Solution to use this plugin in combination with Dependabot
Closed this issue · 1 comments
jjohannes commented
Dependabot does not know how to deal with a build.gradle.kts
file like this:
moduleInfo {
version("com.fasterxml.jackson.core", "2.16.0")
version("com.fasterxml.jackson.databind", "2.16.0")
version("org.apache.commons.collections4", "4.4")
version("org.apache.commons.math3", "1.15")
}
Instead, it would expect something this:
dependencies.constraints {
api("com.fasterxml.jackson.core:jackson-core:2.16.0")
api("com.fasterxml.jackson.core:jackson-databind:2.16.0")
api("org.apache.commons:commons-collections4:4.4")
api("org.apache.commons:commons-math3:3.6.1")
}
There is no way to teach Dependabot the custom notation (for this, it would need to be more customizable, dependabot/dependabot-core#1164). Maybe we can support some "mixed" notation that only uses Gradle standard notation that the plugin then checks for correctness:
dependencies.constraints {
api("com.fasterxml.jackson.core:jackson-core:2.16.0") {
because("com.fasterxml.jackson.core")
}
api("com.fasterxml.jackson.core:jackson-databind:2.16.0") {
because("com.fasterxml.jackson.databind")
}
api("org.apache.commons:commons-collections4:4.4") {
because("org.apache.commons.collections4")
}
api("org.apache.commons:commons-math3:3.6.1") {
because("org.apache.commons.math3")
}
}