When upgrading from 2.6.3 to 2.8.1 I figured that DevCycle has a strict version requirement now on jackson-module-kotlin. Since Jackson is notoriously known to include parsing issues that need to be fixed as part of our security guidelines, we always enforce the newest Jackson version project-wide across all dependencies, which naturally creates a dependency issue in Gradle:
* What went wrong:
11:41:05 Could not determine the dependencies of task ':app:dataBindingGenBaseClassesDebug'.
11:41:05 > Could not resolve all dependencies for configuration ':app:debugRuntimeClasspath'.
11:41:05 > Could not resolve com.fasterxml.jackson.module:jackson-module-kotlin:{strictly 2.19.1}.
11:41:05 Required by:
11:41:05 project ':app' > project :framework:core-remoteconfig-convention > project :framework:remoteconfig-devcycle > com.devcycle:android-client-sdk:2.8.1
11:41:05 > Cannot find a version of 'com.fasterxml.jackson.module:jackson-module-kotlin' that satisfies the version constraints:
11:41:05 Dependency path: 'project :app' (debugRuntimeClasspath) --> 'project :framework:core-remoteconfig-convention' (releaseRuntimeElements) --> 'project :framework:remoteconfig-devcycle' (releaseRuntimeElements) --> 'com.devcycle:android-client-sdk:2.8.1' (releaseVariantReleaseRuntimePublication) --> 'com.fasterxml.jackson.module:jackson-module-kotlin:{strictly 2.19.1}'
11:41:05 Constraint path: 'project :app' (debugRuntimeClasspath) --> 'project :framework:core-remoteconfig-convention' (releaseRuntimeElements) --> 'project :framework:remoteconfig-devcycle' (releaseRuntimeElements) --> 'com.devcycle:android-client-sdk:2.8.1' (releaseVariantReleaseRuntimePublication) --> 'com.fasterxml.jackson.core:jackson-databind:2.21.4' (runtimeElements) --> 'com.fasterxml.jackson:jackson-bom:2.21.4' (platform-runtime) --> 'com.fasterxml.jackson.module:jackson-module-kotlin:2.21.4'
So I can override / force my version on top of the strictly requested one, but I'd still like to know the rationale why you fix the Jackson version to that particular version?
When upgrading from 2.6.3 to 2.8.1 I figured that DevCycle has a strict version requirement now on
jackson-module-kotlin. Since Jackson is notoriously known to include parsing issues that need to be fixed as part of our security guidelines, we always enforce the newest Jackson version project-wide across all dependencies, which naturally creates a dependency issue in Gradle:So I can override / force my version on top of the strictly requested one, but I'd still like to know the rationale why you fix the Jackson version to that particular version?