Consider to lift off root project requirement

Thank you for your effort. I would like to initiate a discussion and share a snippet I find useful.

By default ben-manes plugin sets a listener to copy every dependency at every configuration at every submodule with + version. Due to the limitation of Gradle resolving configuration can not be done in parallel. In a typical android kotlin project, google and jetbrains plugins set dozens of configurations per module. Multiplied by 10th of modules this becomes extremely slow to execute. And also pointless waste of resources as the same dependency would be resolved hundreds of times over and over again.

For example, on a project I’m working on with 350 dependencies declared at libs.versions.toml running dependencyUpdates from root takes over 50 minutes to execute.

As an optimization technic, I’ve found that creating a single configuration and looping through every dependency gives the same new-updates result in under a minute.

Creating an artificial module, called dependency-updates-report with the next content:

// dependency-updates-report/build.gradle
plugins {
    id 'com.github.ben-manes.versions'
}

configurations {
    dependencyUpdateConfiguration
}

dependencies {
    def versionCatalog = project.extensions.getByType(VersionCatalogsExtension).named("libs")
    versionCatalog.dependencyAliases.each {
        versionCatalog.findDependency(it).ifPresent {
            dependencyUpdateConfiguration(it)
        }
    }
}

tasks.named("dependencyUpdates").configure {
    resolutionStrategy {
        componentSelection { rules ->
            rules.all { ComponentSelection selection ->
                boolean rejected = ['alpha', 'beta', 'rc', 'm', 'eap'].any { qualifier ->
                    selection.candidate.version.toLowerCase().contains(qualifier)
                }
                if (rejected) {
                    selection.reject('Alpha, beta, release candidate, milestone and early access preview versions are rejected from report')
                }
            }
        }
    }
}

And running the same ./gradlew dependencyUpdates task will now return updates report times faster.

I believe you would lose the “find unused dependencies” functionality with this approach. This is why I want to initiate discussion, as I’m not sure how useful you consider that to be. I think that tools like https://github.com/autonomousapps/dependency-analysis-android-gradle-plugin could be more effective at findings as it actually checks usage in code, not just declaration at build.gradle files.

Thanks again this plugin has been published at the perfect timing for me as I’m investigating switch to versions catalog.