search

launchdarkly / api-client-java

LaunchDarkly API Client for Java
Other
4 stars 8 forks source link

stop using deprecated `okhttp` v2, upgrade to at least `okhttp3` #8

Closed estraph closed 3 years ago

estraph commented 3 years ago

This API client currently depends on OkHttp v2:

https://github.com/launchdarkly/api-client-java/blob/ffca8431f21be58b54a7f4110f0119abdafcfa92/pom.xml#L235

V2 is considered to be deprecated since okhttp3 was released in 2016:

This release obsoletes OkHttp 2.x, and all code that uses OkHttp’s com.squareup.okhttp package should upgrade to the okhttp3 package. Libraries that depend on OkHttp should upgrade quickly to prevent applications from being stuck on the old version.

We had a specific case recently where this caused problems. Some newer code of ours which uses okhttp3 pulls in okio 2.x as a transitive dependency. But because this LD API client code uses okhttp 2.7.5 and indirectly depends on okio 1.6.0, we have a dependency conflict: the newer okhttp3 cannot work with okio 1.6.0, and the older okhttp v2 used by the LD API client cannot work with the newer okio 2.x.

Please upgrade to a more recent version of okhttp to prevent issues in newer applications using this client.

bwoskow-ld commented 3 years ago

Hi @estraph ,

Thanks for filing this issue. I understand your frustration around okhttp 2.7.5 -- indeed, that's really old. The problem is that LaunchDarkly isn't directly responsible for defining the dependency version. api-client-java is auto-generated, along with client libraries in other languages, by swagger-codegen based on our OpenAPI spec.

I see other developers have complained about this issue too (examples one and two). I checked the source code of the newest 2.x. swagger-codegen release (2.4.17 as of this writing) and see that these issues remain unresolved. Because of this, the problem isn't simple for us to solve.

The good news is that we (LaunchDarkly) are in the process of updating our OpenAPI spec from v2 to v3. In doing so we will bump from swagger-codegen 2.4.x to 3.x, and from what I can tell (unconfirmed -- only from a quick reading of the swagger-codegen source code) I believe that a newer okhttp version dependency is defined on the 3.x branch. Technically both 2.x and 3.x branches remain supported by the swagger-codegen maintainers however I've noticed in a few other cases as well where the project maintainers have opted against fixing non-trivial issues on the 2.x branch, and an okhttp version bump likely fell into this category.

Even so, once we finish with our ongoing OpenAPI work, my hope is that we'll be able to release a version of api-client-java which depends on a more modern okhttp version. I can't provide a timeline/ETA, though; there are a lot of moving pieces on this project. At a minimum, though, at least you can know that we're working on it.

Cheers, @bwoskow-ld