Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Versions of plugins from settings.gradle are not checked

See original GitHub issue

Steps to reproduce:

use Gradle 6.x
add some plugin with old version to settings.gradle(.kts) for example “com.gradle.enterprise”
invoke updateDependencies task

plugins {
    id("com.gradle.enterprise") version "3.1"
}

At the time of writing there is a version 3.1.1.

More info about build scan plugin: https://docs.gradle.com/enterprise/gradle-plugin/#gradle_6_x_and_later

Issue Analytics

State:
Created 4 years ago
Comments:5 (3 by maintainers)

Top GitHub Comments

2reactions

ben-manescommented, May 3, 2022

Yes, if I recall correctly they use simple regex parsing of the build files rather than executing it. That has other limitations.

The long-term approach that Github/Gradle are pursuing is outlined in this proposal and github issue. This would be similar to having static analyzers produce SARIF reports that the Github Security dashboard consumes, so it could simply be an action that feeds the current dependency graph into Github for a monitoring dashboard.

1reaction

ben-manescommented, Mar 27, 2020

Yes, see my comment above @nedtwigg. We would need to use both of those methods to capture those dependencies. Since those are not configurations, we’d have to make a detached configuration with the dependencies, repositories, and resolution strategy that those methods provide. Then resolve and print in the report with everything else.