gradle-versions-plugin
gradle-versions-plugin copied to clipboard
ben-manes
Error with common.io
We get commons-io:commons-io [2.8.0 -> 20030203.000550]
However, looking at [https://mvnrepository.com/artifact/commons-io/commons-io](Maven Repository)
This is the oldest version.
This may depend on what repositories you have configured. When I run against mavenCentral() then it determines 2.8.0 is the latest, which matches the maven-metadata.xml. Since they did release in a form that violates Maven's version rules, it isn't surprising for Gradle to decide that 2003 is the latest. If you can't find the root cause, then you can use a resolutionStrategy to simply reject this version from the report.
Would it be possible to look at the release date of versions? 2.11.0 from Jul, 2021 is newer than 20030203.000550 dated Nov, 2005. Also, I was expected dependencyUpdates.resolutionStrategy to allow me to reject this oldest version so that it would pick 2.11.0, but instead it just decides that nothing newer than 2.6 is available. My project is configured for commons-io:commons-io:2.6. I'm using:
allprojects {
apply plugin: com.github.benmanes.gradle.versions.VersionsPlugin
tasks.named("dependencyUpdates").configure {
dependencyUpdates.resolutionStrategy {
componentSelection { rules ->
rules.all { ComponentSelection selection ->
boolean isNonFinalVersion = ['alpha', 'beta', 'rc', 'cr', 'm'].any { qualifier ->
selection.candidate.version ==~ /(?i).*[.-]${qualifier}[.\d-]*/
}
if(!isNonFinalVersion) {
isNonFinalVersion = ['2003','2004'].any { qualifier ->
selection.candidate.version ==~ /${qualifier}[.\d-]{1,}*/
}
}
if (isNonFinalVersion) {
selection.reject('Release candidate')
}
}
}
}
}
}
Is there a way for me to reject versions starting with 2003 or 2004 without causing it to ignore 2.11.0?
Never mind, I got it to pick 2.11.0 with as follows:
allprojects {
apply plugin: com.github.benmanes.gradle.versions.VersionsPlugin
tasks.named("dependencyUpdates").configure {
dependencyUpdates.resolutionStrategy {
componentSelection { rules ->
rules.all { ComponentSelection selection ->
boolean isNonFinalVersion = ['alpha', 'beta', 'rc', 'cr', 'm','003','004'].any { qualifier ->
selection.candidate.version ==~ /(?i)[.\d-]{1,}${qualifier}[.\d-]{1,}/
}
if (isNonFinalVersion) {
selection.reject('Release candidate')
}
}
}
}
}
}
The resolutionStrategy concepts and parameter types come from Gradle, so there are limitations of how much we can enhance it. This does have the benefit by us delegating the resolution to their support, which provides consistency and feature development. If you have suggestions to improve that resolution then you can open an issue on their github.
In my own usage I have the following which might help you refine your usage.
def isNonStable = { String version ->
def stableKeyword = ['RELEASE', 'FINAL', 'GA', 'JRE'].any { version.toUpperCase().contains(it) }
def unstableKeyword = ['PREVIEW'].any { version.toUpperCase().contains(it) }
def regex = /^[0-9,.v-]+(-r)?$/
return (!stableKeyword || unstableKeyword) && !(version ==~ regex)
}
dependencyUpdates.rejectVersionIf {
(isNonStable(it.candidate.version) && !isNonStable(it.currentVersion)) ||
(it.candidate.module == 'commons-io' && it.candidate.version.startsWith('2003')) ||
(it.candidate.module == 'commons-net' && it.candidate.version.startsWith('2003'))
}
Hi @ben-manes , I found that the plugin is reporting incorrect latest version of apache compress library.
- org.apache.commons:commons-compress [1.21 -> 3.1.7.2] http://commons.apache.org/compress/
However if we check on official website of apache, the latest is 1.22
What repositories are you using? It means that one has a custom build that you want to avoid.
Use a trusted repository like Maven Central and use content filters on any others that you are forced to include