Dependency version issues when updating from v3.19.0 to 3.22.0 #253
Comments
|
Thank you for reaching out. One of our engineers will come back to you shortly. |
|
Is there any update or response on this? |
|
Hi @jwill0213, The dependency change was an unintentional change that was made in the process of the new release being generated. Our team has identified the potential source and we're working to bring the shaded jar back. Keep an eye out for 3.23.1 over the course of the next week or so. Thanks for your suggestion regarding the updating of dependencies. We will consider that for the next release. |
|
@sebastianmgwozdz thank you for the update! Will be on the lookout for the new versions. |
@sebastianmgwozdz any update on this? As far as I can see, 3.22.0 is still the last release available, and it's been almost a month already. |
|
@jwill0213 @FyiurAmron Thank you for your patience! We have released 3.23.0 as of this morning which includes a shaded jar version. Please let us know if anything is still unresolved. |
When upgrading to v3.19.0 this past summer external dependencies were no longer declared (related issue #234). As such we explicitly declared all of our dependency versions when updating. However now we are updating to 3.22.0 and getting errors that it is trying to pull in old versions of libraries.
Why was this change introduced in 3.19.0 seemingly reverted in 3.22.0? And why was there no mention of this change in any sort of release note? Is there plans to include a shaded jar for 3.22.0? Trying to update to this version from 3.19.0 is a breaking change and should be mentioned somewhere.
Also is there plans to update dependencies that have vulnerabilities? Both jackson-databind and jersey common have new minor versions that were out before 3.22.0 was released with fixes to the vulnerabilities.
https://mvnrepository.com/artifact/com.docusign/docusign-esign-java/3.22.0
The text was updated successfully, but these errors were encountered: