Should not recommend downgrades

[sebastian-nagel]

See apache/nutch#612 and Nutch fireant build #33:

Should update okhttp from version 4.3.1 to version 3.12.13

Should recommend 4.9.1 instead (cf. https://mvnrepository.com/artifact/com.squareup.okhttp3/okhttp).
A downgrade by a major version is not a good idea and will likely fail due to API incompatibilities.

[lewismc]

Hi @sebastian-nagel thanks for identifying the bug demonstrated through apache/nutch#612
We need to provide a unit tests for this as well.

[lewismc]

Can confirm that this only seems to happen with the okhttp dependency

Should update elasticsearch-rest-high-level-client from version 7.11.1 to version 7.13.1
Should update jsoup from version 1.8.1 to version 1.13.1
Should update okhttp from version 4.3.1 to version 3.12.13   <<<<<<<<<<<<
Should update okhttp-brotli from version 4.3.1 to version 4.9.1
Should update tika-parsers from version 1.25 to version 1.26
Should update xercesImpl from version 2.11.0 to version 2.12.1
Should update jaxen from version 1.1.1 to version 1.2.0
Should update aws-java-sdk-cloudsearch from version 1.10.0 to version 1.12.4
Should update jdom from version 1.1 to version 2.0.2
Should update phantomjsdriver from version 1.2.1 to version 1.4.4
Should update htmlunit-driver from version 2.35.1 to version 2.50.0
Should update selenium-java from version 3.141.5 to version 3.141.59
Should update commons-net from version 1.2.2 to version 3.8.0
Should update lucene-analyzers-common from version 6.4.1 to version 8.8.2
Should update rome from version 1.5.1 to version 1.15.0
Should update nekohtml from version 1.9.19 to version 1.9.22
Should update mahout-math from version 0.10.1 to version 0.13.0
Should update mahout-core from version 0.9 to version 14.1
Should update lucene-core from version 5.5.0 to version 8.8.2
Should update lucene-analyzers-common from version 5.5.0 to version 8.8.2
Should update httpmime from version 4.5.10 to version 4.5.13
Should update solr-solrj from version 8.5.1 to version 8.8.2
Should update httpcore from version 4.4.12 to version 4.4.14
Should update kafka_2.12 from version 1.1.0 to version 2.8.0
Should update connect-json from version 1.1.0 to version 2.8.0
Should update amqp-client from version 5.2.0 to version 5.12.0
Should update nekohtml from version 1.9.19 to version 1.9.22
Should update gson from version 2.8.4 to version 2.8.7

[lewismc]

Here's the JSON response from the com.squareup.okhttp3:okhttp

{
  "responseHeader": {
    "status": 0,
    "QTime": 0,
    "params": {
      "q": "g:com.squareup.okhttp3 AND a:okhttp",
      "core": "gav",
      "indent": "off",
      "fl": "id,g,a,v,p,ec,timestamp,tags",
      "start": "0",
      "sort": "score desc,timestamp desc,g asc,a asc,v desc",
      "rows": "20",
      "wt": "json",
      "version": "2.2"
    }
  },
  "response": {
    "numFound": 77,
    "start": 0,
    "docs": [
      {
        "id": "com.squareup.okhttp3:okhttp:5.0.0-alpha.2",
        "g": "com.squareup.okhttp3",
        "a": "okhttp",
        "v": "5.0.0-alpha.2",
        "p": "jar",
        "timestamp": 1612032214000,
        "ec": [
          ".module.asc.sha256",
          ".jar.sha512",
          ".jar.sha256",
          ".pom.asc.sha512",
          ".pom.sha256",
          "-sources.jar.sha256",
          "-javadoc.jar.asc.sha512",
          ".module.asc.sha512",
          ".pom",
          "-sources.jar.asc.sha256",
          ".jar.asc.sha256",
          ".pom.asc.sha256",
          ".jar.asc.sha512",
          "-javadoc.jar",
          "-sources.jar",
          ".jar",
          ".module",
          "-javadoc.jar.sha512",
          "-javadoc.jar.asc.sha256",
          "-sources.jar.sha512",
          ".module.sha512",
          ".module.sha256",
          "-sources.jar.asc.sha512",
          ".pom.sha512",
          "-javadoc.jar.sha256"
        ],
        "tags": [
          "meticulous",
          "kotlin",
          "client",
          "http",
          "java",
          "square"
        ]
      },
      {
        "id": "com.squareup.okhttp3:okhttp:5.0.0-alpha.1",
        "g": "com.squareup.okhttp3",
        "a": "okhttp",
        "v": "5.0.0-alpha.1",
        "p": "jar",
        "timestamp": 1612031644000,
        "ec": [
          ".module.asc.sha256",
          ".jar.sha512",
          ".jar.sha256",
          ".pom.asc.sha512",
          ".pom.sha256",
          "-sources.jar.sha256",
          "-javadoc.jar.asc.sha512",
          ".module.asc.sha512",
          ".pom",
          "-sources.jar.asc.sha256",
          ".jar.asc.sha256",
          ".pom.asc.sha256",
          "-sources.jar",
          "-javadoc.jar",
          ".jar.asc.sha512",
          ".jar",
          ".module",
          "-javadoc.jar.asc.sha256",
          "-javadoc.jar.sha512",
          "-sources.jar.sha512",
          ".module.sha512",
          ".module.sha256",
          "-sources.jar.asc.sha512",
          ".pom.sha512",
          "-javadoc.jar.sha256"
        ],
        "tags": [
          "meticulous",
          "kotlin",
          "client",
          "http",
          "java",
          "square"
        ]
      },
      {
        "id": "com.squareup.okhttp3:okhttp:3.12.13",
        "g": "com.squareup.okhttp3",
        "a": "okhttp",
        "v": "3.12.13",
        "p": "jar",
        "timestamp": 1612030805000,
        "ec": [
          "-sources.jar",
          "-javadoc.jar",
          ".jar",
          ".pom"
        ],
        "tags": [
          "client",
          "android",
          "http",
          "java",
          "applications"
        ]
      },
      {
        "id": "com.squareup.okhttp3:okhttp:4.9.1",
        "g": "com.squareup.okhttp3",
        "a": "okhttp",
        "v": "4.9.1",
        "p": "jar",
        "timestamp": 1612029666000,
        "ec": [
          ".module.asc.sha256",
          ".jar.sha512",
          ".jar.sha256",
          ".pom.asc.sha512",
          ".pom.sha256",
          "-sources.jar.sha256",
          "-javadoc.jar.asc.sha512",
          ".module.asc.sha512",
          ".pom",
          "-sources.jar.asc.sha256",
          ".jar.asc.sha256",
          ".pom.asc.sha256",
          "-javadoc.jar",
          "-sources.jar",
          ".jar.asc.sha512",
          ".jar",
          ".module",
          "-javadoc.jar.asc.sha256",
          "-javadoc.jar.sha512",
          "-sources.jar.sha512",
          ".module.sha512",
          ".module.sha256",
          "-sources.jar.asc.sha512",
          ".pom.sha512",
          "-javadoc.jar.sha256"
        ],
        "tags": [
          "meticulous",
          "kotlin",
          "client",
          "http",
          "java",
          "square"
        ]
      },
      {
        "id": "com.squareup.okhttp3:okhttp:4.10.0-RC1",
        "g": "com.squareup.okhttp3",
        "a": "okhttp",
        "v": "4.10.0-RC1",
        "p": "jar",
        "timestamp": 1602040928000,
        "ec": [
          ".module.asc.sha256",
          ".jar.sha512",
          ".jar.sha256",
          ".pom.asc.sha512",
          ".pom.sha256",
          "-sources.jar.sha256",
          "-javadoc.jar.asc.sha512",
          ".module.asc.sha512",
          ".pom",
          "-sources.jar.asc.sha256",
          ".jar.asc.sha256",
          ".pom.asc.sha256",
          ".jar.asc.sha512",
          "-javadoc.jar",
          "-sources.jar",
          ".jar",
          ".module",
          "-javadoc.jar.sha512",
          "-javadoc.jar.asc.sha256",
          "-sources.jar.sha512",
          ".module.sha512",
          ".module.sha256",
          "-sources.jar.asc.sha512",
          ".pom.sha512",
          "-javadoc.jar.sha256"
        ],
        "tags": [
          "meticulous",
          "kotlin",
          "client",
          "http",
          "java",
          "square"
        ]
      },
...
}

As you can see, the artifacts are ordered by name not release date. This is an issue.

From analyzing the REST API, sort should be possible as follows

https://search.maven.org/solrsearch/select?q=g:com.squareup.okhttp3%20AND%20a:okhttp&core=gav&start=0&rows=20&p=jar&sort=%22v%20desc

But this doesn't seem to have an impact. I am going to ask the question/file the bug.

[lewismc]

Fixed in #71
Never got a response from the search.maven.org developers so I created a workaround.