Gradle dependency conflict when using `implementation`

2
votes

I have a project with two gradle modules: lib and app. I just changed lib's build.gradle to stop exposing a dependency (i.e. I moved from api -> implementation). The app module doesn't directly depend on OkHttp logging interceptor so I figure it's better to not expose it.

lib module's build.gradle:

dependencies {
    // api 'com.squareup.okhttp3:logging-interceptor:3.10.0'
    implementation 'com.squareup.okhttp3:logging-interceptor:3.10.0'
    ...
}

app module's build.gradle:

dependencies {
    implementation project(':lib')
    implementation group: 'com.zendesk', name: 'support-providers', version: '2.0.0'
    ...
}

However I'm now seeing a compile problem:

Conflict with dependency 'com.squareup.okhttp3:logging-interceptor' in project ':app'. Resolved versions for runtime classpath (3.10.0) and compile classpath (3.8.1) differ

If I look at project structure I see this:

+--- project :lib
...
+--- com.zendesk:support-providers:2.0.0
|    +--- com.zendesk:core:1.0.0
|    |    +--- com.zendesk:java-common:1.13
|    |    +--- com.google.dagger:dagger:2.12 -> 2.15 (*)
|    |    +--- com.squareup.retrofit2:retrofit:2.3.0
|    |    |    \--- com.squareup.okhttp3:okhttp:3.8.0 -> 3.8.1
|    |    |         \--- com.squareup.okio:okio:1.13.0
|    |    +--- com.squareup.retrofit2:converter-gson:2.3.0
|    |    |    +--- com.squareup.retrofit2:retrofit:2.3.0 (*)
|    |    |    \--- com.google.code.gson:gson:2.7
|    |    +--- com.squareup.okhttp3:logging-interceptor:3.8.1 // <----- SEE HERE
|    |    |    \--- com.squareup.okhttp3:okhttp:3.8.1 (*) 
|    |    +--- com.squareup.okhttp3:okhttp:3.8.1 (*)
|    |    +--- com.android.support:support-annotations:27.0.2 -

lib isn't revealing any of it's dependencies (obviously) and app depends on Zendesk sdk which depends on different version of OkHttp logging interceptor.

I only see two ways to fix this:

  1. revert api -> implementation in lib module, thus exposing logging interceptor to app module
  2. declare a top level dependency on logging interceptor and set to 3.10 to force Zendesk to use latest:

app build.gradle:

dependencies {
    implementation project(':lib')
    implementation group: 'com.zendesk', name: 'support-providers', version: '2.0.0'

    // used just to force zendesk to use 3.10
    implementation 'com.squareup.okhttp3:logging-interceptor:3.10.0' 
    ...
}

Neither of these seem very clean. IMO the app module shouldn't know anything about OkHttp logging interceptor. Is there another option?

If Zendesk updated their library to use implementation for their OkHttp dependency would this solve the problem? Will Gradle let two dependencies use different versions of the same transitive dependency as long as they don't expose to the project as a whole?

1
gradle
docs.gradle.org/current/userguide/… - JB Nizet

1 Answers

4
votes

with Gradle this works a little different ...

one can either enforce the version 3.10.0:

dependencies {
    implementation group: 'com.zendesk', name: 'support-providers', version: '2.0.0'
}

configurations.all() {
    resolutionStrategy.force "com.squareup.okhttp3:logging-interceptor:3.10.0"
}

or just exclude version 3.8.1 (which is leaving nothing but the desired version 3.10.0):

dependencies {
    implementation ('com.zendesk:support-providers:2.0.0") {
        exclude "com.squareup.okhttp3:logging-interceptor:3.8.1"
    }
}