I'm suffering from the version conflict on Eclipse.
I want to use the following two plugins in one Eclipse instance.
org.abc.plugin1a
has a dependency on org.eclipse.plugin1b_1.0.0
(works well only with version 1.0.0, not work with the newer version!)
impossible to be maintained because of a certain reason
org.eclipse.plugin2a
has a dependency on org.eclipse.plugin1b_2.0.0 (or newer)
Actually org.abc.plugin1a was developed experimentally by an ex-employee, not by me. The source codes are available but too complicated.
I found there are huge differences between org.eclipse.plugin1b_1.0.0 and 2.0.0.
So it is almost impossible for me to update org.abc.plugin1a to work with org.eclipse.plugin1b_2.0.0
Is there any answer to solve my problem?
Specify both the minimum and maximum version of the plugin in the Require-Bundle:
Require-Bundle: org.eclipse.plugin1b_1.0.0;bundle-version="[1.0.0,1.0.0]"
This will not work if plugin org.eclipse.plugin1b is marked as a singleton since in that case Eclipse will only load one version of the plugin.
Related
According to a recent JFrog Xray scan, our application (.NET 5) has a "critical" vulnerability due to a dependency on a specific version of Microsoft.NETCore.Platforms. There is a newer version of the package with the vulnerability resolved that I want my project to use instead. The problem I'm having is that this is not a package that we've explicitly added to the project, but rather a dependency that some other packages have, so simply adding the newer version of the package to the project isn't enough to remove the dependency entirely; I can still see references to the "bad" version appearing in project.assets.json. Upgrading to the latest version of the top-level packages has helped, but has still left some references to the "bad" version of Microsoft.NETCore.Platforms via dependencies of dependencies of dependencies.
E.g, we're using the very latest version of Microsoft.ApplicationInsights, but this has a dependency on System.Diagnostics.PerformanceCounter, which has a dependency on the "bad" Microsoft.NETCore.Platforms.
TLDR; I want to be able to tell my project "If you have a dependency on this package anywhere in your dependency tree, don't use version X, use version Y instead", but I'm not sure if there exists a way to do this.
You can't change what version of a library your dependencies use because that could easily introduce breaking changes. This is the modern version of DLL hell.
The answer is to update the library that has the old dependency. If it's open source, you can do this yourself and use your forked version with the updated dependencies. If you don't have access to the source then you will have to contact the developer and tell them about the vulnerability.
If the developer is Microsoft, godspeed.
I'm trying to add a plugin dependency to org.eclipse.emf.ecore, because I'm using Ecore to do some modeling for my plugin. The only problem is that when I try to add it, the only version that matches is 2.4 and I can't find that 2.4 jar anywhere on my system, so I have no idea why Eclipse can only find this version and where Eclipse finds it.
In Eclipse's own plugins directory, I have version 2.9, so why can't it find this version? I want to use v 2.9, but no clue how can get Eclipse to match that version.
Any help is welcome, this has me perplexed!
Eclipse resolves dependencies against the currently set target platform. Make sure you have the right taget platform set, that includes org.eclipse.emf.ecore v. 2.9.
If you have not worked with the target platform before, take a look at this tutorial from Lars Vogel.
Within the context of upgrading plugins explain how to resolve plugin dependencies when NetBeans user interface's reports specific missing dependencies, yet these do not resolve with a google search or are unmentioned in the netbeans FAQ.
The practical example leading me to ask this question was when I attempted to install an in-development-plugin org-netbeans-modules-htmlprojects.nbm. It requires General Queries API v1.24 and I have v1.19.1.
Have a look at the bug report that mentions the nbm, it's for version 7. This also means that the mentioned version for GQA is also version 7 specific.
You best choice is probably to upgrade to version 7, it has some nice improvements over version 6.9 like HTML5 support. As a new install picks up the configuration of an installed previous version upgrading shouldn't be a lot of work.
EDIT based on restated question:
The short form: you cannot, it's not meant to work that way.
