Closed DeannaGelbart closed 2 years ago
By the way, is it safe for me to use versions 1.30.1 and higher in production? I'm asking for two reasons
The /youtube/v3/java/latest/
docs on developers.google.com still have revision 222
in the title and still say java.lang.String part
: https://developers.google.com/resources/api-libraries/documentation/youtube/v3/java/latest/com/google/api/services/youtube/YouTube.Videos.List.html
and the most recent google-api-services-youtube jar with an -rc suffix on maven.org is is version 3-rev222-1.18.0-rc
: https://search.maven.org/artifact/com.google.apis/google-api-services-youtube/
YouTube questions should be asked on StackOverflow
Issue Tracker
@DeannaGelbart I can't speak on behalf of the YouTube team, but if they published it, it's probably the way to go, even if the docs aren't accurate. As I mentioned above, this should be asked on StackOverflow as no one from the youtube team monitors this repository.
Thanks @lesv. I should be able to figure out what to do about the commas. But can Google answer my question above about whether the current release version of this library is 1.31.0 (per Github) or 222-1.18.0-rc (per developers.google.com and the -rc suffix on published jar files)? That seems like a question for Google not the general developer community on Stack Overflow.
There is a critical security advisory against the version of google-oauth-client being pulled in by 222-1.18.0-rc. Hence my question. From JFrog Xray:
Pkce support is not implemented in accordance with the rfc for oauth 2.0 for native apps. without the use of pkce, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized. an attacker is able to obtain the authorization code using a malicious app on the client-side and use it to gain authorization to the protected resource. this affects the package com.google.oauth-client:google-oauth-client before 1.31.0.
The latest is either implementation 'com.google.apis:google-api-services-youtube:v3-rev20210915-1.32.1'
or:
<dependency>
<groupId>com.google.apis</groupId>
<artifactId>google-api-services-youtube</artifactId>
<version>v3-rev20210915-1.32.1</version>
</dependency>
The way to read our current version string: the v3 is the endpoint version - you'll find it in the REST documentation. The rev20210915 is the day the client was created and also when the discovery document was accessed. The 1.32.1 is the version of the client code.
We generally recommend that you use the latest.
Steps to reproduce
Starting with version 1.30.1 of
clients/google-api-services-youtube/v3/VERSION/com/google/api/services/youtube/YouTube.java
, the definition of thepart
field of theList
class changed fromprivate java.lang.String part
toprivate java.util.List<java.lang.String> part
, but the Javadoc documentation still describespart
as acomma-separated list of properties
(this description happens in several places in the file).I guess there are no more commas between properties, and now there's one
String
per property instead? Is that correct?