Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Updating 'stripeterminal' version from '3.2.1' to '3.3.0' or '3.3.1' #433

Closed
TTRuslan opened this issue Feb 22, 2024 · 2 comments
Closed

Updating 'stripeterminal' version from '3.2.1' to '3.3.0' or '3.3.1' #433

TTRuslan opened this issue Feb 22, 2024 · 2 comments

Comments

@TTRuslan
Copy link

Summary

Attempts to update 'stripeterminal' SDK from version '3.2.1' to '3.3.0' or '3.3.1' and build app leads to this error:

Execution failed for task ':app:checkDebugDuplicateClasses'.
Could not resolve all files for configuration ':app:debugRuntimeClasspath'.
Failed to transform jackson-core-2.16.0.jar (com.fasterxml.jackson.core:jackson-core:2.16.0) to match attributes {artifactType=enumerated-runtime-classes, org.gradle.category=library, org.gradle.dependency.bundling=external, org.gradle.libraryelements=jar, org.gradle.status=release, org.gradle.usage=java-runtime}.
> Execution failed for JetifyTransform: /Users/USER/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-core/2.16.0/899e5cf01be55fbf094ad72b2edb0c5df99111ee/jackson-core-2.16.0.jar.
> Failed to transform '/Users/USER/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-core/2.16.0/899e5cf01be55fbf094ad72b2edb0c5df99111ee/jackson-core-2.16.0.jar' using Jetifier. Reason: IllegalArgumentException, message: Unsupported class file major version 63. (Run with --stacktrace for more details.)
Suggestions:
- Check out existing issues at https://issuetracker.google.com/issues?q=componentid:460323&s=modified_time:desc, it's possible that this issue has already been filed there.
- If this issue has not been filed, please report it at https://issuetracker.google.com/issues/new?component=460323 (run with --stacktrace and provide a stack trace if possible).

Code to reproduce

build.gradle (:app)

def stripeTerminalVer = "3.3.1"
implementation("com.stripe:stripeterminal-localmobile:$stripeTerminalVer")
implementation "com.stripe:stripeterminal-core:$stripeTerminalVer"

gradle.properties

android.enableJetifier=true

Then build android app

Please note we tried newest version of gradle and checked conflicts with empty project

Gradle 7.3.3
Build time: 2021-12-22 12:37:54 UTC
Revision: 6f556c80f945dc54b50e0be633da6c62dbe8dc71

Kotlin: 1.5.31
Groovy: 3.0.9
Ant: Apache Ant(TM) version 1.10.11 compiled on July 10 2021
JVM: 17.0.2 (Eclipse Adoptium 17.0.2+8)
OS: Mac OS X 14.2 aarch64

Android version

Android 11

SDK version

com.stripe:stripeterminal-localmobile '3.3.0' and '3.3.1'

Other information

We tried to update/change gradle and JDK versions but it didn't solve issues.

Our investigation lead to conflict with android.enableJetifier=true from gradle.properties. Unfortunately it's not possible for us at this moment to disable Jetifier.
Only ways we could use latest SDK are:

  1. By manually excluding new dependency

def stripeTerminalVer = "3.3.1"
implementation("com.stripe:stripeterminal-localmobile:$stripeTerminalVer") {
exclude group: 'com.fasterxml.jackson.core', module: 'jackson-databind'
}
)

And potentially use old version of fasterxml.jackson that you had at last version ('3.2.1') com.fasterxml.jackson.core:jackson-databind:2.14.1

  1. Other (better way) we found is to include new dependency to jetifier ignore list android.jetifier.ignorelist=jackson-core-2.16.0.jar

./gradlew app:dependencies for new version (core:jackson with v2.16.0)

