seeing org.jetbrains.kotlin:kotlin-stdlib-jdk8:2.0.20-Beta2 as upgradeable version even though betas are rejected

[Keith-Albright-Bose]

Running dependencyUpdates plugin .51 Kotlin DSL multiproject project.

I setup a filter per the documentation. Using build.gradle.kts and tried both reject and rejectVersionIf

// https://github.com/ben-manes/gradle-versions-plugin
tasks.withType<DependencyUpdatesTask> {
    resolutionStrategy {
        componentSelection {
            all {
                if (Versions.isNonStable(candidate))
                    reject("non stable")
            }
        }
    }

// rejectVersionIf { // Versions.isNonStable(candidate) // } }

I pass the candidate to the helper function so I can print debug statements with the candidate.displayName.

The test function I have looks like this:

    // for manes version checking, reject alpha, beta, snapshot, rc's
    fun isNonStable(candidate: ModuleComponentIdentifier): Boolean {
        val version = candidate.version
        val stableKeyword = listOf("RELEASE", "FINAL", "GA").any { version.uppercase().contains(it) }
        val unstableKeyword = listOf("PRERELEASE", "SNAPSHOT", "ALPHA", "BETA", "RC").any { version.uppercase().contains(it) }
        val regex = "^[0-9,.v-]+(-r)?$".toRegex()
        val isStable = stableKeyword || regex.matches(version)
        val isUnstable = isStable.not() || unstableKeyword
        println("${candidate.displayName} isNonStable: version: $version, stableKeyword: $stableKeyword, unstableKeyword: $unstableKeyword, isStable: $isStable, >>> isUnstable: $isUnstable")
        return isUnstable
    }

So in the debug statements I added, it shows that the candidate version is in fact unstable:

org.jetbrains.kotlin:kotlin-stdlib-jdk8:2.0.20-Beta2 isNonStable: version: 2.0.20-Beta2, stableKeyword: false, unstableKeyword: true, isStable: false, >>> isUnstable: true org.jetbrains.kotlin:kotlin-stdlib-jdk8:2.0.20-Beta2 isNonStable: version: 2.0.20-Beta2, stableKeyword: false, unstableKeyword: true, isStable: false, >>> isUnstable: true

Yet in spite of wanting to reject this version, I see this in the dependencyUpdates output unexpectedly:

 https://kotlinlang.org/

• org.jetbrains.kotlin:kotlin-stdlib-jdk8 [1.8.10 -> 2.0.20-Beta2] https://kotlinlang.org/
• org.jetbrains.kotlin:kotlin-stdlib-jdk8 [1.8.20 -> 2.0.20-Beta2] https://kotlinlang.org/
• org.jetbrains.kotlin:kotlin-stdlib-jdk8 [1.8.21 -> 2.0.20-Beta2]

In the dependencies up to date there is this listing:

• org.jetbrains.kotlin:kotlin-stdlib-jdk8:2.0.20-Beta2

Only my project isn't using any Kotlin 2.0 anywhere. The regular dependencies Gradle task does not list this. So the bug seems to be that it thinks we're using Kotlin 2.0 Beta2???

In another instance for a different dependency, the same Beta2 is correctly excluded:

org.jetbrains.kotlin.plugin.serialization:org.jetbrains.kotlin.plugin.serialization.gradle.plugin:2.0.20-Beta2 isNonStable: version: 2.0.20-Beta2, stableKeyword: false, unstableKeyword: true, isStable: false, >>> isUnstable: true

and the dependencyUpdates output for this one: https://kotlinlang.org/

• org.jetbrains.kotlin.plugin.serialization:org.jetbrains.kotlin.plugin.serialization.gradle.plugin [1.7.20 -> 2.0.0]

[ben-manes]

The 1.8.21 is what it thinks you are using, which is likely coming from Gradle's kotlin-dsl as a dependency. I'm not sure why the up-to-date would have 2.0.20-Beta2.

I can point you to my own build where I ignore kotlin for the precompiled script plugins and the main build's configuration. I don't have it show up for me there.

[ben-manes]

btw, I think the kotlin stdlib is showing up because of this regression. I never found the time to debug it further though.

[Keith-Albright-Bose]

Thanks! I applied those changes and also limited to the release/debug configs to speed up task time like this:

(kotlin dsl)

    // https://github.com/ben-manes/gradle-versions-plugin
    tasks.withType<DependencyUpdatesTask>{
        filterConfigurations = Spec{
            it.name.contains("debugRuntimeClasspath") ||
            it.name.contains("debugCompileClasspath") ||
            it.name.contains("releaseRuntimeClasspath") ||
            it.name.contains("releaseCompileClasspath")
        }
    }

However, got some strange versions exceeding milestone versions: The following dependencies exceed the version found at the milestone revision level:

• androidx.core:core [1.12.0 <- 1.9.0] https://developer.android.com/jetpack/androidx/releases/core#1.12.0
• androidx.core:core-ktx [1.12.0 <- 1.9.0] https://developer.android.com/jetpack/androidx/releases/core#1.12.0

• com.google.errorprone:error_prone_annotations [2.16 <- 2.9.0] https://errorprone.info

  There was also a longish list of dependencies that couldn't be resolved. Usually saw 1 or two.

Turned out these seem to be caused by one or both of these flags in the tasksWithType block checkBuildEnvironmentConstraints = true checkConstraints = true

I removed those and got the results I expected.