You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Twilio SDK includes org.json:json dependency starting from version 9.0.0.
According to the commit message it looks like the dependency was added for testing purposes: 60adbe0.
But this dependency doesn't have test scope (intentially or not?), so it has default compile scope and is visible as a transitive dependency at compile time by any project, that uses com.twilio.sdk:twilio library.
Do this dependency really needs to have compile scope? Could it be moved to the test scope?
The problem with this dependency is that some lawyers consider it as inappropriate due to the license. See redis/jedis#3189 and the discussion here stleary/JSON-java#706. Also, it clashes at runtime classpath with other dependencies that implement the same classes. E.g. org.springframework.boot:spring-boot-starter-test depends on org.skyscreamer:jsonassert:1.5.1, that depends on com.vaadin.external.google:android-json:0.0.20131108.vaadin1, that implements the same classes as in org.json:json library, but with different licensing. So, at runtime there is multiple occurrences of org.json.JSONObject on the class path that could lead to unpredictable runtime behavior.
Anyway, if org.json:json dependency is only needed by tests, could its scope be changed to test in pom.xml, please? Even without taking into account all these problems, less transitive dependencies is a good thing.
Steps to Reproduce
Inlcude both org.springframework.boot:spring-boot-starter-test:3.0.6 and com.twilio.sdk:twilio:9.6.0 in the classpath.
Run any spring boot test.
Spring's own DuplicateJsonObjectContextCustomizer will detect multiple occurrences of org.json.JSONObject on the class path.
Exception/Log
Found multiple occurrences of org.json.JSONObject on the class path:
jar:file:/C:/Users/me/.m2/repository/org/json/json/20220320/json-20220320.jar!/org/json/JSONObject.class
jar:file:/C:/Users/me/.m2/repository/com/vaadin/external/google/android-json/0.0.20131108.vaadin1/android-json-0.0.20131108.vaadin1.jar!/org/json/JSONObject.class
You may wish to exclude one of them to ensure predictable runtime behavior
Technical details:
twilio-java version: 9.6.0
java version: 17
The text was updated successfully, but these errors were encountered:
Issue Summary
Twilio SDK includes
org.json:json
dependency starting from version 9.0.0.According to the commit message it looks like the dependency was added for testing purposes: 60adbe0.
But this dependency doesn't have
test
scope (intentially or not?), so it has defaultcompile
scope and is visible as a transitive dependency at compile time by any project, that usescom.twilio.sdk:twilio
library.Do this dependency really needs to have
compile
scope? Could it be moved to thetest
scope?The problem with this dependency is that some lawyers consider it as inappropriate due to the license. See redis/jedis#3189 and the discussion here stleary/JSON-java#706. Also, it clashes at runtime classpath with other dependencies that implement the same classes. E.g.
org.springframework.boot:spring-boot-starter-test
depends onorg.skyscreamer:jsonassert:1.5.1
, that depends oncom.vaadin.external.google:android-json:0.0.20131108.vaadin1
, that implements the same classes as inorg.json:json
library, but with different licensing. So, at runtime there is multiple occurrences oforg.json.JSONObject
on the class path that could lead to unpredictable runtime behavior.Anyway, if
org.json:json
dependency is only needed by tests, could its scope be changed totest
inpom.xml
, please? Even without taking into account all these problems, less transitive dependencies is a good thing.Steps to Reproduce
org.springframework.boot:spring-boot-starter-test:3.0.6
andcom.twilio.sdk:twilio:9.6.0
in the classpath.DuplicateJsonObjectContextCustomizer
will detect multiple occurrences oforg.json.JSONObject
on the class path.Exception/Log
Technical details:
The text was updated successfully, but these errors were encountered: