diff --git a/README.md b/README.md index 18366f1..bd502be 100644 --- a/README.md +++ b/README.md @@ -55,6 +55,12 @@ cargo test - Override the native library path for tests with `LETTERBOX_CORE_LIB_PATH` or the `uniffi.component.letterbox_core.libraryOverride` system property (used by `RustFfiIntegrationTest`). - Gradle uses `gradle.properties` defaults (`org.gradle.jvmargs`, `android.useAndroidX`, Kotlin code style) and `gradle/libs.versions.toml` for dependency versions. +## Dependency overrides + +- Gradle forces patched transitive versions in `build.gradle.kts` to satisfy Dependabot advisories without changing application source usage. +- Overrides cover Android Gradle Plugin buildscript/runtime transitive artifacts (protobuf-java, jdom2, jose4j, commons-lang3, httpclient) and Netty modules when they appear in dependency graphs. +- If any override causes incompatibilities, remove or adjust the specific entry and re-run `./gradlew buildEnvironment` or `./gradlew :app:dependencyInsight`. + ## Testing - Rust core: `cargo test`. diff --git a/build.gradle.kts b/build.gradle.kts index 8f59584..21720ce 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -2,6 +2,32 @@ plugins { alias(libs.plugins.androidApplication) apply false } +val forcedDependencies = listOf( + "com.google.protobuf:protobuf-java:4.33.4", + "com.google.protobuf:protobuf-kotlin:4.33.4", + "io.netty:netty-codec:4.2.9.Final", + "io.netty:netty-codec-http:4.2.9.Final", + "io.netty:netty-codec-http2:4.2.9.Final", + "io.netty:netty-common:4.2.9.Final", + "io.netty:netty-handler:4.2.9.Final", + "org.bitbucket.b_c:jose4j:0.9.6", + "org.jdom:jdom2:2.0.6.1", + "org.apache.commons:commons-lang3:3.20.0", + "org.apache.httpcomponents:httpclient:4.5.14", +) + +gradle.beforeProject { + buildscript.configurations.configureEach { + resolutionStrategy.force(*forcedDependencies.toTypedArray()) + } +} + +allprojects { + configurations.configureEach { + resolutionStrategy.force(*forcedDependencies.toTypedArray()) + } +} + tasks.register("clean") { delete(rootProject.layout.buildDirectory) }