- Improved support of Gradle configuration cache. In the previous release, if you ran the
refreshVersionstask twice in a row with configuration cache enabled, the second run would fail, even in warning mode. It's now fixed. - To make refreshVersions compatible with GCS (Google Cloud Storage) hosted maven repositories (which can be helpful for company/team internal libraries), we were using the official library from Google. Unfortunately, this led to dependency hell to some of our users because it then requires a specific version of Guava, which could be different from the one required by other plugins, and the one from refreshVersions would prevail. So, to resolve these problems, we replaced our implementation with one that reuses Gradle's built-in
GcsClient, and we're very happy with that because it also has the benefit of reducing the total size of refreshVersions when we include its dependencies. Note that this is using internal Gradle APIs, but we've seen that they didn't change in 5 years, and the code path is executed only if you have gcs backed repositories in your project.
- AndroidX.glance.wearTiles
- AndroidX.wear.tiles.material
- Google.android.maps
- compose
- utils
- utils.ktx
- ktx
- rx
- places
- ktx
- rx
- ReactiveX
- rxJava2
- rxAndroid
- rxKotlin
- rxJava3
- rxAndroid
- rxKotlin
- rxJava2
- JakeWharton
- rxBinding3
- appcompat
- core
- drawerLayout
- leanback
- material
- recyclerview
- slidingPaneLayout
- swipeRefreshLayout
- viewPager2
- viewPager
- rxBinding4
- appcompat
- core
- drawerLayout
- leanback
- material
- recyclerview
- slidingPaneLayout
- swipeRefreshLayout
- viewPager2
- viewPager
- rxRelay2
- rxRelay3
- rxBinding3
Thanks to Mike Gray for the contribution in adding ReactiveX, RxBinding, and RxRelay dependency notations!
- We are very happy to announce that refreshVersions now supports Gradle configuration cache! Gradle configuration is all about saving time, which is also the mission of refreshVersions, albeit in a different situation, so it made a lot of sense to not step on that feature Gradle engineers worked hard on. Note that the
refreshVersionstask itself is not compatible with configuration cache because it's impossible with the current Gradle APIs. - Error tolerance: The
refreshVersionstask will no longer fail if there's a problem getting versions from a repository. Now, it will add contextual comments in theversions.propertiesfile, so you know what failed, and don't get fully blocked next time jcenter or another repository undergoes an outage. This should also help if you're running therefreshVersionstask through an unstable internet connection and some network calls fail because of that.
- Google.modernStorage:
- bom
- permissions
- photoPicker
- storage
- Google.android.openSourceLicensesPlugin
- Google.android.playServices:
- appset
- auth.apiPhone
- auth.blockstore
- basement
- cronet
- fido
- openSourceLicenses
- passwordComplexity
- recaptcha
- tagmanager
- Google.android.versionMatcherPlugin
Thanks to Kamalesh for the contribution in adding dependency notations!
- We are now shutting down the thread-pool from kotlinx.coroutines that we're using when the build finishes (
Dispatchers.shutdown()). We believe it caused memory leaks in the Gradle Daemon, and this change, made possible since kotlinx.coroutines 1.6.0 should fix the last memory leak cause. - The versions of dependencies from the
androidx.testfamily started diverging, so we changed replaced theversion.androidx.testversion key with more specific ones. The migration will be done automatically on upgrade of refreshVersions, without upgrading the versions ofandroidx.testsdependencies themselves.
- We now support fetching updates on plain-text http repositories. We evaluated the security risks, and for the case of refreshVersions itself, there is none that is significant (the worst possibility is crashing the build under attack), and if you're not using plain-text http repositories in the first place in your project, this doesn't apply at all anyway. We added support for this because some of our users need it for local maven repositories.
