Update dependencies #908
Update dependencies #908
Conversation
| - **Strict type coercion is enforced.** Gson no longer silently coerces JSON objects or arrays to `String`. If your code relies on this behavior, you will see `JsonSyntaxException`. | ||
| - **Built-in ProGuard/R8 rules are included.** Gson 2.11.0 ships its own keep rules, so you may be able to remove custom Gson ProGuard rules from your project. | ||
|
|
||
| If you need to pin Gson to an older version, you can use Gradle's `resolutionStrategy`: |
There was a problem hiding this comment.
You can also add suggestion to ignore the Gson from the SDK. Add code snippet for the same
| @@ -81,35 +81,35 @@ android { | |||
|
|
|||
| ext { | |||
| okhttpVersion = '4.12.0' | |||
There was a problem hiding this comment.
Okhttp can also be increased to version 5
There was a problem hiding this comment.
OkHttp 5.0.0 is now stable (released July 2025, latest 5.3.2), but it has massive breaking changes: separate JVM/Android artifacts, MockWebServer moved to mockwebserver3 package with new coordinates, RecordedRequest.path renamed to .target, .body is now ByteString, MockResponse is immutable with a Builder, requires Okio 3.x, etc. This would touch virtually every test file.
Will creqate a seperate Ticket and resolve with testcases which are ignored currently.
There was a problem hiding this comment.
Create a ticket to track this
| okhttpVersion = '4.12.0' | ||
| coroutinesVersion = '1.7.3' | ||
| coroutinesVersion = '1.10.2' | ||
| biometricLibraryVersion = '1.1.0' |
There was a problem hiding this comment.
Is there a new version available for biometricLibraryVersion ?
There was a problem hiding this comment.
Biometric version(1.1.0) latest stable release (Jan 2021)
beyond it is alpha (1.4.0-alpha05 as of Dec 2025)
| testImplementation 'org.mockito.kotlin:mockito-kotlin:5.4.0' | ||
| testImplementation "com.squareup.okhttp3:mockwebserver:$okhttpVersion" | ||
| testImplementation "com.squareup.okhttp3:okhttp-tls:$okhttpVersion" | ||
| testImplementation 'com.jayway.awaitility:awaitility:1.7.0' |
There was a problem hiding this comment.
Check where is this used com.jayway.awaitility:awaitility ? If not required , remove them ?
There was a problem hiding this comment.
Awaitility removal ❌ Cannot remove
Awaitility is actively used in 5 test matcher utility files:
CallbackMatcher.java
AuthCallbackMatcher.java
AuthenticationCallbackMatcher.java
MyAccountCallbackMatcher.kt
ManagementCallbackMatcher.java
All import com.jayway.awaitility.Awaitility.await and ConditionTimeoutException.
auth0/build.gradle
Outdated
| testImplementation "com.squareup.okhttp3:mockwebserver:$okhttpVersion" | ||
| testImplementation "com.squareup.okhttp3:okhttp-tls:$okhttpVersion" | ||
| testImplementation 'com.jayway.awaitility:awaitility:1.7.0' | ||
| testImplementation 'org.robolectric:robolectric:4.14.1' |
There was a problem hiding this comment.
Check if robo electric version can also be increased ?
utkrishtsahu
dismissed
pmathew92’s stale review
The merge-base changed after approval.
2 participants
Changes
Updates all SDK dependencies to their latest stable versions compatible with the current toolchain (AGP 8.10.1, compileSdk 36, Kotlin 2.0.21, Java 17).
Build toolchain upgrades:
AGP: 8.8.2 → 8.10.1
Gradle wrapper: 8.10.2 → 8.11.1
compileSdk: 35 → 36
targetSdk: 35 → 36
Runtime dependency updates (build.gradle):
kotlinx-coroutines-core: 1.7.3 → 1.10.2
androidx.credentials: 1.3.0 → 1.5.0
androidx.core:core-ktx: 1.6.0 → 1.15.0
androidx.appcompat: 1.6.0 → 1.7.0
androidx.browser: 1.4.0 → 1.9.0
gson: 2.8.9 → 2.11.0 (2.13.x deferred — internal type renames, less conservative for an SDK)
androidbrowserhelper: 2.4.0 → 2.5.0
Test dependency updates:
mockito-core: 5.7.0 → 5.14.0
mockito-kotlin: 5.1.0 → 5.4.0
espresso-intents: 3.5.1 → 3.6.1
robolectric: 4.14.1 → 4.15.1 (4.16+ drops SDK 21/22 support)
Build plugin:
org.jacoco:org.jacoco.core classpath: 0.8.5 → 0.8.12 (matches existing toolVersion in jacoco.gradle)
Test fixes for Gson 2.11.0 compatibility:
bodyFromRequest helper changed from fun to inline fun in 3 test files to satisfy Gson 2.10+ TypeToken runtime validation
5 call sites changed from to where JSON body contains nested objects (Gson 2.10+ no longer silently coerces objects to String)
References
Please include relevant links supporting this change such as a:
SDK-7723
Testing
Build Passed
Unit Test Passed
Checklist
I have read the Auth0 general contribution guidelines
I have read the Auth0 Code of Conduct
All existing and new tests complete without errors