TechQA.

How can I force the newest dependency to be used by gradle

72 views Asked by At

I’m attempting to upgrade an app I manage to satisfy a Checkmarx vulnerability scan. The scan is showing I am using an out of date version of org.apache.ivy and the issue is via Maven. To fix this I’ve I’ve added

all {
resolutionStrategy {
  force ‘org.apache.ivy:ivy:2.5.2’
}
}

If I run gradlew dependencies I only see the 2.5.2 version show in the tree as I expect. When I submit the build to Jenkins and have the Checkmarx scan run, it still shows that the older version of Ivy is present in the gradle cache path. What can I do to force only the newest version there?

java gradle checkmarx
Original Q&A
1

There are 1 answers

0
Oscar On BEST ANSWER

Try this way in dependencies block :

dependencies {
  //...
  implementation('org.apache.ivy:ivy') {
    version {
      strictly '[2.5.2]'
    }
  }
  //...
}

For more details about that implementation https://docs.gradle.org/current/userguide/rich_versions.html#rich-version-constraints This should solve your issue.

Related Questions in JAVA

Related Questions in GRADLE

Related Questions in CHECKMARX

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions