Use specific transitive dependencies

[pjakubczyk]

Hi team,

I would like to point that the SDK uses LATEST tag (aka *) in transitive dependencies

+--- com.taplytics.sdk:taplytics:1.29.0
|    +--- com.android.volley:volley:+ -> 1.1.1
|    +--- io.socket:socket.io-client:+ -> 1.0.0
|    |    \--- io.socket:engine.io-client:1.0.0
|    +--- com.android.support:recyclerview-v7:26.+ -> 27.1.1 (*)
|    \--- com.android.support:support-fragment:26.+ -> 27.1.1 (*)

There are two issues here: 1) It doesn't provide an exact information against which version the SDK has been tested. 2) Calling Gradle to assemble ./gradlew assemble without changing any code takes 2-4 more seconds Gradle needs to make a GET call to Maven Repository to check what is the latest version of recyclerview-v7 or support-fragment.

In general it's not a good practise to use the LATEST tag in production code. Imagine the situation when a new version of socket.io-client has been released which is not compatible with Taplytics-Android-SDK and it breaks our projects.

[sjavier23]

Hey @pjakubczyk, thanks for reaching out! The team will take a look at this and keep you posted on the status.

[erawhctim]

@pjakubczyk How did you generate that transitive dependency output?