of com.google.guava:guava:32.1.1-jre:
          - androidRuntimeElements
          - jreRuntimeElements
        All of them match the consumer attributes:
          - Variant 'androidRuntimeElements' capabilities com.google.collections:google-collections:32.1.1-jre and com.google.guava:guava:32.1.1-jre and com.google.guava:listenablefuture:1.0 declares a runtime of a library compatible with Java 8, packaged as a jar, and its dependencies declared externally:

If you do, you'll need to add something like this to a place where you configure the Java plugins:

sourceSets.all {
  configurations.getByName(runtimeClasspathConfigurationName) {
    attributes.attribute(Attribute.of("org.gradle.jvm.environment", String), "standard-jvm")
  }
  configurations.getByName(compileClasspathConfigurationName) {
    attributes.attribute(Attribute.of("org.gradle.jvm.environment", String), "standard-jvm")
  }
}
If you see an error about a duplicate ListenableFuture class

For example:

Execution failed for task ':app:checkDebugDuplicateClasses'.
> A failure occurred while executing com.android.build.gradle.internal.tasks.CheckDuplicatesRunnable
   > Duplicate class com.google.common.util.concurrent.ListenableFuture found in modules jetified-guava-32.1.1-android (com.google.guava:guava:32.1.1-android) and jetified-listenablefuture-1.0 (com.google.guava:listenablefuture:1.0)

This appears to be a Gradle bug.

@​mathisdt has provided a workaround:

dependencies {
### dependency definitions here ...
  modules {
    module("com.google.guava:listenablefuture") {
      replacedBy("com.google.guava:guava", "listenablefuture is part of guava")
    }
  }
}
Selecting the appropriate flavor

When Gradle automatically selects the newest version of Guava in your dependency graph, it will now also select the appropriate flavor (-android or -jre) based on whether you project targets Android or not. For example, if you depend on 32.1.0-android and 30.0-jre, Gradle will select 32.1.0-jre. This is the version most likely to be compatible with all your dependencies.

In the unusual event that you need to override Gradle's choice of flavor, you can do so as follows:

dependencies.constraints {
  implementation("com.google.guava:guava") {
    attributes {
      attribute(
        TargetJvmEnvironment.TARGET_JVM_ENVIRONMENT_ATTRIBUTE, 
        objects.named(TargetJvmEnvironment, TargetJvmEnvironment.ANDROID))
    }
  }
}

// If the above leads to a conflict error because there are additional transitive dependencies to Guava, then use:
configurations.all {
  resolutionStrategy.capabilitiesResolution.withCapability("com.google.guava:guava") {
    select(candidates.find { it.variantName.contains("android") })
  }
}
Reporting dependencies that overlap with Guava

If your dependency graph contains the very old google-collections or the hacky listenablefuture, Gradle will now report that those libraries contain duplicates of Guava classes. When this happens, you'll need to tell Gradle to select Guava:

configurations.all {
  resolutionStrategy.capabilitiesResolution.withCapability("com.google.collections:google-collections") {
    select("com.google.guava:guava:0")
  }
  // and/or
  resolutionStrategy.capabilitiesResolution.withCapability("com.google.guava:listenablefuture") {
    select("com.google.guava:guava:0")
  }
}

If that doesn't work, please let us know. And let us know whether our replacedBy workaround or these other workarounds work instead.

Omitting annotations at runtime

One dependency of Guava that is not needed at runtime (j2objc-annotations) is now omitted from the runtime classpath. (We may omit others in the future. See #​6606.)

Other changes
  • collect: Tweaked more nullness annotations. (501a016, 5c23590)
  • hash: Enhanced crc32c() to use Java's hardware-accelerated implementation where available. (65c7f10)
  • util.concurrent: Added Duration-based default methods to ListeningExecutorService. (e7714b0)
  • Began updating Javadoc to focus less on APIs that have been superseded by additions to the JDK. We're also looking to add more documentation that directs users to JDK equivalents for our APIs. Further PRs welcome! (c9efc47, 01dcc2e)
  • Fixed some problems with using Guava from a Java Agent. (But we don't test that configuration, and we don't know how well we'll be able to keep it working.) (e42d4e8, de62703)
  • Fixed BootstrapMethodError when using CacheBuilder from a custom system class loader. (As with the previous item, we're not sure how well we'll be able to keep this use case working.) (a667c38)
  • Suppressed a harmless unusable-by-js warning seen by users of guava-gwt.

v32.0.1: 32.0.1

Compare Source

Maven
<dependency>
  <groupId>com.google.guava</groupId>
  <artifactId>guava</artifactId>
  <version>32.0.1-jre</version>
  <!-- or, for Android: -->
  <version>32.0.1-android</version>
</dependency>
Jar files

Guava requires one runtime dependency, which you can download here:

Javadoc
JDiff
Changelog
  • io: Fixed Files.createTempDir and FileBackedOutputStream under Windows, which broke as part of the security fix in release 32.0.0. Sorry for the trouble. (fdbf77d)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate-bot renovate-bot requested review from a team as code owners November 9, 2023 22:09
@trusted-contributions-gcf trusted-contributions-gcf bot added kokoro:force-run Add this label to force Kokoro to re-run the tests. owlbot:run Add this label to trigger the Owlbot post processor. labels Nov 9, 2023
@product-auto-label product-auto-label bot added the size: xs Pull request size is extra small. label Nov 9, 2023
@gcf-owl-bot gcf-owl-bot bot removed the owlbot:run Add this label to trigger the Owlbot post processor. label Nov 9, 2023
@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Nov 9, 2023

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

@yoshi-kokoro yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Nov 9, 2023
@trusted-contributions-gcf trusted-contributions-gcf bot added kokoro:force-run Add this label to force Kokoro to re-run the tests. owlbot:run Add this label to trigger the Owlbot post processor. labels Feb 17, 2024
@gcf-owl-bot gcf-owl-bot bot removed the owlbot:run Add this label to trigger the Owlbot post processor. label Feb 17, 2024
@yoshi-kokoro yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Feb 17, 2024
@renovate-bot renovate-bot force-pushed the renovate/project.guava.version branch from c2cc946 to 40a33ac Compare May 2, 2024 17:59
@trusted-contributions-gcf trusted-contributions-gcf bot added kokoro:force-run Add this label to force Kokoro to re-run the tests. owlbot:run Add this label to trigger the Owlbot post processor. labels May 2, 2024
@gcf-owl-bot gcf-owl-bot bot removed the owlbot:run Add this label to trigger the Owlbot post processor. label May 2, 2024
@yoshi-kokoro yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
size: xs Pull request size is extra small.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@renovate-bot @yoshi-kokoro