ben-manes
commented
5 years ago There was some discussion on #92 about this. These are hidden because they were not explicitly added to the build, but by Gradle magic. I believe removing those lines would a include it in the report, but it wasn't very obvious what they were which is why we originally hid them. I think this requires improving the report output and verifying the results.
Many plugins that integrate 3rd party tools like the SpotBugs plugin, or the codenarc plugin or the pmd plugin have some default version of these tools.
They add a configuration with default dependencies to the default version or the configured
toolVersionin their extension blocks if a build script does not explicitly add own dependencies to that configuration.Unfortunatley it seems the versions plugin does not check these configurations and does not find outdated tools that are in use.