Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support adding Gradle constraints for upgrading versions of transitive dependencies #1181

Closed
billkoch opened this issue Nov 5, 2021 · 3 comments
Labels
recipe Requested Recipe

Comments

@billkoch
Copy link

billkoch commented Nov 5, 2021

First I just wanted to say thank you for all the work that's gone into this project! As someone who's been upgrading Java projects and addressing CVEs in code bases, I'm excited to see a programmable way of handling such monotonous tasks.

One common thing I find myself doing is upgrading the versions of transitive dependencies using Gradle's dependency constraints feature:

// build.gradle

dependencies {
  constraints {
    implementation('org.apache.commons:commons-compress:1.21') {
      because 'to address CVE-2021-36090'
    }
  }
}

I didn't see any documentation or recipes around doing this, although I certainly could have missed it. Does this seem like a feature you all would like to support?

@sambsnyd sambsnyd added the enhancement New feature or request label Nov 5, 2021
@sambsnyd
Copy link
Member

sambsnyd commented Nov 5, 2021

Hi @billkoch. We don't have that capability right now, but I agree that it would be great to have. Our support for refactoring Gradle build files is very immature.

In the more mature Maven AST we have full transitive dependency resolution information.
In the Gradle AST we don't have that yet, so for now it's impossible to write a Gradle recipe that uses information about transitive dependencies. We plan to add this functionality, but it isn't there yet.

@billkoch
Copy link
Author

billkoch commented Nov 5, 2021

Thanks for the quick response @sambsnyd! I'm looking forward to this being supported in the future!

@tkvangorder tkvangorder moved this to Triage in OpenRewrite Mar 1, 2022
@tkvangorder tkvangorder moved this to Icebox in OpenRewrite Mar 1, 2022
@tkvangorder tkvangorder moved this from Icebox to Backlog in OpenRewrite Mar 1, 2022
@tkvangorder tkvangorder moved this from Backlog to Ice Box in OpenRewrite Apr 8, 2022
@tkvangorder tkvangorder moved this from Request for help to Recipes Wanted in OpenRewrite Apr 19, 2022
@tkvangorder tkvangorder added recipe Requested Recipe and removed enhancement New feature or request labels Apr 19, 2022
@timtebeek
Copy link
Contributor

@github-project-automation github-project-automation bot moved this from Recipes Wanted to Done in OpenRewrite May 24, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
recipe Requested Recipe
Projects
Archived in project
Development

No branches or pull requests

4 participants