- Android.billingClient
- Android.billingClient.ktx
- Android.installReferrer
- Android.tools:
- desugarJdkLibs
- r8
- build.gradlePlugin
- CashApp.licenseeGradlePlugin
- CashApp.sqlDelight:
- extensions:
- androidPaging3
- androidPaging
- rxJava3
- rxJava2
- drivers.sqlJs
- extensions:
- Google.android.fhir:
- dataCapture
- engine
- workflow
- Google.android.flexbox
- Google.android.playServices:
- cast:
- framework
- tv
- instantApps
- maps
- mlKit.vision.imageLabeling.custom
- mlKit.naturalLanguage.languageIdentification
- pay
- wallet
- cast:
- Google.mlKit:
- playStoreDynamicFeatureSupport
- naturalLanguage.entityExtraction
- vision:
- selfieSegmentation
- textRecognition
- chinese
- devanagari
- japanese
- korean
- Google.modernStorage:
- fileSystem
- mediaStore
- Google.oboe
- Ktor.client.darwin
- Kotlin.scriptRuntime
- KotlinX.serialization.hocon
- Square.logcat
- Square.moshi.adapters
- Touchlab.kermit
- bugsnagTest
- bugsnag
- crashlyticsTest
- crashlytics
- gradlePlugin
- test
We also removed many obsolete dependency notations from refreshVersions. Just like for the 0.30.0 release, this should not break your build as we implemented a robust replacement mechanism that also inserts migration guidance comments. ✨
Thanks to Brady Aiello, Mike Gray, and Kamalesh for their contributions in adding dependency notations!
- Fix Gradle sync for projects using buildSrc (#474)
- Support buildSrc modules that have no plugin declared
We raised the minimum supported Gradle version to 6.8, because we started to use Kotlin 1.4 features, and Gradle pins the stdlib version. Since at the time of writing, the latest Gradle version is 7.3, we believe it won't actually block any of our users. We have a short section about updating Gradle on our website here, feel free to check it out if it can help you.
Since Gradle 7, you can declare repositories of the entire Gradle project (including all subprojects and their buildscript)
in the dependencyResolutionManagement block in the settings.gradle[.kts] file.
Unfortunately, refreshVersions didn't support it, so, unless you also kept repositories declared with allprojects, or per project, you would end up with all version entries in the versions.properties file marked as unused after running the refreshVersions task, and you'd not see the newer updates.
This release resolves this issue, and we are eager to use it in our projects ourselves.
Sometimes, libraries get deprecated, or the maintainers change the maven coordinates.
When it happens, this fact is unfortunately not included in the maven-metadata.xml files, or any other standard metadata. That means tools like refreshVersions will believe you're on the latest versions, when you're not, because it lacks the necessary information.
One example is Google that changed the maven coordinates of all their AndroidX Wear Watchface artifacts several weeks ago.
It took us time to catch-up with this change because we wanted to design a generic mechanism for this recurrent problem, and provide the best experience for you, and ourselves.
From now on, we have the ability to remove old or deprecated built-in dependency notations in refreshVersions, and doing so will not break your builds, nor will it change the dependencies of your project. However, it'll help you notice the deprecation, and it'll help you switch to the replacement dependencies, if any.
The way it works is that we keep a versioned list of all the removals, and on refreshVersions upgrade, an automatic replacement will put back the hardcoded maven coordinates, using the version placeholder, and it will add our hand-written TODO/FIXME comments, along with a perfectly aligned replacement suggestion if there is any, so that moving to the newer artifact is as easy as upgrading to a newer version in the versions.properties file. We designed the system so that it cannot break your build, even if you were using withVersion(…) or other DependencyNotation extensions, even if you have code comments or special string literals.
It also supports the case where we just move a dependency notation to another place, or change its name, without changing the maven coordinates.
Because of this change, it's important that you check the git diff after upgrading refreshVersions and running the first Gradle reload/sync/build, so you can see if there's been any changes, and if you might want to switch to any replacement dependencies.
This change will enable us to keep the built-in dependency notations updated with less effort, so we're very happy to have it ready, and fully tested.
We've already started to take advantage of it to clean up all the discontinued artifacts we found in AndroidX.
- Repositories declared in the
dependencyResolutionManagementblock were ignored. Now, they are taken into account. - The kotest extensions dependencies were previously wrongly sharing their version as per refreshVersions rules. Now, they each have their independent, own version key.
- The
refreshVersionsMigratetask wasn't inserting new entries in alphabetical order. Now it is. - The
refreshVersionsMigratetask wasn't migrating buildscript dependencies. Now it is.
