Description
I upgraded my project from Quartz 2.2.3 to 2.3.0 and suddenly started seeing this build failure from the Maven duplicate finder plugin, complaining of duplicate HikariCP classes on my classpath:
[WARNING] Found duplicate and different classes in
[com.zaxxer:HikariCP-java6:2.3.13, com.zaxxer:HikariCP:3.2.0]:
[WARNING] com.zaxxer.hikari.HikariConfig
[WARNING] com.zaxxer.hikari.HikariConfigMXBean
[WARNING] com.zaxxer.hikari.HikariDataSource
[WARNING] com.zaxxer.hikari.HikariJNDIFactory
[WARNING] com.zaxxer.hikari.hibernate.HikariConfigurationUtil
[WARNING] com.zaxxer.hikari.hibernate.HikariConnectionProvider
[WARNING] com.zaxxer.hikari.metrics.MetricsTracker
[WARNING] com.zaxxer.hikari.pool.HikariPool
[WARNING] com.zaxxer.hikari.util.ConcurrentBag
[WARNING] com.zaxxer.hikari.util.DriverDataSource
[WARNING] com.zaxxer.hikari.util.FastList
[WARNING] com.zaxxer.hikari.util.JavassistProxyFactory
[WARNING] com.zaxxer.hikari.util.UtilityElf
My Java 11 project directly uses com.zaxxer:HikariCP:3.2.0 and I was surprised that a dependency was transitively pulling in com.zaxxer:HikariCP-java6:2.3.13.
With a little digging, it looks like @jhouserizer added a hard compile time dependency on com.zaxxer:HikariCP-java6 under #126 which is the source of the duplicate classes:
[INFO] +- org.quartz-scheduler:quartz:jar:2.3.0:compile
[INFO] | +- com.mchange:c3p0:jar:0.9.5.2:compile
[INFO] | +- com.mchange:mchange-commons-java:jar:0.2.11:compile
[INFO] | \- com.zaxxer:HikariCP-java6:jar:2.3.13:compile
I could be wrong, but is com.zaxxer:HikariCP-java6 (and the others) really required to use the Quartz scheduler? These dependencies appear to only be required if you intend to use a Quartz data source backed by an SQL database. For applications that are not using these features of Quartz, aren't these dependencies unnecessary?
If so, shouldn't Quartz declare these "optional" run-time dependencies in the Maven provided or optional scope? Placing them in the compile scope forces consumers of Quartz to add exclusions in order to keep such conflicts out of the classpath. I would expect that if Quartz consumers need to use a DB data source in conjunction with a scheduler, then it should be on them to explicitly "provide" a compatible version of HikariCP (or c3p0 for that matter).
E.g., from https://maven.apache.org/pom.html#Dependency_Version_Requirement_Specification perhaps quartz-core/pom.xml should have declared such dependencies as:
<dependency>
<groupId>com.zaxxer</groupId>
<artifactId>HikariCP-java6</artifactId>
<version>[2.3.13,)</version>
<scope>provided</scope>
</dependency>Fwiw, @enwired had the same concern documented here #126 (comment).
Activity