Description
Our application has dependency on guava 33.1.0-jre, but this application also needs to leverage batch sdk('com.microsoft.azure:azure-batch:11.0.0') to interact with the azure batch account. Since batch uses guava version 20, and our application relies on higher version, when trying to hit batch api we are getting into issues like:
20 Mar 2024 13:34:49.792HostName=pre4studio.bases.com 2024-03-20 09:34:49,756 ERROR org.codehaus.groovy.grails.web.errors.GrailsExceptionResolver 489 - NoSuchMethodError occurred when processing request: [POST] /platformservices/projects/8867/skuLists/658b1d815744d25309904f2b/skuListDoeRuns
com.google.common.base.Preconditions.checkArgument(ZLjava/lang/String;Ljava/lang/Object;)V. Stacktrace follows:
, org.codehaus.groovy.grails.web.servlet.mvc.exceptions.ControllerExecutionException: Executing action [create] of controller [com.affinnova.platform.controllers.products.lpo.inputs.SkuListDoeRunController] caused exception: Runtime error executing action
at grails.plugin.cache.web.filter.PageFragmentCachingFilter.doFilter(PageFragmentCachingFilter.java:198)
at grails.plugin.cache.web.filter.AbstractFilter.doFilter(AbstractFilter.java:63)
at grails.plugin.springsecurity.web.filter.GrailsAnonymousAuthenticationFilter.doFilter(GrailsAnonymousAuthenticationFilter.java:53)
at grails.plugin.springsecurity.rest.RestAuthenticationFilter.doFilter(RestAuthenticationFilter.groovy:143)
at com.affinnova.platform.services.security.CASOAuthTokenAuthenticationFilter.doFilter(CASOAuthTokenAuthenticationFilter.groovy:91)
at com.affinnova.platform.services.security.AuthProxyAuthenticationFilter.doFilter(AuthProxyAuthenticationFilter.groovy:107)
at grails.plugin.springsecurity.web.authentication.logout.MutableLogoutFilter.doFilter(MutableLogoutFilter.java:62)
at com.affinnova.platform.services.security.CerberusAuthenticationFilter.doFilter(CerberusAuthenticationFilter.groovy:86)
at com.affinnova.platform.services.security.SSOConcurrentSessionFilter.doFilter(SSOConcurrentSessionFilter.groovy:114)
at grails.plugin.springsecurity.web.SecurityRequestHolderFilter.doFilter(SecurityRequestHolderFilter.java:59)
at com.affinnova.platform.servlet.filter.CacheExpiresFilter.doFilter(CacheExpiresFilter.groovy:40)
at com.nielsen.springsession.web.http.HttpSessionSynchronizer.doFilterInternal(HttpSessionSynchronizer.java:29)
at com.brandseye.cors.CorsFilter.doFilter(CorsFilter.java:82)
at java.lang.Thread.run(Thread.java:750)
Caused by: org.codehaus.groovy.grails.web.servlet.mvc.exceptions.ControllerExecutionException: Runtime error executing action
... 14 more
Caused by: java.lang.reflect.InvocationTargetException
... 14 more
Caused by: java.lang.NoSuchMethodError: com.google.common.base.Preconditions.checkArgument(ZLjava/lang/String;Ljava/lang/Object;)V
at com.google.common.reflect.TypeCapture.capture(TypeCapture.java:32)
at com.google.common.reflect.TypeToken.<init>(TypeToken.java:125)
And as we can see from dependency tree seems like the client runtime is the one pulling in the old version of dependency:
+--- com.microsoft.azure:azure-batch:11.0.0
| +--- com.microsoft.azure:azure-client-runtime:1.7.14
| | --- com.microsoft.rest:client-runtime:1.7.14
| | +--- com.google.guava:guava:20.0
Now from #29586 I understand the need to support java 7, but could we not introduce a cut off version or a new version that supports using latest version of guava and hence along with it fix security vulnerabilities.
Until this is resolved we are forced to use guava 20 in our application which raises red flag with our devOps/security team to deploy the app.