- AndroidX.appSearch.platformStorage
- AndroidX.benchmark.macro
- AndroidX.camera.video
- AndroidX.carApp:
- automotive
- projected
- AndroidX.compose:
- animation.graphics
- material3
- AndroidX.core.remoteViews
- AndroidX.dragAndDrop
- AndroidX.emoji2.bundled
- AndroidX.glance.appWidget
- AndroidX.glance
- AndroidX.leanback.grid
- AndroidX.lifecycle.runtimeTesting
- AndroidX.media3:
- cast
- common
- database
- datasource:
- cronet
- okhttp
- rtmp
- decoder
- exoPlayer:
- dash
- hls
- ima
- rtsp
- workmanager
- extractor
- session
- testUtils.robolectric
- testUtils
- transformer
- ui.leanback
- ui
- AndroidX.multidex.instrumentation
- AndroidX.paging.guava
- AndroidX.room:
- paging
- rxJava3
- AndroidX.wear.tiles.testing
- AndroidX.wear.watchFace:
- complications.dataSourceKtx
- complications.dataSource
- editor
- KotlinX.coroutines.bom
- Square.moshi.adapters
- Testing.junit:
- bom
- jupiter: (moved from Testing.junit)
- api (moved from Testing.junit.api)
- engine (moved from Testing.junit.engine)
- migrationSupport (moved from Testing.junit.migrationSupport)
- params (moved from Testing.junit.params)
- Testing.kotest.framework:
- api
- dataset
Thanks to Emil Kantis for the kotest dependencies fixes! Thanks to Kamalesh for the help in updating AndroidX dependency notations! Thanks to Simon Marquis for adding Square.moshi.adapters, and helping contributors using Windows!
Fix a bug that broke standalone buildSrc builds.
Fix a regression that brought a KotlinNullPointerException in the build. We apologize for the issue. Thanks to Marcin and Craig for the report.
- AndroidX.compose.ui.toolingPreview
- Chucker
- KotlinX.cli
- KotlinX.datetime
Thanks to Filip Czaplicki, who contributed to the new dependency notations!
We now support npm dependencies for Kotlin/JS!
Just put the version placeholder (_) in place of the version, and you're good to go.
The version keys follow a simple naming scheme where their id is prefixed with npm, here are two examples:
version.npm.react=17.0.2version.npm.@googlemaps/js-api-loader=1.12.2
Special thanks to NikkyAI who authored the feature, and pair-programmed with us to refine it!
Before this release, when we added new dependency notations and shorter version keys, it could lead to an unwanted upgrade of the dependency in the project upgrading refreshVersions. With this release, we make sure to copy the same version if we add or change the version key, and it will also work if we decide to remove one. This ensures that upgrading refreshVersions will not be able to affect your application or library.
Thanks to Brady Aiello from Touchlab for helping out via pair-programming!
- Koin (new group with several dependencies)
- Touchlab.stately (new group with several dependencies)
- RussHWolf.multiplatformSettings (new group with several dependencies)
Thanks to Brady Aiello again, who contributed to these new dependency notations!
We are now ready to accept dependency notation contributions for high-quality and popular dependencies from the Kotlin ecosystem!
Look for issues with the Dependency notations and up-for-grabs tags to find one you can directly contribute to, or submit a new issue to ask for a new one to be added. We updated the contributing guide on the website, it now has a guide dedicated to it here.
- refreshVersions will now add
## unusedcomments on top of unused entries in theversions.propertiesfile after you run therefreshVersionstask, so you know which ones are obsolete and can be removed. - The new
rejectVersionsIf { … }predicate available in therefreshVersions { … }extension in yoursettings.gradle[.kts]file will allow you to filter any kind of versions you don't want to know about. It can be handy to filter snapshots out for example. - Most of our dependency notations now provide more flexibility with 3 new extension functions:
withVersionPlaceholder(),withVersion(…), andwithoutVersion().
- If you use a BoM from the built-in dependency notations, it must always appear before dependencies from the group it controls, or you'll see an error message that will fail the Gradle build. We do this because we can't switch on usage of the BoM for linked dependencies that have already been evaluated by Gradle.
The refreshVersionsMigrate will now use the built-in dependency notations if they match existing dependencies.
