plaid-java icon indicating copy to clipboard operation
plaid-java copied to clipboard

Published 20 hours ago verified publisher icon plaid

Plaid Client 9 uses retired Apache Oltu project, which is not supported

Open stevenschlansker opened this issue 4 years ago • 9 comments

The new Plaid client brings in org.apache.oltu.oauth2:org.apache.oltu.oauth2.client:1.0.1. This causes our build to fail, as there are duplicate classes in org.apache.oltu.oauth2:org.apache.oltu.oauth2.client:1.0.1 and org.apache.oltu.oauth2:org.apache.oltu.oauth2.common:1.0.1, which is a bug in the Oltu project.

While attempting to report this bug to them to get it fixed, I found that the project is retired and not maintained:

https://attic.apache.org/projects/oltu.html

Please do not depend on unsupported libraries. Consider removing this dependency before taking this library out of beta.

stevenschlansker avatar Apr 20 '21 17:04 stevenschlansker

@stephenjayakar FYI -- do we have this on the to-do list for GA?

phoenixy1 avatar May 11 '21 00:05 phoenixy1

FWIW it looks like was fixed on the OpenAPI generator side in February, with version 5.0.1 -- I assume we will get the fix the next time we update the version of the OpenAPI generator we are using, although I don't know when we are currently scheduled to do that.

phoenixy1 avatar Aug 26 '21 22:08 phoenixy1

looking at our build script, I see we actually do now use openapi generator 5.1 for Java, which means this issue should now be resolved. @stevenschlansker, are you still seeing this with the latest libraries?

phoenixy1 avatar Aug 26 '21 22:08 phoenixy1

going to close this -- feel free to reopen / refile if it's not fixed

phoenixy1 avatar Aug 27 '21 00:08 phoenixy1

@phoenixy1 , I am not sure how the OpenAPI generator relates; I am simply looking at the declared dependencies of plaid-java and even at version 9.0.0 you can see that it still depends on an outdated version of the abandoned Oltu library: https://search.maven.org/artifact/com.plaid/plaid-java/9.0.0/jar

    <dependency>
      <groupId>org.apache.oltu.oauth2</groupId>
      <artifactId>org.apache.oltu.oauth2.client</artifactId>
      <version>${oltu-version}</version>
      <exclusions>
        <exclusion>
          <groupId>org.apache.oltu.oauth2</groupId>
          <artifactId>common</artifactId>
        </exclusion>
      </exclusions>
    </dependency>

So I do not think this issue is fixed.

stevenschlansker avatar Aug 27 '21 16:08 stevenschlansker

It's even still present directly in the source code: https://github.com/plaid/plaid-java/blob/master/pom.xml#L220 I think this issue was closed quite prematurely and would recommend reopening.

stevenschlansker avatar Aug 27 '21 17:08 stevenschlansker

@stevenschlansker this relates to openapi generator because I believe the dependency is being added by openapi generator (https://github.com/OpenAPITools/openapi-generator/pull/8318). according to their release notes, openapi generator fixed this, and we have since upgraded to create the libraries using a version of the generator that has the fix, so I'm not quite sure why this is still happening -- possibly the dependency is just left over and we need to remove it? cc: @stephenjayakar to take a look.

phoenixy1 avatar Aug 30 '21 18:08 phoenixy1

@otherchen do you know why this is happening -- is it just left over / can we manually remove it?

phoenixy1 avatar Aug 17 '22 18:08 phoenixy1