Closed dvandegrift closed 3 months ago
Hi @dvandegrift, thanks for writing in.
I don't think this is an issue on this SDK side. When you try mvn dependency:tree
command with the following pom.xml file:
<?xml version="1.0" encoding="UTF-8"?>
<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.mycompany.app</groupId>
<artifactId>my-app</artifactId>
<version>1.0-SNAPSHOT</version>
<name>my-app</name>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
</properties>
<dependencies>
<dependency>
<groupId>com.slack.api</groupId>
<artifactId>slack-api-client</artifactId>
<version>1.39.0</version>
</dependency>
</dependencies>
</project>
the output shows the correct okhttp version as below:
$ mvn dependency:tree
[INFO] Scanning for projects...
[INFO]
[INFO] ----------------------< com.mycompany.app:my-app >----------------------
[INFO] Building my-app 1.0-SNAPSHOT
[INFO] from pom.xml
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- dependency:2.8:tree (default-cli) @ my-app ---
[INFO] com.mycompany.app:my-app:jar:1.0-SNAPSHOT
[INFO] \- com.slack.api:slack-api-client:jar:1.39.0:compile
[INFO] +- com.slack.api:slack-api-model:jar:1.39.0:compile
[INFO] +- com.squareup.okhttp3:okhttp:jar:4.12.0:compile
[INFO] | +- com.squareup.okio:okio:jar:3.6.0:compile
[INFO] | | \- com.squareup.okio:okio-jvm:jar:3.6.0:compile
[INFO] | | \- org.jetbrains.kotlin:kotlin-stdlib-common:jar:1.9.10:compile
[INFO] | \- org.jetbrains.kotlin:kotlin-stdlib-jdk8:jar:1.8.21:compile
[INFO] | +- org.jetbrains.kotlin:kotlin-stdlib:jar:1.8.21:compile
[INFO] | | \- org.jetbrains:annotations:jar:13.0:compile
[INFO] | \- org.jetbrains.kotlin:kotlin-stdlib-jdk7:jar:1.8.21:compile
[INFO] +- com.google.code.gson:gson:jar:2.10.1:compile
[INFO] \- org.slf4j:slf4j-api:jar:1.7.36:compile
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
The possible cause of your situation is due to maven settings for your project. From my past experience, Sping Boot and other major web framework libraries tend to enforce a specific version of okhttp over the one our SDK relies on. There is no workaround for our side. To deal with this situation, you can explicitly have the okhttp dependency in your pom.xml to overwrite the version.
I hope this helps. Since this is not this SDK's issue, plus there is nothing else I can share for you, let me close this issue now. That being said, whenever you have follow-up questions, please feel free to write in!
Thanks @seratch. I can confirm that the issue was indeed caused by importing Spring Boot 2.7.18. After upgrading to Spring Boot 3.2.4, the transitive dependencies were as expected.
The maven distribution of slack-api-client does not specify/honor some of it dependency versions. So instead of distributing with say okhttp version 4.12.0, it is actually released with okhttp version 4.9.3.
The parent pom.xml defines a property as such:
But I believe the parent pom.xml also needs "dependencyManagement" to expose those values to submodules.
or the slack-api-client pom.xml could declare the okhttp.version property there.
Reproducible in:
slack-api-client 1.39.0
The Slack SDK version
com.slack.api:slack-api-client:jar:1.39.0
Java Runtime version
java 17.0.10 2024-01-16 LTS Java(TM) SE Runtime Environment (build 17.0.10+11-LTS-240) Java HotSpot(TM) 64-Bit Server VM (build 17.0.10+11-LTS-240, mixed mode, sharing)
OS info
ProductName: macOS ProductVersion: 14.4.1 BuildVersion: 23E224 Darwin Kernel Version 23.4.0: Fri Mar 15 00:10:42 PDT 2024; root:xnu-10063.101.17~1/RELEASE_ARM64_T6000
Steps to reproduce:
1.39.0
of slack-api-clientmvn dependencies:tree
Expected result:
I expect to see okhttp version 4.12.0
Actual result:
I see okhttp version 4.9.3.