- AndroidX:
- benchmark.macroJunit4
- core.splashscreen
- games:
- activity
- controller
- framePacing
- performanceTuner
- textInput
- navigation.testing
- wear.compose:
- foundation
- material
- window
- java
- rxJava2
- rxJava3
- testing
- COIL:
- compose
- composeBase
- Firebase:
- cloudMessagingDirectBoot
- Firebase.mlModelDownloaderKtx
- Firebase.mlModelDownloader
- Kodein.di (new group with many dependencies)
- Kotlin.test (which is compatible with multiplatform projects since Kotlin 1.5)
- KotlinX.html (compatible with multiplatform projects)
- Ktor.features.serialization
- Http4k (new group with many dependencies)
- Splitties.alertdialogMaterial
- Square
- okHttp3.bom
- okHttp3 (shortcut to existing okHttp3.okHttp)
- retrofit2.converter.wire
- retrofit2 (shortcut to existing retrofit2.retrofit)
- Spring (new group with many dependencies)
Add task refreshVersionsMigrate that adds all missing entries in versions.properties and try to migrate the build.gradle(.kts) and other known files like libraries.gradle so that the version placeholder _ is used everywhere. Please try it out and give us your feedback for refreshVersionsMigrate
- Plugins org.jetbrains.kotlinx.benchmark should not use key version.kotlin
- Ktor.features.serialization
- AndroidX.navigation.testing
- Testing.kotestExtensions who replaces Testing.kotest.extensions in Kotest >= 4.5.0
- In Android projects, if you used the version placeholder (
_) directly inbuild.gradle(.kts)files, Android lint would trigger an unwanted warning, or error in the case of the Android build tools (aka. AGP, the Android Gradle Plugin). To avoid this inconvenience, running the refreshVersions task will now automatically check if it's running on an Android project, and in such cases, will edit (safely) thelint.xmlfile, creating it if needed, and add the needed rules to have these specific warnings and errors ignored.
- Add missing version placeholder (
_) for theGoogle.android.material.composeThemeAdapterdependency notation. - Fix a bug that prevented from using the correct version of
org.jetbrains.kotlinx.benchmarkand any other Gradle plugin with an id starting withorg.jetbrains.kotlinxbecause it matched overorg.jetbrains.kotlinas well. We are now matching onorg.jetbrains.kotlin.to avoid this issue.
- AndroidX:
- emoji2
- views-helper
- views
- health.servicesClient
- security.appAuthenticatorTesting
- emoji2
- Google.accompanist.insets.ui
- There's a new
versionForfunction that takes a dependency notation, or a version key, and returns the corresponding version that is in theversions.propertiesfile. For example, if you use Jetpack Compose, you can leverage it to setkotlinCompilerExtensionVersionwithversionFor(AndroidX.compose.ui). Groovy DSL users can find it in theVersionsclass. - Support updates of settings plugins in
settings.gradle.ktsandsettings.gradlefiles (including refreshVersions itself). - Support getting versions from Google Cloud Storage backed repositories. This can be helpful if you need to update private artifacts hosted there. Thanks to NikkyAI for the contribution!
- Setting up refreshVersions has been significantly simplified: Now, it's simply a plugin that must be applied in the
settings.gradle.ktsorsettings.gradlefile. Note that if you want to apply it tobuildSrcas well, there's a gotcha regarding defining the version. The best thing is that on upgrade, refreshVersions will automatically replace the old & verbose bootstrap with the new plugin setup, and that works for buildSrc special case as well. We made many tests to ensure that this logic is reliable, doesn't break any code, doesn't remove important comments, and doesn't affect custom configuration in any way. - Bintray sunset resiliency: If refreshVersions encounters an HTTP 403 response on a bintray repository or on jcenter, it will consider the artifact to not be in this repository instead of crashing (but you can/should still remove bintray repo declarations anyway since it has been sunset).
- Missing short version key rules have been added for many dependency notations groups in the
Testingobject, and forOrchid.
- The fix of the
Square.sqlDelight.coroutinesExtensionsdependency notation can lead to such an error:Failed to resolve: coroutines-extensions-1.4.4-_. If you get a similar error on upgrade, it's because you applied a fix like that one:Square.sqlDelight.coroutinesExtensions + ":_". You now can (must) remove it. - A bunch of new version key rules have been added, which means you might have changes of version keys, and because we currently don't have a migration facility for those, it might cause unwanted upgrades. Consequently, especially for Android projects, we recommend checking/verifying the changes made by refreshVersions after the first Gradle sync/reload/build that follows the upgrade.
- Authentication for maven repositories should now work correctly. Should, because it can only work using internal Gradle APIs for the time being (though there's a safeguard to not crash if the API changes). Thanks to Mayank Kharbanda for the PR!
