fge
Remove guava dependency
Though Guava can provide an easier API to do some common operations, there can be dependency convergence problems when different versions of Guava are used between different dependencies.
Guava also has the tendency to deprecate APIs between versions.
Primarily to avoid situations like this http://stackoverflow.com/questions/28368289/use-multiple-guava-versions-in-same-maven-project
I have to agree with that.
Since my current job has led me to experience such problems, the two solutions would be to:
- either get rid of Guava entirely,
- or repackage it for this library.
Not sure where the library should go:
- getting rid of Guava would mean recoding some parts of it for this package exclusively;
- repackaging it would lead to a very large jar whereas it is rather slim at the moment...
I would go with the later. Something along the lines of using the maven-shade-plugin. Not because it's nicer, in fact it's way way uglier with the larger disk space. However, it is more pragmatic and we can slowly introduce pull requests to get rid of it as time passes by.
Chose the first approach for my PR. Only copied the classes that are relevant and took out the "Guava" checks in the Guava code.
Additionally, the current Guava level (16.0.1, see project.gradle) is vulnerable according to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10237.
Using Guava 26.0 breaks because the character definitions in CharMatcher have been removed (had been deprecated for a while).
https://github.com/google/guava/commit/f1249c4f0449260ff123e8da6b921a37fc058147#diff-27c92738a318c1015c6a15340c0f0d37
Guava 25.1 will work for the time being.
