Configurations will not be able to change roles in 9.0

[jvandort]

In Gradle 9.0, configurations will no longer be able to change roles. However, the following code changes the isCanBeResolved flag of a copied configuration: https://github.com/ben-manes/gradle-versions-plugin/blob/0e5660e819ee032a93be313f21a9dcebb5aab0dd/gradle-versions-plugin/src/main/kotlin/com/github/benmanes/gradle/versions/updates/Resolver.kt#L108-L109

Further, starting in 8.0, these copied configuration will carry the same deprecation warnings that the source configurations had. This means in 8.0, this plugin will start printing deprecation warnings when attempting to add dependencies to and resolve arbitrary copied configurations.

Finally, there are tentative plans to remove configuration copying in 9.0.

Is the copying here strictly necessary? Are there alternative approaches which can be used to avoid copying configurations and changing their flags?

[ben-manes]

We copy the configurations so that we can rewrite the dependencies to use dynamic versions. We then resolve the original and our modified version, compare the versions selected, and report on this difference. Originally this was a detached configuration, but there were too many Gradle bugs (like repository handler's deduplication logic either adding multiple or dropping repositories), so copying was the safest option. It also meant that we could honor configuration that was not always exposed, like resolution strategies.

Those flag changes were done in a best-effort fashion, as we swallow the exception if not resolvable. They did not exist when the plugin was written (Gradle 1.x) and were quirky (broken) in their first release, so had to be added for functionality. I believe that could be removed by changing to the newer resolution approach in v4 onward, e.g. see the dependency-analyze plugin's logic.

This plugin is mostly being casually maintained by contributors who graciously offer their time. It is ten years old, for what was meant to be a stop-gap that the Gradle team would fill when they had time (and often they said as much, but deferred that work due to this plugin being available). If you would like to see major improvements then PRs are very welcome (or advocate for a native feature that replaces this plugin). Otherwise it is whenever someone in the community kindly offers their energy, so we can't specify a timeline on when this might be fixed.

[jvandort]

Thank you for all the context here. Plans to deprecate/remove copy are still tentative, though if we were to remove that we will certainly include this use-case in any future considerations.

As for not being able to change configuration roles -- that will certainly no longer be allowed in 9.0. I've prepared a PR which resolves the roles issue while leaving the copying behavior intact: https://github.com/ben-manes/gradle-versions-plugin/pull/721