Skip to content

fix: [SDK-4160] exclude OkHttp 5.x from otel module transitive dependencies#2577

Closed
fadi-george wants to merge 2 commits into
5.7-mainfrom
fadi/sdk-4160-bug-onesignal-571-causes-okhttp-runtime-incompatibility
Closed

fix: [SDK-4160] exclude OkHttp 5.x from otel module transitive dependencies#2577
fadi-george wants to merge 2 commits into
5.7-mainfrom
fadi/sdk-4160-bug-onesignal-571-causes-okhttp-runtime-incompatibility

Conversation

@fadi-george

@fadi-george fadi-george commented Mar 17, 2026

Copy link
Copy Markdown
Contributor

Description

One Line Summary

Exclude OkHttp 5.x transitive dependency from the otel module to prevent runtime crashes in consumers using OkHttp 4.x.

Details

Motivation

The otel module (added in 5.7.0) depends on opentelemetry-exporter-otlp, which transitively pulls in okhttp-jvm:5.2.1 via opentelemetry-exporter-sender-okhttp. OkHttp 5.x is binary-incompatible with OkHttp 4.x — specifically, okhttp3.internal.Util was removed in 5.x.

When a consumer (e.g. a React Native app) also depends on OkHttp 4.x, Gradle's conflict resolution upgrades everything to 5.2.1 (since OkHttp 5.x's module metadata declares okhttp-jvm replaces okhttp). This causes a NoClassDefFoundError: okhttp3/internal/Util crash at runtime when React Native's networking stack (ReactCookieJarContainerJavaNetCookieJar) handles cookies.

Dependency chain:

com.onesignal:core:5.7.x
  → com.onesignal:otel:5.7.x
    → io.opentelemetry:opentelemetry-exporter-otlp:1.55.0
      → io.opentelemetry:opentelemetry-exporter-sender-okhttp:1.55.0
        → com.squareup.okhttp3:okhttp-jvm:5.2.1  ← breaks OkHttp 4.x consumers

Scope

  • Excludes com.squareup.okhttp3 group from opentelemetry-exporter-otlp transitive dependencies
  • Explicitly provides com.squareup.okhttp3:okhttp:4.12.0 (latest stable 4.x)
  • OpenTelemetry's sender-okhttp uses standard public OkHttp APIs that are compatible with 4.x
  • No changes to public API or behavior

Fixes #2575

Testing

Unit testing

All existing otel module unit tests pass (./gradlew :OneSignal:otel:testReleaseUnitTest).

Manual testing

Verified via ./gradlew :OneSignal:otel:dependencies --configuration releaseRuntimeClasspath that okhttp-jvm:5.2.1 no longer appears in the dependency tree and okhttp:4.12.0 is resolved instead.

Tested crash logs
Screenshot 2026-03-17 at 11 16 55 AM

Affected code checklist

  • Notifications
  • Outcomes
  • Sessions
  • In-App Messaging
  • REST API requests
  • Public API changes

Checklist

Overview

  • I have filled out all REQUIRED sections above
  • PR does one thing
  • Any Public API changes are explained in the PR details and conform to existing APIs

Testing

  • I have included test coverage for these changes, or explained why they are not needed
  • All automated tests pass, or I explained why that is not possible
  • I have personally tested this on my device, or explained why that is not possible

Final pass

  • Code is as readable as possible.
  • I have reviewed this PR myself, ensuring it meets each checklist item

Made with Cursor

…encies

The otel module's opentelemetry-exporter-otlp transitively pulls in
okhttp-jvm 5.x via opentelemetry-exporter-sender-okhttp. OkHttp 5.x is
binary-incompatible with consumers that depend on OkHttp 4.x (e.g. React
Native's networking stack references okhttp3.internal.Util which was
removed in 5.x), causing NoClassDefFoundError crashes at runtime.

Exclude the com.squareup.okhttp3 group from the OTLP exporter and
explicitly provide okhttp 4.12.0 instead.

Fixes #2575

Made-with: Cursor
fadi-george added a commit to OneSignal/react-native-onesignal that referenced this pull request Mar 17, 2026
The OkHttp 5.x incompatibility is being fixed in the Android SDK's otel
module (OneSignal/OneSignal-Android-SDK#2577). Remove the workaround
from this wrapper since resolutionStrategy.force in a library's
build.gradle does not propagate to the consuming app's resolution.

Made-with: Cursor
fixes issue when logging it when anonymous
implementation('io.opentelemetry:opentelemetry-exporter-otlp') {
exclude group: 'com.squareup.okhttp3'
}
implementation 'com.squareup.okhttp3:okhttp:4.12.0'

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can you please move the version number out in the root project?

@fadi-george

Copy link
Copy Markdown
Contributor Author

I think I want to go with RN side fix for now @abdulraqeeb33

@fadi-george fadi-george deleted the fadi/sdk-4160-bug-onesignal-571-causes-okhttp-runtime-incompatibility branch March 17, 2026 23:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants