square
[4.x] Update Okio to 3.2.0
Just to confirm, this will end up with depending on okio, not okio-jvm, right?
@honnix with this change the new pom.xml for OkHttp is:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<!-- This module was also published with a richer model, Gradle metadata, -->
<!-- which should be used instead. Do not delete the following line which -->
<!-- is to indicate to Gradle or any Gradle module metadata file consumer -->
<!-- that they should prefer consuming it instead. -->
<!-- do_not_remove: published-with-gradle-metadata -->
<modelVersion>4.0.0</modelVersion>
<groupId>com.squareup.okhttp3</groupId>
<artifactId>okhttp</artifactId>
<version>4.11.0-SNAPSHOT</version>
<name>okhttp</name>
<description>Square’s meticulous HTTP client for Java and Kotlin.</description>
<url>https://square.github.io/okhttp/</url>
<licenses>
<license>
<name>The Apache Software License, Version 2.0</name>
<url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
</license>
</licenses>
<developers>
<developer>
<name>Square, Inc.</name>
</developer>
</developers>
<scm>
<connection>scm:git:https://github.com/square/okhttp.git</connection>
<developerConnection>scm:git:ssh://[email protected]/square/okhttp.git</developerConnection>
<url>https://github.com/square/okhttp</url>
</scm>
<dependencies>
<dependency>
<groupId>com.squareup.okio</groupId>
<artifactId>okio-jvm</artifactId>
<version>3.2.0</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.jetbrains.kotlin</groupId>
<artifactId>kotlin-stdlib</artifactId>
<version>1.6.20</version>
<scope>compile</scope>
</dependency>
</dependencies>
</project>
If you have anything else in your project that depends on com.squareup.okio:okio:3.2.0, that transitively depends on com.squareup.okio:okio-jvm:3.2.0 which is where all the code is.
There’s one hazard remaining, which is if your code depends on com.squareup.okio:okio:2.x.y directly, since those 2.x (and 1.x) artifacts contain code. We could try to find a way for this to depend on com.squareup.okio:okio:3.2.0 to force everything to the latest. Hmm...
@yschimke any thoughts on forcing a non -jvm dependency for Maven users? I think it’s probably worth the trouble so Maven users get the right artifacts no matter what transitive deps they have.
<dependencies>
<dependency>
<groupId>com.squareup.okio</groupId>
<artifactId>okio</artifactId>
<version>3.2.0</version>
<scope>compile</scope>
</dependency>
</dependencies>
@yschimke any thoughts on forcing a non
-jvmdependency for Maven users? I think it’s probably worth the trouble so Maven users get the right artifacts no matter what transitive deps they have.<dependencies> <dependency> <groupId>com.squareup.okio</groupId> <artifactId>okio</artifactId> <version>3.2.0</version> <scope>compile</scope> </dependency> </dependencies>
Yeah that would be great!
The idea I think is, as long as okhttp depends on okio (non -jvm one), no matter what okio version user explicitly depends on, it would still be the same artifact and it's up to user to decide which version to choose (usually done by maven enforcer). If we merge this as is, users will need to upgrade to okio 3.2.0 as well.
@swankjesse What's the status of this, if we need a newer okio, does that also bump Kotlin to 1.7.10 for 4.11.0?