I was kind of hoping that the latest version of the Auth0 Java libraries might have finally dealt with this problem, but alas no.
com.auth0:auth0:2.15.0 has dependencies on com.squareup.okhttp3:okhttp:jar:4.11.0 and com.squareup.okhttp3:logging-interceptor:jar:4.11.0 which has conflicting dependency declarations for versions 1.6.10 and 1.6.20 of org.jetbrains.kotlin:kotlin-stdlib-jdk8:jar
Instead of pushing these dependency conflicts onto your users, who have to guess what you intention might be. How about you deal with these conflicts yourselves and either
Explicitly exclude the dep you don’t want
Choose not conflicting versions of the OkHttp libraries.
Dependency convergence error for org.jetbrains.kotlin:kotlin-stdlib-jdk8:jar:1.6.20 paths to dependency are:
[ERROR] +-au.com.xandar.wylas:licence-server:war:47-SNAPSHOT
[ERROR] +-com.auth0:auth0:jar:2.15.0:compile
[ERROR] +-com.squareup.okhttp3:okhttp:jar:4.11.0:compile
[ERROR] +-org.jetbrains.kotlin:kotlin-stdlib-jdk8:jar:1.6.20:compile
[ERROR] and
[ERROR] +-au.com.xandar.wylas:licence-server:war:47-SNAPSHOT
[ERROR] +-com.auth0:auth0:jar:2.15.0:compile
[ERROR] +-com.squareup.okhttp3:logging-interceptor:jar:4.11.0:compile
[ERROR] +-org.jetbrains.kotlin:kotlin-stdlib-jdk8:jar:1.6.10:compile
And strongly suggest you start using the maven-enforcer-plugin so you don’t inadvertently publish broken libraries in the future.
Thank you for posting your question. I’ve seen that our SDK team released Auth0-Java 2.16 a few hours ago. Do you mind checking if these conflicts persist in the newest version? If they won’t be resolved, can you open up an issue on the repository and share the link here? I will ping the repo maintainers to check your question.
Thank you, and I apologize for the inconvenience.
Dawid