Locking dependencies doesn't actually work #28874
Labels
a:documentation
Documentation content
in:dependency-locking
re:comprehensibility
reasonable errors and warnings, clear dsl, mental overload
Current Behavior
Changing the version of a dependency doesn't cause the build to fail, even though strict locking is enabled.
Expected Behavior
Gradle sync should fail if the specified version doesn't match the lock file.
Context (optional)
I'm trying to lock down my versions, which has proved to be a lot more difficult than it should be. Multimodule projects are even worse, requiring custom scripts to go generate all the lock files, which is just ridiculous. In Node, dependency locking is on by default and just works. I would like to see gradle make this easier since locking is a best practice for reproducible builds.
Steps to Reproduce
./gradlew dependencies --write-locks
from within the folder of myapp
module. This successfully generates agradle.lockfile
in the same directory.implementation "androidx.hilt:hilt-navigation-compose:1.2.0"
to use version1.0.0
.Interestingly, if I do this in the opposite direction, locking at version 1.0.0 and then upgrading to 1.2.0, I do get a build error. Here are the relevant parts of my build.gradle files:
build.gradle
app/build.gradle
gradle.lockfile (just the relevant line)
Gradle version
8.7
Build scan URL (optional)
No response
Your Environment (optional)
No response
The text was updated successfully, but these errors were encountered: