IssueTracker

After adding androidx.car.app:app:1.4.0-beta02 dependency into my Android (Java) project, I got a weird compilation error:

error: cannot access ListenableFuture
public class OsmUploadWork extends Worker
       ^
  class file for com.google.common.util.concurrent.ListenableFuture not found

where Worker is androidx.work.Worker.

I have the following dependencies in build.gradle:

  implementation 'androidx.car.app:app:1.4.0-beta02'
  implementation(platform('org.jetbrains.kotlin:kotlin-bom:1.9.10'))
  implementation 'androidx.annotation:annotation:1.7.0'
  implementation 'androidx.appcompat:appcompat:1.6.1'
  implementation 'androidx.constraintlayout:constraintlayout:2.1.4'
  implementation 'androidx.fragment:fragment:1.6.1'
  implementation 'androidx.preference:preference:1.2.1'
  implementation 'androidx.recyclerview:recyclerview:1.3.1'
  implementation 'androidx.work:work-runtime:2.8.1'
  implementation 'androidx.lifecycle:lifecycle-process:2.6.2'
  implementation 'com.google.android.material:material:1.9.0'
  implementation 'com.google.code.gson:gson:2.10.1'
  implementation 'com.github.devnullorthrow:MPAndroidChart:3.2.0-alpha'
  implementation 'net.jcip:jcip-annotations:1.0'
  implementation 'com.google.android.gms:play-services-location:21.0.1'

./gradlew app:dependencies (see gradle-app-dependencies.txt attached) shows that com.google.guava:listenablefuture:1.0 is replaced by 9999.0-empty-to-avoid-conflict-with-guava, which is probably an empty stub that doesn't have the actual implementation.

Further googling brought me to https://developer.android.com/jetpack/androidx/releases/concurrent#concurrent-listenableFuture-1.0.0-beta01:

androidx.concurrent:concurrent-listenablefuture:1.0.0-beta01 and androidx.concurrent:concurrent-listenablefuture-callback:1.0.0-beta01 are released. The commits included in this version can be found here.

These libraries provide a standalone equivalent to Guava’s ListenableFuture interface and an adapter for converting callbacks.

The previously-released androidx.concurrent:concurrent-futures artifact, which provided a similar adapter and included the com.google.guava:listenablefuture artifact, may be problematic for developers using toolchains -- such as Android Gradle Plugin 3.4.0 -- with strict dependency resolution matching. Developers who do not rely on the full Guava library are advised to switch to androidx.concurrent:concurrent-listenablefuture-callback.

It sounds like com.google.common.util.concurrent.ListenableFuture has been extracted to androidx.concurrent:concurrent-listenablefuture-callback and there is no need to depend on entire com.google.guava:guava:31.1-android for that.

I grepped https://github.com/androidx/androidx/tree/androidx-main/car/app/app for com.google.common that found just few usages of the guava library:

grep -R "com.google.common" androidx/car/app/app/src|grep -vi test
androidx/car/app/app/src/main/java/androidx/car/app/hardware/climate/CabinTemperatureProfile.java:import com.google.common.collect.ImmutableMap;
androidx/car/app/app/src/main/java/androidx/car/app/navigation/model/constraints/ContentTemplateConstraints.java:import com.google.common.collect.ImmutableSet;
androidx/car/app/app/src/main/java/androidx/car/app/SessionInfo.java:import com.google.common.collect.ImmutableSet;

It looks like that apart from ListenableFuture (which is already extracted by a separate library) only ImmutableMap from guava is used. Is ImmutableMap worth it? Guava is a huge monolith library full of bugs and vulnerabilities (see CVE-2023-2976 CVE-2020-8908). I would prefer not to have my project rely on Guava library.

Please consider removing all minor usages of ⁣com.google.guava:guava (besides ListenableFuture) from ⁣androidx.car.app:app to make life easier for all Android developers. ListenableFuture is already available from androidx.concurrent:concurrent-listenablefuture-callback, which is also androidx and probably even hosted in the same repository as ⁣androidx.car.app:app.