gradle-versions-plugin
gradle-versions-plugin copied to clipboard
ben-manes
SLF4J milestones returned with returned with -Drevision=release
When running gradlew dependencyUpdates -Drevision=release, SLF4J API milestones are included (e.g. 2.0.0-alpha2). According to this section of the docs, this should only be shown when -Drevision=milestone.
Expected Behavior
-
gradlew dependencyUpdates -Drevision=releaseresults inorg.slf4j:slf4j-api [1.7.29 -> 1.7.30] -
gradlew dependencyUpdates -Drevision=milestoneresults inorg.slf4j:slf4j-api [1.7.29 -> 2.0.0-alpha2]
Actual Behavior
-
gradlew dependencyUpdates -Drevision=releaseresults inorg.slf4j:slf4j-api [1.7.29 -> 2.0.0-alpha2] -
gradlew dependencyUpdates -Drevision=milestoneresults inorg.slf4j:slf4j-api [1.7.29 -> 2.0.0-alpha2]
revision is an Apache Ivy concept, which Gradle was originally built upon. At that time, this was the only flag to control resolution. As few use ivy.xml metadata, it does not match to custom versioning conventions. In the readme it warns as,
The revision task property controls the Ivy resolution strategy for determining what constitutes the latest version of a dependency. Maven's dependency metadata does not distinguish between milestone and release versions. The following strategies are natively supported by Gradle:
release: selects the latest release milestone: select the latest version being either a milestone or a release (default) integration: selects the latest revision of the dependency module (such as SNAPSHOT)
In your case, you would want to use a resolutionStrategy, such as rejectVersionIf. This allows fine-grained control over versioning which falls outside of Maven's conventions.
In your case, you would want to use a
resolutionStrategy, such asrejectVersionIf. This allows fine-grained control over versioning which falls outside of Maven's conventions.
Can this plugin be modified to just do this instead of leaving it up to the user?
More broadly, my use case is that I want to just see all "release" versions, hiding any snapshot, milestone, release candidates, etc. I as an end user don't really care about the underlying implementation. I just want to see only the release versions. I know I'm not the only user, but I see the default behavior including these to be contrary to what I want.
For what it's worth, the Dependencies view in the newly released Intellij IDEA 2021.2 does what I want.
We don't dictate a versioning scheme, that is defined by the dependency's metadata. As most use a Maven's POM, this only has a concept of snapshot and release, and the version string format has no meaning except in ordering to determine which is a newer release. The revision flag is only adhering to this very basic concept and likely shouldn't be used much anymore.
If you use rejectVersionIf then you can filter out versions that do not match a convention which you find correct for your usages. The readme provides an example that works in most cases, e.g.
def isNonStable = { String version ->
def stableKeyword = ['RELEASE', 'FINAL', 'GA'].any { it -> version.toUpperCase().contains(it) }
def regex = /^[0-9,.v-]+(-r)?$/
return !stableKeyword && !(version ==~ regex)
}
dependencyUpdates.rejectVersionIf {
isNonStable(it.candidate.version) && !isNonStable(it.currentVersion)
}
We don't bake in this definition because version strategies vary too widely in practice, so we prefer that users explicitly state the filtering approach to make it clearer when debugging if incorrect. We don't maintain a manifest to handle the different versioning strategies on a per-library basis, which is beyond the scope of this project. Instead we provide the tools to customize this resolution for you to build on.
I'm seeing this: The following dependencies are using the latest release version:
- javax.xml.bind:jaxb-api:2.3.1
- log4j:log4j:1.2.17
- org.apache.commons:commons-lang3:3.9
- org.jboss.spec.javax.ejb:jboss-ejb-api_3.2_spec:2.0.0.Final
- org.jboss.spec.javax.transaction:jboss-transaction-api_1.3_spec:2.0.0.Final
- org.slf4j:slf4j-api:1.7.12
But I expect it to report: ...
- org.slf4j:slf4j-api [1.7.12 -> 1.7.32] http://www.slf4j.org ...
See https://repo1.maven.org/maven2/org/slf4j/slf4j-api/
Please provide a minimal project. Usually it’s not having central but jcenter, etc in your repository list
I too am interested in this behavior. I think the idea of semantic versioning (https://semver.org/) is common enough that adding some built-in support for this would be a great improvement. This could then be run like this:
gradlew dependencyUpdates -Drevision=MAJOR
gradlew dependencyUpdates -Drevision=MINOR
gradlew dependencyUpdates -Drevision=PATCH
