Strict version checking - does it make sense to use it?

[tprochazka]

I'm quite confused if make sense to use version checking.

For example when I use

implementation 'com.google.firebase:firebase-core:16.0.6'
implementation "com.google.firebase:firebase-ads:17.1.1"

It fail with

 Dependency failing: com.google.android.gms:play-services-measurement-sdk-api:16.0.3 -> com.google.android.gms:play-servi
  ces-measurement-base@[16.0.4], but play-services-measurement-base version was 16.0.5.

Just because one requires exact version play-services-measurement-base:16.0.4 and second 16.0.5 I would expect that there should be always limitation only to the minimum compatible version, something like: [16.0.4, 17.0.0). It means that the library requires play-services-measurement-base at least in version 16.0.4 and everything bigger because there can be breaking change in the API.

But why to force just exactly one version including bugfix number?

[jkasnicki]

For these dependencies, it is recommended to use the latest versions that were released together From latest versions at https://firebase.google.com/support/release-notes/android, since you are using firebase-core:16.0.6, you should use firebase-ads:17.1.2, which should resolve the issue.

For some library dependencies, exact version (i.e. [16.0.4] or [16.0.5]) dependencies are specified, but gradle will often pick the higher version without complaining that [16.0.4] constraint is not satisfied (and without backtracking to find a lower set of versions that are compatible). So the strict version checking plugin is helpful to early-detect this issue (otherwise you would likely run into a hard to understand dex merge issue later in the build).

[tprochazka]

Thanks. I know that it is such easy by using the latest version. But for example in our company we don't have a direct dependency on firebase-ads:17.1.1 in the app project., it is provided by our internal library which handles all the ads network and it is heavily tested for one specific version. Then some another library will be starting to depend on the core:16.0.6 and now I'm in the trap without a simple solution.

[zhiqiao]

Unfortunately this known limitation with our internal build tools which must sometimes produce some SDK libraries with []-exact dependencies onto other libraries. We understand that this painful for developers such as yourself which have inflexible dependency graphs. We are currently in the process of trying to untangle as many of our libraries as possible, thus reducing the number of edges in the graph which require a []-exact dependency, but due to product constraints, there may still be some.

Under these conditions, the strict-version-matcher-plugin is the best tool we have to help developers detect and debug these issues.

Thanks for your bug report.

[tprochazka]

Thanks a lot for the reply! I hope that it will be better ;-)