search

ben-manes / gradle-versions-plugin

Gradle plugin to discover dependency updates
Apache License 2.0
3.86k stars 199 forks source link

Failed to determine the latest version for the following dependencies #809

Closed steve-todorov closed 1 year ago

steve-todorov commented 1 year ago

Bug description

We have a project that imports a BOM and it contains versions for slf4j which we then reuse in the project:

build.gradle.kts

dependencies {
    implementation(enforcedPlatform("com.vaadin:vaadin-bom:24.1.9"))
    implementation("org.slf4j:slf4j-api")
}

Since the version is already enforced via a BOM dependency we wanted to add it to an ignore list so that it is not reported in the dependencyUpdates. For this we used the following configuration: 

fun isRejectedVersion(gav: Regex, candidate: ModuleComponentIdentifier): Boolean {
       // Uncomment for debugging.
       //println("${candidate.displayName} matches regex ${gav}: ${gav.matches(candidate.displayName.toString())}")
       return gav.matches(candidate.displayName.toString())
}

withType<DependencyUpdatesTask> {
    revision = "release"
    checkConstraints = true
    resolutionStrategy {
        componentSelection {
            all {
                if (isRejectedVersion("org.slf4j:.*:.*".toRegex(setOf(RegexOption.IGNORE_CASE)), candidate)) {
                    reject("Relying on whatever vaadin-bom provides us with.")
                }
            }
        }
    }
}

Result

Failed to determine the latest version for the following dependencies (use --info for details):
 - org.slf4j:jcl-over-slf4j
 - org.slf4j:jul-to-slf4j
 - org.slf4j:slf4j-api
 - org.slf4j:slf4j-simple

Expected result

The report should have said slf4j was up-to-date.

Additional context

It looks like there is a filterConfigurations property that is configurable, but it's marked as @Internal and there is also no documentation about it. Is that supposed to be used instead or is there another way to actually ignore/filter out the slf4j dependency?

benstpierre commented 1 year ago

We are so close to having a report with no false positives. I really hope we can get this working.

ben-manes commented 1 year ago

It's erroring because you rejected all candidates. You could either instead reject if currentVersion != candidate.version (preferred) or rewrite the report before it is outputted (a bit of a hack, example)

steve-todorov commented 1 year ago

It does look strange to me that you need to allow the currentVersion -- I'd expect the plugin to figure that out on it's own. However this works so I guess we can close this ticket now! :)

ben-manes commented 1 year ago

A resolution strategy is a Gradle api that we extend by resolving the current version. This plugin doesn’t reinvent dependency resolution, it scripts the native support.