+--- com.stripe:stripeterminal-localmobile:3.3.1
| +--- androidx.databinding:viewbinding:8.2.1 ()
| +--- org.jetbrains.kotlin:kotlin-stdlib-jdk8:1.9.10 ()
| +--- org.jetbrains.kotlin:kotlin-parcelize-runtime:1.9.10 ()
| +--- androidx.annotation:annotation:1.7.1 ()
| +--- androidx.constraintlayout:constraintlayout:2.1.4 ()
| +--- androidx.core:core-ktx:1.12.0 ()
| +--- androidx.fragment:fragment-ktx:1.6.2 ()
| +--- androidx.lifecycle:lifecycle-viewmodel-ktx:2.7.0 ()
| +--- com.scottyab:rootbeer-lib:0.1.0
| +--- com.google.android.gms:play-services-safetynet:18.0.1
| | +--- com.google.android.gms:play-services-base:18.0.1 ()
| | +--- com.google.android.gms:play-services-basement:18.0.0 -> 18.1.0 ()
| | --- com.google.android.gms:play-services-tasks:18.0.1 -> 18.0.2 ()
| +--- com.google.android.play:integrity:1.1.0
| | +--- com.google.android.gms:play-services-basement:18.1.0 ()
| | --- com.google.android.gms:play-services-tasks:18.0.2 ()
| +--- com.google.android.material:material:1.11.0 ()
| +--- com.google.dagger:dagger:2.50 ()
| +--- com.google.code.gson:gson:2.10.1
| +--- com.squareup.okhttp3:okhttp:4.12.0 ()
| +--- io.reactivex.rxjava3:rxjava:3.1.8
| | --- org.reactivestreams:reactive-streams:1.0.4
| +--- org.jetbrains.kotlinx:kotlinx-coroutines-core:1.7.3 ()
| +--- org.jetbrains.kotlinx:kotlinx-coroutines-android:1.7.3 ()
| +--- com.squareup.wire:wire-moshi-adapter:4.9.3
| | +--- com.squareup.wire:wire-runtime:4.9.3
| | | --- com.squareup.wire:wire-runtime-jvm:4.9.3
| | | +--- org.jetbrains.kotlin:kotlin-stdlib-jdk8:1.9.10 ()
| | | +--- com.squareup.okio:okio:3.6.0 ()
| | | --- org.jetbrains.kotlin:kotlin-stdlib-common:1.9.10 -> 1.9.21 ()
| | +--- com.squareup.moshi:moshi:1.15.0
| | | +--- com.squareup.okio:okio:2.10.0 -> 3.6.0 ()
| | | --- org.jetbrains.kotlin:kotlin-stdlib-jdk8:1.8.21 -> 1.9.10 ()
| | --- org.jetbrains.kotlin:kotlin-stdlib-jdk8:1.9.10 ()
| +--- com.fasterxml.jackson.core:jackson-databind:2.16.0
| | +--- com.fasterxml.jackson.core:jackson-annotations:2.16.0
| | | --- com.fasterxml.jackson:jackson-bom:2.16.0
| | | +--- com.fasterxml.jackson.core:jackson-annotations:2.16.0 (c)
| | | +--- com.fasterxml.jackson.core:jackson-core:2.16.0 (c)
| | | --- com.fasterxml.jackson.core:jackson-databind:2.16.0 (c)
| | +--- com.fasterxml.jackson.core:jackson-core:2.16.0
| | | --- com.fasterxml.jackson:jackson-bom:2.16.0 ()
| | --- com.fasterxml.jackson:jackson-bom:2.16.0 ()

./gradlew app:dependencies for old version (core:jackson with v2.14.1)

