-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Increase Kotlinx Serialization version used by the Compose Gradle Plugin #3479
Comments
I'm also not sure how the Compose Gradle plugin is pulling in that dependency. I was trying to force things to resolve to a newer version in my Gradle plugin, using Gradle configuration resolution tricks, but it's weird - it doesn't seem to find the older serialization library, even though in the end, that's the one that gets used. I'm wondering if that's because of the embedded trick used here? I'm not really familiar with what's going on here and if this is confusing Gradle somehow. fun embedded(dep: Any) {
compileOnly(dep)
testCompileOnly(dep)
embeddedDependencies(dep)
}
embedded("org.jetbrains.kotlinx:kotlinx-serialization-json:${BuildProperties.serializationVersion}")
embedded("org.jetbrains.kotlinx:kotlinx-serialization-core:${BuildProperties.serializationVersion}")
embedded("org.jetbrains.kotlinx:kotlinx-serialization-core-jvm:${BuildProperties.serializationVersion}") |
Most likely. Generally, Gradle's dependency resolution considers all dependencies and chooses the highest version. I see the following options:
@dima-avdeev-jb what do you think? |
@AlexeyTsvetkov |
Gradle plugin: * Update Gradle to 8.3; * Enable Configuration Cache; * Update Gradle plugins; * Start using version catalogs; * Update dependencies; * Relocate Kotlinx Serialization (#3479) Resolves #3479 Intellij plugin: * Update Gradle to 8.3; * Enable Configuration Cache; * Start using version catalogs;
According to this: BuildProperties.kt#L14, the Compose plugin depends on kotlinx-serialization 1.2.1.
I'm writing my own Gradle plugin for a project built on top of Compose, and I'm using another library which depends on serialization. I'd like to upgrade that library to the most recent version (to fix a reported security issue), but it is using something introduced in a later version of Kotlinx serialization.
When the Compose plugin is applied first, the older version of serialization is pulled in, which then causes my plugin to crash when it applies and tries parsing something indirectly via that library.
Since it's pretty common for Kotlin serialization to be used across multiple artifacts / plugins, and since JVM classpath resolution works by using an existing artifact if already found on the classpath (as far as I can tell), it would be really nice if the team could keep the serialization library up to date.
The text was updated successfully, but these errors were encountered: