javaandroidgradle

Could not find com.google.android.exoplayer:exoplayer-core:2.12.1

When I attempt to make my Android project it fails with:

Could not find com.google.android.exoplayer:exoplayer-core:2.12.1
Could not find com.google.android.exoplayer:exoplayer-ui:2.12.1

The make worked fine months ago when I had cached versions of those two packages. I have been building that project for some years without issues. I use the following gradle config:

buildscript {
    repositories {
        jcenter()
        maven {
            url 'https://maven.google.com/'
            name 'Google'
        }
        google()
    }
}

allprojects {
    repositories {
        jcenter()
        google()
        maven { url 'https://jitpack.io' }
    }
}

I discovered that this issue is related to deprecation of jcenter (Could not find com.google.android.exoplayer:exoplayer:2.11.4). Sadly, I cannot upgrade to the 2.13.x which is available on google(). I am trying to find alternative solutions. I have searched mvnrepository.com and could not find the version I want except for jcenter. Though, I found exoplayer-core-2.12.1-sources.jar on the amazon package.

https://central.sonatype.com/artifact/com.amazon.android/exoplayer-core/versions

Upon adding that to my gradle file:

implementation 'com.amazon.android:exoplayer-core:2.12.1'
implementation 'com.amazon.android:exoplayer-ui:2.12.1'

I was able to make/build with no errors. Now, my questions are. Is this a proper way to handle this issue or are there any implications for using the amazon package? Will I need to change anything in my project since I used this package from amazon? Am I right to assume that exoplayer-core-2.12.1-sources.jar on is untouched jar of exoplayer-core 2.12.1? (https://repo1.maven.org/maven2/com/amazon/android/exoplayer-core/2.12.1/)

Thank you.

Solution

  • Is this a proper way to handle this issue

    IMHO, no. I would focus on the "not able to upgrade" problem. Anything that processes Internet data needs to stay on up-to-date versions of actively-maintained components, to deal with security issues.

    are there any implications for using the amazon package?

    If we assume that those artifacts are from this GitHub repo, then Amazon has seemingly abandoned it.

    Also, AFAICT, neither that GitHub repo nor Amazon's docs indicate that those Maven artifacts are published by Amazon. As such, you have no idea what is in them.

    Will I need to change anything in my project since I used this package from amazon?

    I have no way to know for certain, sorry. One would hope that Amazon tried to maintain API level compatibility, based on their explanation of the project.

    Am I right to assume that exoplayer-core-2.12.1-sources.jar on is untouched jar of exoplayer-core 2.12.1?

    I do not know what you mean by "untouched". Amazon claims to have modified ExoPlayer. In addition, you have no way to know that the sources in that JAR compile to the same stuff in the published compiled JAR.