This Gradle plugin measures libyears of your project. libyears is a simple measure of software dependency freshness. It is a single number telling you how up-to-date your dependencies are. Learn more on libyear.com.
Update your Gradle build instructions with the following plugin application, which will automatically enable a dependency check after resolving dependencies:
// in Kotlin / build.gradle.kts:
plugins {
id("com.libyear.libyear-gradle-plugin").version("<version>")
}
libyear {
// Which dependency configuration to check?
configurations = listOf("compileClasspath")
// Fail in case fetching dependency metadata fails?
failOnError = true
// How to validate:
validator = allArtifactsCombinedMustNotBeOlderThan(5.years)
// alternatively:
validator = singleArtifactMustNotBeOlderThan(2.days)
}// in Groovy / build.gradle:
plugins {
id 'com.libyear.libyear-gradle-plugin' version "<version>"
}
libyear {
configurations = ['compileClasspath']
failOnError = true
validator = allArtifactsCombinedMustNotBeOlderThan(days(5))
}Please refer to LibYearExtension.kt for all possible configuration options and additional documentation.
The reportLibyears task shows a table with all outdated dependencies, including their newest version numbers and impact on the total of libyears.
If you build on a modern framework such as Spring Boot, you invite about 10 libyears into your project. And you haven't actually started to do something useful, did you?
> Task :example-spring-boot:reportLibyears
Collected 9.5 years worth of libyears from 13 dependencies:
-> 2.6 years from ch.qos.logback:logback-core (1.2.3 => 1.3.0-alpha5)
-> 2.6 years from ch.qos.logback:logback-classic (1.2.3 => 1.3.0-alpha5)
-> 1.3 years from org.glassfish:jakarta.el (3.0.3 => 4.0.1)
-> 1.2 years from jakarta.annotation:jakarta.annotation-api (1.3.5 => 2.0.0)
-> 5.9 months from org.apache.logging.log4j:log4j-api (2.13.3 => 2.14.0)
-> 5.9 months from org.apache.logging.log4j:log4j-to-slf4j (2.13.3 => 2.14.0)
-> 5.4 months from org.yaml:snakeyaml (1.27 => 1.28)
-> 28 days from com.fasterxml.jackson.core:jackson-annotations (2.11.4 => 2.12.1)
-> 28 days from com.fasterxml.jackson.core:jackson-core (2.11.4 => 2.12.1)
-> 28 days from com.fasterxml.jackson.datatype:jackson-datatype-jsr310 (2.11.4 => 2.12.1)
-> 28 days from com.fasterxml.jackson.datatype:jackson-datatype-jdk8 (2.11.4 => 2.12.1)
-> 28 days from com.fasterxml.jackson.module:jackson-module-parameter-names (2.11.4 => 2.12.1)
-> 28 days from com.fasterxml.jackson.core:jackson-databind (2.11.4 => 2.12.1)
BUILD SUCCESSFUL in 29s
1 actionable task: 1 executed
This release uses Gradle 6.9.2 as baseline for running the test suite and the plugin deployment.
This release uses Gradle 6.9.1 as baseline for running the test suite and the plugin deployment.
The violators report now excludes up-to-date dependencies which contribute zero seconds to the accumulated libyears.
The build runs against Gradle 6.9, Gradle 7.1, and Ktlint 10.1.0.
The plugin now also considers repositories defined in the settings script (settings.gradle or settings.gradle.kts) in addition to the project's repositories depending on the repositories mode. Previously, the plugin processed only the project's repositories.
The build also runs against Gradle 7 in addition to Gradle 6.x to prevent regressions.
J. Cox, E. Bouwers, M. van Eekelen and J. Visser, Measuring Dependency Freshness in Software Systems. In Proceedings of the 37th International Conference on Software Engineering (ICSE 2015), May 2015