+--- com.stripe:stripeterminal-localmobile:3.2.1
| +--- androidx.databinding:viewbinding:7.4.2 -> 8.1.4 ()
| +--- org.jetbrains.kotlin:kotlin-stdlib-jdk8:1.8.22 ()
| +--- org.jetbrains.kotlin:kotlin-parcelize-runtime:1.8.22 ()
| +--- androidx.annotation:annotation:1.7.0 ()
| +--- androidx.constraintlayout:constraintlayout:2.1.4 ()
| +--- androidx.core:core-ktx:1.10.1 ()
| +--- androidx.fragment:fragment-ktx:1.6.1 ()
| +--- androidx.lifecycle:lifecycle-viewmodel-ktx:2.6.2 ()
| +--- com.scottyab:rootbeer-lib:0.0.9
| +--- com.google.android.gms:play-services-safetynet:18.0.1
| | +--- com.google.android.gms:play-services-base:18.0.1 ()
| | +--- com.google.android.gms:play-services-basement:18.0.0 -> 18.1.0 ()
| | --- com.google.android.gms:play-services-tasks:18.0.1 -> 18.0.2 ()
| +--- com.google.android.play:integrity:1.1.0
| | +--- com.google.android.gms:play-services-basement:18.1.0 ()
| | --- com.google.android.gms:play-services-tasks:18.0.2 ()
| +--- com.google.android.material:material:1.10.0 ()
| +--- com.google.dagger:dagger:2.47 ()
| +--- com.google.code.gson:gson:2.10.1
| +--- com.squareup.okhttp3:okhttp:4.11.0 ()
| +--- io.reactivex.rxjava3:rxjava:3.1.8
| | --- org.reactivestreams:reactive-streams:1.0.4
| +--- org.jetbrains.kotlinx:kotlinx-coroutines-core:1.7.3 ()
| +--- org.jetbrains.kotlinx:kotlinx-coroutines-android:1.7.3 ()
| +--- com.squareup.wire:wire-moshi-adapter:4.8.1
| | +--- com.squareup.wire:wire-runtime:4.8.1
| | | --- com.squareup.wire:wire-runtime-jvm:4.8.1
| | | +--- org.jetbrains.kotlin:kotlin-stdlib-jdk8:1.8.20 -> 1.8.22 ()
| | | +--- com.squareup.okio:okio:3.4.0 ()
| | | --- org.jetbrains.kotlin:kotlin-stdlib-common:1.8.20 -> 1.8.22
| | +--- com.squareup.moshi:moshi:1.13.0 -> 1.15.0
| | | +--- com.squareup.okio:okio:2.10.0 -> 3.4.0 ()
| | | --- org.jetbrains.kotlin:kotlin-stdlib-jdk8:1.8.21 -> 1.8.22 ()
| | --- org.jetbrains.kotlin:kotlin-stdlib-jdk8:1.8.20 -> 1.8.22 ()
| +--- com.fasterxml.jackson.core:jackson-databind:2.14.1
| | +--- com.fasterxml.jackson.core:jackson-annotations:2.14.1
| | | --- com.fasterxml.jackson:jackson-bom:2.14.1
| | | +--- com.fasterxml.jackson.core:jackson-annotations:2.14.1 (c)
| | | +--- com.fasterxml.jackson.core:jackson-core:2.14.1 (c)
| | | --- com.fasterxml.jackson.core:jackson-databind:2.14.1 (c)
| | +--- com.fasterxml.jackson.core:jackson-core:2.14.1
| | | --- com.fasterxml.jackson:jackson-bom:2.14.1 ()
| | --- com.fasterxml.jackson:jackson-bom:2.14.1 (*)

Question

Is there any way you can fix this issue from your side?
@ugochukwu-stripe
Copy link
Contributor

ugochukwu-stripe commented Feb 28, 2024
edited
Loading

Hi @TTRuslan , thanks for reporting this as well your mitigation.
Unfortunately we are not able to do much from the sdk's side since we moved off the earlier jackson version because it has a known vulnerability 1. The issue tracking 2 the build error you're seeing, suggests what you're doing as the work around 👍

Footnotes

  1. https://nvd.nist.gov/vuln/detail/CVE-2023-35116

  2. https://issuetracker.google.com/issues/283715193

@dmatthews-stripe
Copy link
Collaborator

Hi @TTRuslan , we will be closing this ticket due to inactivity. If you have any further issues, please feel free to open up another ticket.

@nazli-stripe nazli-stripe mentioned this issue Apr 2, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ugochukwu-stripe @dmatthews-stripe @TTRuslan