search

littlerobots / version-catalog-update-plugin

Gradle plugin for updating a project version catalog
Apache License 2.0
565 stars 23 forks source link

Libraries specified in constraints should be kept #33

Closed frangipanes closed 2 years ago

frangipanes commented 2 years ago

If I define a constraints block like this

dependencies {
    // force versions of transitive dependencies that don't have security vulnerabilities
    constraints {
            implementation libs.commons.beanutils
            implementation libs.jackson.databind
    }
    ...
}

then ./gradlew versionCatalogUpdate should not remove those libraries from libs.versions.toml, which it currently does (it thinks they are not used).

For now I am forcing the desired behaviour with 

versionCatalogUpdate {
    keep {
        keepUnusedVersions = true
        keepUnusedLibraries = true
        keepUnusedPlugins = true
    }
}

but it should work out of the box.

hvisser commented 2 years ago

The dependency resolution is managed by the version plugin, not this plugin. Have you tried specifying constraints as specified in their docs? If the dependency versions plugin does not report those dependencies as used, they won't be seen by this plugin either because it builds upon it.

You don't really need to keep everything, you can just pin or keep the specific libraries too

frangipanes commented 2 years ago

Thanks, I didn't realise it was something I had to configure for the versions plugin!