Solution to use this plugin in combination with Dependabot

Question

Solution to use this plugin in combination with Dependabot

Closed this issue 2 months ago · 1 comments

Dependabot does not know how to deal with a build.gradle.kts file like this:

moduleInfo {
    version("com.fasterxml.jackson.core", "2.16.0")
    version("com.fasterxml.jackson.databind", "2.16.0")
    version("org.apache.commons.collections4", "4.4")
    version("org.apache.commons.math3", "1.15")
}

Instead, it would expect something this:

dependencies.constraints {
    api("com.fasterxml.jackson.core:jackson-core:2.16.0")
    api("com.fasterxml.jackson.core:jackson-databind:2.16.0")
    api("org.apache.commons:commons-collections4:4.4")
    api("org.apache.commons:commons-math3:3.6.1")
}

There is no way to teach Dependabot the custom notation (for this, it would need to be more customizable, dependabot/dependabot-core#1164). Maybe we can support some "mixed" notation that only uses Gradle standard notation that the plugin then checks for correctness:

dependencies.constraints {
    api("com.fasterxml.jackson.core:jackson-core:2.16.0") {
        because("com.fasterxml.jackson.core")
    }
    api("com.fasterxml.jackson.core:jackson-databind:2.16.0") {
        because("com.fasterxml.jackson.databind")
    }
    api("org.apache.commons:commons-collections4:4.4") {
        because("org.apache.commons.collections4")
    }
    api("org.apache.commons:commons-math3:3.6.1") {
        because("org.apache.commons.math3")
    }
}

Answer 1 · 2024-05-14T14:58:04.000Z

Solution because+warning implemented in 867b154