This message was deleted.
# dependency-management
s
This message was deleted.
o
You may want to look at the output of
:namespace:subproject:dependencies
to see why Gradle has selected 1.5.2, or a Build Scan. It's hard to say why it was selected without knowing your entire build setup.
g
buildscan is behind a VPN.
Copy code
./gradlew :card:cronjob-unused-payment-balance-processor:dependencies | grep -B 10 kotlinx-serialization-json
Picked up _JAVA_OPTIONS: -Xverify:none
OpenJDK 64-Bit Server VM warning: Options -Xverify:none and -noverify were deprecated in JDK 13 and will likely be removed in a future release.
     |    +--- io.gitlab.arturbosch.detekt:detekt-tooling:1.20.0 (*)
     |    +--- io.gitlab.arturbosch.detekt:detekt-report-html:1.20.0
     |    |    +--- io.gitlab.arturbosch.detekt:detekt-utils:1.20.0
     |    |    \--- org.jetbrains.kotlinx:kotlinx-html-jvm:0.7.5 -> 0.7.3
     |    +--- io.gitlab.arturbosch.detekt:detekt-report-txt:1.20.0
     |    |    \--- io.gitlab.arturbosch.detekt:detekt-api:1.20.0 (*)
     |    +--- io.gitlab.arturbosch.detekt:detekt-report-xml:1.20.0
     |    |    \--- io.gitlab.arturbosch.detekt:detekt-api:1.20.0 (*)
     |    +--- io.gitlab.arturbosch.detekt:detekt-report-sarif:1.20.0
     |    |    \--- io.github.detekt.sarif4k:sarif4k:0.0.1
     |    |         +--- org.jetbrains.kotlinx:kotlinx-serialization-json:1.1.0
     |    |         |    \--- org.jetbrains.kotlinx:kotlinx-serialization-json-jvm:1.1.0 -> 1.5.2 FAILED
would it be helpful to post full output? i guess i am not sure what i am looking at other than the dependency tree jumping from 1.1.0 to 1.5.2 inexplicably
g
yeah it doesn't exist. but where is that dependency coming from is my quesiton. because sarif4k which is what requires it, only requires 1.1.0
o
interesting, I would've expected another listing for the dependency indicating why 1.5.2 was chosen there (either because of another dependency on it, or a constraint), but your
grep
shows that's the only listing for it
g
we do have gradle enterprise; i have not used that support queue but just noticed your gradle engineer tag
t
org.jetbrains.kotlinx:kotlinx-serialization-json-jvm:1.1.0 -> 1.5.2 FAILED
indicates that it originally requested 1.1.0, but something else is constraining it to 1.5.2 🤔
g
unsure if there is any magic way to share better context
t
well, you could share a build scan to gradle, since you're a customer :)
g
https://gradle.management.earnin.net/s/gr6wjsrh3wrti i don't think you will be able to access
o
yea, I suspect not -- I'm not on the GE team so I'm not sure how you are supposed to share that
g
i can definitely share any parts you're curious about
t
replace
/s/
with
/scan-dump/
and then share the binary via the proper support channel (I used to be on the GE team 😄 )
c
is it possible there are component metadata rules or similar to align versions that are erroneously catching this artifact and adjusting it’s version?
g
i don't think so, we have a base plugin we use which allows us to set dependency versions; i even set that explicitly to 1.1.0
c
ok. a build scan will help to understand why that version was resolved.
g
https://support.gradle.com/hc/en-us/requests/3955 unsure if you can see that one i attached scan to there
i will prefer to delete that build scan once you confirm you have it
o
I don't have access to that, sorry. I'll forward this and see if I can get someone else to assist.
g
i see this, which is suspicious
org.jetbrains.kotlinx:kotlinx-coroutines-core-jvm:{strictly 1.5.2} -> 1.5.2 (c)
it is different, but same version and kotlinx
it's this i guess:
./src/main/kotlin/dependency-versions.gradle.kts:68:  "org.jetbrains.kotlinx" to "1.5.2",
o
yes, probably
g
yep. thanks!