- Custom
extraArtifactVersionKeyRulescould not be taken into account if there was an overlapping rule already present in refreshVersions, even if it was more specific. That ordering issue has now been fixed, the most specific rule will now always be the one applied. - If you had issues with some recent AndroidX artifacts, and their version key, they should all be fixed now, and there's all the latest dependency notations.
- AndroidX:
- activity.ktx
- activity.compose
- appSearch
- appSearch.compiler
- appSearch.localStorage
- biometricKtx
- carApp
- carApp.testing
- compose:
- material.ripple
- runtime.rxJava3
- runtime.saveable
- ui:
- test
- testJunit4
- testManifest
- tooling
- toolingData
- viewBinding
- constraintLayoutCompose
- core.googleShortcuts
- dataStore:
- core
- rxJava2
- rxJava3
- preferences:
- core
- rxJava2
- rxJava3
- hilt.navigationCompose
- hilt.navigationFragment
- leanback.paging
- leanback.preference
- leanback.tab
- lifecycle.viewModelCompose
- navigation.compose
- navigation.dynamicFeaturesFragment
- paging.compose
- paging.rxJava3
- savedStateKtx
- security.appAuthenticator
- transitionKtx
- wear:
- complications.data
- complications.provider
- input
- inputTesting
- ongoing
- phoneInteractions
- remoteInteractions
- watchFace
- watchFace.guava
- watchFace.client
- watchFace.clientGuava
- watchFace.complicationsRendering
- watchFace.data
- watchFace.editor
- watchFace.editorGuava
- watchFace.style
- tiles:
- proto
- renderer
- work.multiprocess
- work.rxJava3
- Firebase:
- analyticsKtx
- authenticationKtx
- cloudMessagingKtx
- crashlyticsKtx
- dynamicLinksKtx
- performanceMonitoringKtx
- Google:
- accompanist:
- appcompatTheme
- coil
- flowlayout
- glide
- imageloadingCore
- insets
- pager.indicators
- pager
- swiperefresh
- systemuicontroller
- android.material.composeThemeAdapter
- dagger.hilt.compiler
- accompanist:
- Testing.kotest.assertions.kotlinxDateTime
Thanks to all the folks that joined Louis CAD in pair-programming sessions:
Waqas Ahmed
Benjamin Orsini
Zahra Heydari
Alexi Bre- …and of course the original author and maintainer
Jean-Michel Fayard
These were critical to ensure thorough testing, and great quality, all while keeping motivation to keep going.
We're very grateful for your time and help, and we think our users will be as well. 🙏
Also, thanks to all the folks that reported issues. It was very helpful to prioritize on our side.
- Running the
refreshVersionstask twice or more would fail with "executor rejected" as an error message, until the Gradle daemon is killed. This has now been fixed. (Issue #263) - The
refreshVersionstask was failing after the latest Gradle release candidate was superseded by the stable release because the API would return an empty JSON object after this, which we didn't expect. - (Minor) We fixed a typo in a diagnostic task name (
refreshVersionsDependenciesMapping)
- This release fixes a major memory leak that would make Gradle Daemons unusable after several builds (or Gradle syncs/imports). We are very sorry for that issue, and the annoyance it might have caused. We experienced it too as users, and that's why we are bringing the fix now. We took the necessary measures to avoid future recurrence of such memory leaks.
- Fix of a bug that'd make the first Gradle sync after adding a dependency fail.
- If you were using Jetpack Compose, the compiler dependency had its maven coordinates changed in version 1.0.0-alpha04. We updated the
AndroidX.compose.compilerdependency notation, which means it now works only for Compose 1.0.0-alpha04 and more future versions.
- Google.android.playServices.mlKit
- Google.mlKit
- KotlinX.serialization.json
Firebase ML Kit has been rebranded to Google ML Kit along with API and feature changes since 2020-08-14 update, so we deprecated the Firebase.mlKit dependencies and introduced new ones in Google.android.playServices.mlKit and Google.mlKit.
- refreshVersions will now warn you when Gradle is not up to date, and will give you the commands to run to update it for you to copy/paste and run. It works if you're using a release candidate, and also if you're using a nightly version!
This is a major release that brings surface-level and internal changes, paving the way for the upcoming 1.0 release.
