jacoco versions erroneously shown as exceeding the milestone revision level

ben-manes / gradle-versions-plugin

Gradle plugin to discover dependency updates

Apache License 2.0

3.86k stars 199 forks source link

jacoco versions erroneously shown as exceeding the milestone revision level #813

Open msridhar opened 1 year ago

msridhar commented 1 year ago

Running ./gradlew dependencyUpdates --refresh-dependencies on https://github.com/uber/NullAway/commit/70af259fa1bfa7cad64e4b1d681e47423dc38960 (current master branch) I see this in the output:

The following dependencies exceed the version found at the milestone revision level:
 - org.jacoco:org.jacoco.agent [0.8.10 <- 0.8.9]
     http://jacoco.org
 - org.jacoco:org.jacoco.ant [0.8.10 <- 0.8.9]
     http://jacoco.org

But I can see version 0.8.10 of those artifacts on Maven Central (released a few months back). Nothing critical at all for us, just in case it is of interest.

ben-manes commented 1 year ago

hmm, it is reported correctly in Caffeine

The following dependencies are using the latest milestone version:
....
 - org.jacoco:org.jacoco.agent:0.8.10
 - org.jacoco:org.jacoco.ant:0.8.10

ben-manes commented 1 year ago

This seems to be the regression reported in #733 where hidden dependencies are not being treated properly. When I use the prior version, 0.45.0, the report comes out correctly. It should generally be hidden as a tool version that users won't typically understand where it comes from. When it was, in Caffeine I would add those to a dummy configuration to see the update as an opt-in. I'm unsure if reverting the contribution is the right approach, or if it requires digging deeply into its intent and fixing both issues correctly. The gradle dependency resolution behavior gets kind of confusing and it's hard to get motivated enough to fight through it...

msridhar commented 1 year ago

Thanks for looking into it! Not a huge deal for us. Feel free to close if this is a duplicate