The long form: due to what happened here and the inner workings of Netbeans the error message was less clear than it could have been...
you downloaded a module for a higher version than the installed one
Netbeans' nbm deployment descriptor states dependencies on editor modules, not on editor versions - see inside the nbm which is actually a ZIP file Info/info.xml, manifest element, OpenIDE-Module-Module-Dependencies attribute.
Normally that error would not happen, as the version of the nbm will normally match the editor version, and the dependencies should either be satisfied or satisfiable by on-the-fly installation of the missing dependencies.
I've recently learned that the import section from feature.xml is legacy, and the actual dependency work is delegated to the p2 engine, which uses the information from the plugin manifest.
I am not sure though if p2 is available for all recent versions of Eclipse, or in all Eclipse-based products, so I'm not sure if it is safe to remove the import section from feature.xml.
Under what circumstances is it safe to remove the import section from feature.xml? Assume that we are taking into consideration Eclipse 3.4 or newer.
P2 was introduced in Eclipse 3.4 release. It had quite a few issues in that release, so a way was given to revert your Eclipse install to using the legacy Update Manager. Starting with 3.5 release, p2 is quite stable and is a definite improvement over the old Update Manager. I am not certain if it is possible to revert to the Update Manager in 3.5 or higher release. I certainly haven't heard of anyone doing this.
P2 is present in all Eclipse packages starting with 3.4 release.
I wouldn't categorize feature import as a deprecated feature. You would still want to use it to pull in plugins when you don't have direct OSGi dependency on them.
Consider the case where you are building an extension to JDT. Say you only depend on JDT core api (no UI extensions). If you only rely on OSGi dependencies, when your plugin is installed, p2 will dutifully install JDT core bundle, but not the UI bundle. Perfectly fine from OSGi perspective, but probably not what you intended.
I recommend sticking with feature import to describe your high level dependencies to make sure that they are installed in full. Relying only on OSGi dependencies works best for free-floating bundles that aren't part of something bigger that should be installed as a unit.
I am developing an eclipse plugin which contains a specific version of Lucene. I need to generate a search index and deploy it so that it can be read by another application which uses the same version of Lucene.
I recently upgraded eclipse to 3.4 and the search index is now not readable by the 2nd application. I see that eclipse 3.4 contains a newer version of Lucene and I am assuming that this version is used when generating the index.
How can I determine exactly which version of Lucene is being used at the time the index is generated? My plugin classpath begins with my bundled version of Lucene so I would have expected that my version should get priority.
TIA
You might want to give ClassPath Checker and ClassPath Helper a try.
You may be able that way to ascertain precisely what jar are used in your development environment, in order to compare those with jars present in your deployment environment, where Luce generates the index.
ClasPath Checker jar conflicts:
Classpath Helper Blocked (Obscured) Classes view:
Seems to work now. For those of you who are interested, this is what I had to do:
Removed the Lucene 1.4.3 jar from my plugin
Copied the old Lucene plugin from an older version of eclipse into version 3.4.
Deleted all the dependencies in the plugin.xml wizard. Now all the Lucene plugins are visible.
Selected version 1.4.xx and changed the properties to set a max version up to 1.5
Added the other plugin dependencies
Changed build path: removed old jar, added plugin dependency Lucene 1.4.3
Recalculated Run configuration. The Lucene 1.4.3 plugin was not added automatically so added it by hand.
Now when the index is generated, version 1.4.3 is loaded.
Hope this is useful to someone.
Since you're developing an Eclipse plug-in you should look into OSGi. Eclipse plug-ins are instances of OSGi bundles and OSGi has a strong model for handling dependencies and versioning between bundles.
I don't know your specific code, but if was planning to use Lucene in my plug-in I'd use OSGi's 'Import-Package' or 'Require-Bundle' functionality to express the dependency; I would not include the Lucene JAR in my plug-in. If every plug-in included their own Lucene JAR, you'd waste space, but more importantly, end up with incompatible versions (like you have).
OSGI's website is not the best place to start your OSGi journey (it's good for the OSGi specifications and Peter Kriens' blog). Better to start with something like Neil Bartlett's online book.