The plugin setup/bootstrap has changed, so check out the updated documentation in Setup.
- Self update discovery. RefreshVersions will check for its own updates, and add available comments in the
settings.gradle[.kts]file if needed for easy upgrade. This allows you to get future improvements conveniently. - Support for
buildscriptdependencies. It now works just like regular dependencies. - First class support for
buildSrc - Support maven repositories with basic authentication (aka. credentials with username and password)
- Going forward, refreshVersions will be able to auto-migrate any breaking changes a new version would introduce in your
versions.properties,build.gradleandbuild.gradle.ktsfiles in. This version of refreshVersions integrates the facility to let future versions of refreshVersions that migration is needed, and from which version. This is a very important change that ensures you can keep your projects updated with the least effort possible.
- Kotlin.stdlib (for the base version of the stdlib)
- KotlinX:
- html
- Coroutines:
- reactive
- reactor
- rx2
- rx3
- Serialization:
- core (replaces runtime artifacts since 1.0.0-RC)
- protobuf
- cbor
- properties
- io
- reflect.lite
- nodeJs
- COIL, a Coroutine Image Loader for Android.
- Square:
- LeakCanary
- KotlinPoet
- Wire
- SqlDelight
- Moshi
- Picasso
- okio
- Retrofit2:
- Adapter:
- java8 (renamed from retrofitJava8)
- rxJava1 (renamed from retrofitRxJava1)
- rxJava2 (renamed from retrofitRxJava2)
- rxJava3
- Adapter:
- KoTest (in the
Testingobject) - CashApp:
- sqlDelight (alias to Square.sqlDelight)
- turbine
- Copper
- Google:
- Dagger (including hilt for Android)
- Android:
- browserHelper
- JakeWharton:
- picnic
- wormholeGradlePlugin
- confundusGradlePlugin
- moshi.shimo
- AndroidX:
- Gaming
- Hilt
- startup
- tracing
- vectorDrawableSeekable
- Window
- Core:
- animation
- animationTesting
- Security:
- cryptoKtx
- identityCredential
- Compose:
- Runtime:
- dispatch
- savedInstance
- liveData
- rxJava2
- Animation
- Ui
- Foundation
- Material
- Runtime:
- Media2:
- lifecycle
- Concurrent:
- futuresKtx
Several dependencies notations have been renamed in this release (compared to version 0.9.4).
If you were using one of the following, you'll need to migrate these usages.
We recommend to use "Replace in Path" in IntelliJ or Android Studio, filtering for the *.gradle.kts or *.gradle file extensions to do these replacements with ease.
Note that for future versions, refreshVersions will be able to do this automatically.
Here's the list of renamed dependency notations:
AndroidX.coreKtx->AndroidX.core.ktxAndroidX.coreRole->AndroidX.core.roleSquare.retrofit2.adapter.retrofitJava8->Square.retrofit2.adapter.java8Square.retrofit2.adapter.retrofitRxJava1->Square.retrofit2.adapter.rxJava1Square.retrofit2.adapter.retrofitRxJava2->Square.retrofit2.adapter.rxJava2Testing.junit.junitJupiter->Testing.junitTesting.mockK.mockK->Testing.mockK
- Make the
refreshVersionstask cancellable during network requests. - Now, only http 404 and 401 responses from repositories will be silent.
- Server errors (i.e. all but http 404 and 401 responses) are now reported.
- Network failures are now reported.
- There is now a connection timeout (10 seconds per request for now)
- An error is reported if a dependency wasn't found in any of the configured repositories.
- All the searched repositories are now listed if a dependency wasn't found in any of them.
- Only declared repositories are now looked up. (Before, refreshVersions would search all dependencies in all repositories of all modules and their buildscript, regardless of which module was declaring them.)
- Dependency notation in
Ktorno longer uses thenativesuffixed artifacts (because Kotlin 1.4 drops them, as the main ones become multiplatform)
- Version sorting would crash if a version had a long number in it. This has now been fixed, any length of digit sequence is now supported in versions.
- Fix maven coordinates of several dependency notations
- Don't crash on repositories that are not https or file or have non password credentials.
- The
AndroidX.test.ext.jankTestHelpernotation and few other ones inFirebase.mlKithad wrong maven coordinates. This has been fixed, and tests have been added to prevent it from happening again on any dependency notation we provide.