search

docusign / docusign-esign-java-client

The Official Docusign Java Client Library used to interact with the eSignature REST API. Send, sign, and approve documents using this client.
https://javadoc.io/doc/com.docusign/docusign-esign-java/latest/index.html
MIT License
104 stars 95 forks source link

Dependency version issues when updating from v3.19.0 to 3.22.0 #253

Closed jwill0213 closed 1 year ago

jwill0213 commented 1 year ago

When upgrading to v3.19.0 this past summer external dependencies were no longer declared (related issue https://github.com/docusign/docusign-esign-java-client/issues/234). As such we explicitly declared all of our dependency versions when updating. However now we are updating to 3.22.0 and getting errors that it is trying to pull in old versions of libraries.

Why was this change introduced in 3.19.0 seemingly reverted in 3.22.0? And why was there no mention of this change in any sort of release note? Is there plans to include a shaded jar for 3.22.0? Trying to update to this version from 3.19.0 is a breaking change and should be mentioned somewhere.

Also is there plans to update dependencies that have vulnerabilities? Both jackson-databind and jersey common have new minor versions that were out before 3.22.0 was released with fixes to the vulnerabilities.

https://mvnrepository.com/artifact/com.docusign/docusign-esign-java/3.22.0

DSDemo-LeandroReis commented 1 year ago

Thank you for reaching out.

One of our engineers will come back to you shortly.

jwill0213 commented 1 year ago

Is there any update or response on this?

sebastianmgwozdz commented 1 year ago

Hi @jwill0213,

The dependency change was an unintentional change that was made in the process of the new release being generated. Our team has identified the potential source and we're working to bring the shaded jar back. Keep an eye out for 3.23.1 over the course of the next week or so.

Thanks for your suggestion regarding the updating of dependencies. We will consider that for the next release.

jwill0213 commented 1 year ago

@sebastianmgwozdz thank you for the update! Will be on the lookout for the new versions.

FyiurAmron commented 1 year ago

Keep an eye out for 3.23.1 over the course of the next week or so.

@sebastianmgwozdz any update on this? As far as I can see, 3.22.0 is still the last release available, and it's been almost a month already.

sebastianmgwozdz commented 1 year ago

@jwill0213 @FyiurAmron Thank you for your patience! We have released 3.23.0 as of this morning which includes a shaded jar version. Please let us know if anything is still unresolved.