FindBugs / SpotBugs collision

[SimonMarquis]

The core-api module depends on both FindBugs com.google.code.findbugs:jsr305:3.0.2 and SpotBugs com.google.code.findbugs:annotations:3.0.1.

https://github.com/optimizely/java-sdk/blob/c507649832f605fa6dd3419caf2284da0c1436c8/core-api/build.gradle#L5-L6

SpotBugs seems to be the "successor" of FindBugs. But this leads to unexpected errors.

Different versions are used 3.0.1 vs 3.0.2 which does not make sense to me. And most importantly, since these are almost identical copies, it will create collision errors on the consumer side, for example:

Duplicate class javax.annotation.CheckForNull found in modules annotations-3.0.1 (com.google.code.findbugs:annotations:3.0.1) and jsr305-3.0.2 (com.google.code.findbugs:jsr305:3.0.2)

Is there a good reason to keep this "duplicated" dependency?