New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Dependency resolution doesn't work like you think it does #303
Comments
@consp1racy We have updated the documentation page to use In the 3.6.0 version of this SDK we had to bump the min version of |
Ah, I didn't know about the force. Many thanks! However you shouldn't use ranges in depedencies at all. 26.0.0 and 10.2.1 is fine by me, without the plus. |
@consp1racy I believe using version ranges on library's dependencies should be used when the developers of the library can confirm the range. Instead of just depending on an exact version. This makes the library more compatible with others when the package manager implements ranges correctly. However, Gradle unfortunately always picks the latest as you noted. Instead of finding the latest version that meets all range requires for a group:module. This exact issue however is tracked on Gradle's repo gradle/gradle#2869 and it seems like something they do plan to fix. Until then using a |
I respectfully disagree with the last statement. It seems to me it would be better to shift the heavy lifting from consumer to the author of library, i.e. instead of having to force everything, the library would depend on the oldest dependency it can do with and has been tested on, leaving the dependency upgrade on the consumer. This is what the consumer expects, this behaves predictably. |
As for the dependency resolution, I looked at this and tried to understand how it works in Gradle. [26.0.0,27.0.0) - Use at least version 26, but prefer newer up until 27. It feels like the second option best describes your dependency.
If I understand correctly, Gradle does not respect the first statement. The best course of action (i.e. easier on consumer and requiring no consumer action once it's fixed) seems not to use ranges in libraries. On the other hand your proposal requires the consumer acknowledge this issue. Is this what you're going for? |
@consp1racy Defaulting to the oldest possible dependencies that a plugin can support I don't believe is the best strategy either. Google makes regular updates to Android Support Library and Google Play services that includes bugs fixes the app could be missing out on. Now since these two dependencies are used so many other libraries out there and directly by the app the chances are low that OneSignal will be the only one including these. OneSignal will probably be the only one to have a dependency on Group alignments versions doesn't seem to be something I could find Gradle working on. However even if this was coming soon there are other more specific edge cases to these libraries and Android SDK doesn't make sense for them to bake in. I'll cover these edges cases below. SummaryWhat Gradle doesn't do that needs to be solved in some way.
Gradle PluginJust released a beta Gradle plugin that address issues 1 and 2 above. Note, the group alignment versions are defined staticly in the plugin in the current 0.5.0 version. I hope to correct this shortly, by using the dependencies' version directly from the project instead. Basically find and use the latest version of any However until then the current state of the plugin provides an easy to implement and automatic solution to these immediate conflicts. Feedback can be gathered on any issues before this become part of the standard setup instructions. Would be interested in your feedback on this! |
@consp1racy Feel free to reopen this issue if you have any additional feedback on this. Thanks. |
Seen here: https://documentation.onesignal.com/v3.0/docs/troubleshooting-android#section-error-all-gms-firesbase-libraries-must-use-the-exact-same-version-specification
Aftermath: https://stackoverflow.com/questions/46316151/android-sdk-26-build-error
Issue
Dependency resolution doesn't work that way. Gradle automatically picks the latest version specified in any library or module. If you say your library requires
11.2.+
, Gradle will always pick the newest available, completely ignoring what the consumer wrote in theirbuild.gradle
.Fix
Only specify the oldest dependency you own library can do with. Seems to me that OneSignal worked well with older libraries so depending on the newest available is just vanity and is bound to break your consumers' builds.
I've talked about the issue in depth here: https://stackoverflow.com/questions/42949974/android-support-repo-46-0-0-with-android-studio-2-3/42957234#42957234
The text was updated successfully, but these errors were encountered: