TWiStErRob
commented
1 year ago @chao2zhang @cortinico is it going to be a problem to upgrade this and then use it in Detekt? It would expose as transitive dependency.
Open renovate[bot] opened 1 year ago
TWiStErRob
commented
1 year ago @chao2zhang @cortinico is it going to be a problem to upgrade this and then use it in Detekt? It would expose as transitive dependency.
cortinico
commented
1 year ago It would expose as transitive dependency.
Not for our users though right? 🤔 I see no problem in bumping this but maybe I'm missing something
TWiStErRob
commented
1 year ago Depends on who you count as a "user". If anyone who applies the Gradle plugin, then they will be affected:
+--- io.gitlab.arturbosch.detekt:detekt-gradle-plugin:1.22.0
| \--- io.github.detekt.sarif4k:sarif4k:0.0.1
| +--- org.jetbrains.kotlinx:kotlinx-serialization-json:1.1.0
| | \--- org.jetbrains.kotlinx:kotlinx-serialization-json-jvm:1.1.0
| | +--- org.jetbrains.kotlin:kotlin-stdlib:1.4.30 -> 1.8.10 (*)
| | +--- org.jetbrains.kotlin:kotlin-stdlib-common:1.4.30 -> 1.8.10
| | \--- org.jetbrains.kotlinx:kotlinx-serialization-core:1.1.0
| | \--- org.jetbrains.kotlinx:kotlinx-serialization-core-jvm:1.1.0
| | +--- org.jetbrains.kotlin:kotlin-stdlib:1.4.30 -> 1.8.10 (*)
| | \--- org.jetbrains.kotlin:kotlin-stdlib-common:1.4.30 -> 1.8.10
| \--- org.jetbrains.kotlin:kotlin-stdlib:1.4.31 -> 1.8.10 (*)This applies to classpath, plugins { } or includeBuild + implementation/api uses, and ever for plugins that configure Detekt as per a user's convention. The ->s in the above code are because I'm using KGP 1.8.10.
AGP, KGP and any other plugin could be using the same, if we use the latest Gradle will resolve the latest. Which may be fine, just be aware 😁.
Note: https://github.com/Kotlin/kotlinx.serialization/blob/master/docs/compatibility.md#compatibility-with-kotlin-compiler-plugin, which is promising, because it looks very similar to Kotlin's.
cortinico
commented
1 year ago Depends on who you count as a "user". If anyone who applies the Gradle plugin, then they will be affected:
Oh yeah this can be a problem.
From what I can see, we use sarif4k inside DGP only here: https://github.com/detekt/detekt/blob/4719e71bbddad8934b7641abd574b286c1718a32/detekt-gradle-plugin/src/main/kotlin/io/gitlab/arturbosch/detekt/report/SarifReportMerger.kt#L3
IMHO We should be able to perform that JSON merging task without having to rely on a implementation or sarif4k (or kotlinx.serialization) which introduces those transitive dependencies.
Especially also considered that we have a compileOnly dep on KGP:
https://github.com/detekt/detekt/blob/4719e71bbddad8934b7641abd574b286c1718a32/detekt-gradle-plugin/build.gradle.kts#L69
chao2zhang
commented
1 year ago Is the remaining action that we should refactor DGP off Sarif4k so that
This PR contains the following updates:
1.4.1->1.7.1Release Notes
Kotlin/kotlinx.serialization (org.jetbrains.kotlinx:kotlinx-serialization-json)
### [`v1.7.1`](https://togithub.com/Kotlin/kotlinx.serialization/compare/v1.7.0...v1.7.1) ### [`v1.7.0`](https://togithub.com/Kotlin/kotlinx.serialization/blob/HEAD/CHANGELOG.md#170--2024-06-05) \================== This release contains all of the changes from 1.7.0-RC and is compatible with Kotlin 2.0. Please note that for reasons explained in the [1.7.0-RC changelog](https://togithub.com/Kotlin/kotlinx.serialization/releases/tag/v1.7.0-RC), it may not be possible to use it with the Kotlin 1.9.x compiler plugin. Yet, it is still fully backwards compatible with previous versions. The only difference with 1.7.0-RC is that `classDiscriminatorMode` property in `JsonBuilder` is marked as experimental, as it should have been when it was introduced ([#2680](https://togithub.com/Kotlin/kotlinx.serialization/issues/2680)). ### [`v1.6.3`](https://togithub.com/Kotlin/kotlinx.serialization/blob/HEAD/CHANGELOG.md#163--2024-02-16) \================== This release provides a couple of new features and uses Kotlin 1.9.22 as default. ##### Class discriminator output mode Class discriminator provides information for serializing and deserializing [polymorphic class hierarchies](docs/polymorphism.md#sealed-classes). In case you want to encode more or less information for various third party APIs about types in the output, it is possible to control addition of the class discriminator with the `JsonBuilder.classDiscriminatorMode` property. For example, `ClassDiscriminatorMode.NONE` does not add class discriminator at all, in case the receiving party is not interested in Kotlin types. You can learn more about this feature in the documentation and corresponding [PR](https://togithub.com/Kotlin/kotlinx.serialization/pull/2532). ##### Other features - Add kebab-case naming strategy ([#2531](https://togithub.com/Kotlin/kotlinx.serialization/issues/2531)) (thanks to [Emil Kantis](https://togithub.com/Kantis)) - Add value class support to the ProtoBufSchemaGenerator ([#2542](https://togithub.com/Kotlin/kotlinx.serialization/issues/2542)) (thanks to [Felipe Rotilho](https://togithub.com/rotilho)) ##### Bugfixes and improvements - Fix: Hocon polymorphic serialization in containers ([#2151](https://togithub.com/Kotlin/kotlinx.serialization/issues/2151)) (thanks to [LichtHund](https://togithub.com/LichtHund)) - Actualize lenient mode documentation ([#2568](https://togithub.com/Kotlin/kotlinx.serialization/issues/2568)) - Slightly improve error messages thrown from serializerConfiguration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.