Releases: alvarose/android-update-deps
Release list
android-update-deps 1.1.3
Patch: navigate toolchain incompatibilities (both from real runs).
- AGP 9 built-in Kotlin cap — on AGP 9+ (which ships a built-in Kotlin), KSP must be compatible with that built-in Kotlin, which can cap how far Kotlin/KSP can be bumped; verify the matrix before proposing a Kotlin bump.
- Step-down on verify failure — when a bump won't compile, try the highest version that still compiles before reverting outright (a library's latest may pull a too-new
kotlin-stdlibthe project's compiler can't read, while the previous minor works — e.g. Coil3.5.0→3.4.0).
Update: /plugin update android-update-deps@alvarose. Full CHANGELOG.
android-update-deps 1.1.2
Patch: resilient detection. If dependencyUpdates won't run (a ben-manes × Gradle incompatibility — e.g. ConcurrentModificationException on some Gradle 9.x), the skill now tries a newer ben-manes with --no-parallel, and if it still fails, falls back to manual metadata detection: the JitPack maven-metadata.xml technique generalizes to any repository (Maven Central, Google's Maven repo), so detection is never blocked by the plugin.
Update: /plugin update android-update-deps@alvarose. Full CHANGELOG.
android-update-deps 1.1.1
Patch: robust temporary ben-manes install.
When the skill adds the ben-manes plugin to a project that doesn't have it, it now uses the plugin's latest stable version (not a pinned old one — a dependency-update tool shouldn't introduce an outdated dependency) and configures it for the flow: outputFormatter = "json,plain" (so the aggregate script finds report.json), gradleReleaseChannel = "current" (wrapper detection), and a rejectVersionIf {} that skips pre-releases — then reverts it after the report.
Update: /plugin update android-update-deps@alvarose. Full CHANGELOG.
android-update-deps 1.1.0
Behavioral & scope refinements. Install/update:
/plugin marketplace add alvarose/android-update-deps
/plugin update android-update-deps@alvarose
What's new
- Blocking toolchain bumps always need their own explicit yes — Kotlin (with coupled KSP/Compose Compiler), AGP, and the Gradle wrapper never sit in the "safe" batch, even for a minor/patch.
- Explicit KSP handling — a coupled KSP bump rides Kotlin's confirmation; a standalone KSP bump (same Kotlin line) is "handle with care" (it drives Room/Hilt annotation processing), not "safe".
- Gradle wrapper detection —
aggregate-updates.pynow surfaces the wrapper update from the report'sgradlesection. - SDK-level scope —
compileSdkonly when a dependency requires it (coupled, own confirmation);targetSdkout of scope (behavior migration, flagged);minSdkflagged when a dependency raises the effective minimum.
Full list in the CHANGELOG.
android-update-deps 1.0.0
First public release — now installable as a Claude Code plugin.
Install
/plugin marketplace add alvarose/android-update-deps
/plugin install android-update-deps@alvarose
Or clone into ~/.claude/skills/android-update-deps, or grab the .skill below.
What it does
A skill for the safe, gated review and update of dependencies in an Android (Kotlin/Gradle) project using a Gradle version catalog: detect → analyze risk → propose (waits for you) → apply → verify with :app:assembleDebug → commit on a branch.
- JitPack (
com.github.*) checked by hand (the ben-manes plugin's blind spot). - BOM-aware (Compose/Firebase) and coupled-block aware (Kotlin ↔ KSP ↔ Compose Compiler, AGP ↔ Gradle…).
- Risk beyond semver: hidden compileSdk/AGP/Kotlin requirements, known vulnerabilities, licenses.
- Commits on a branch (no push); mirrors your language (EN/ES).