Skip to content

build: update forced dependencies#231

Merged
magisk317 merged 1 commit intobetafrom
chore/dependency-force-update
Apr 29, 2026
Merged

build: update forced dependencies#231
magisk317 merged 1 commit intobetafrom
chore/dependency-force-update

Conversation

@magisk317
Copy link
Copy Markdown
Owner

@magisk317 magisk317 commented Apr 29, 2026
edited by sourcery-ai Bot
Loading

Automated dependency force maintenance:

  • Removed force rules when natural resolution already matches forced versions.
  • Added or updated force rules for dependencies with open security alerts (Dependabot).
  • Refreshed committed Gradle dependency lockfiles after dependency graph changes.

Summary by Sourcery

Build:

  • 在根项目和子项目的配置中,添加 Gradle 解析策略规则,以强制统一使用一致版本的 Netty codec、HTTP、HTTP/2、common 和 handler 模块。
Original summary in English

Summary by Sourcery

Build:

  • Add Gradle resolution strategy rules to force consistent versions of Netty codec, HTTP, HTTP/2, common, and handler modules in root and subproject configurations.

@magisk317 magisk317 added dependencies Pull requests that update a dependency file java Pull requests that update java code labels Apr 29, 2026
@magisk317 magisk317 merged commit 12344c5 into beta Apr 29, 2026
4 checks passed
@magisk317 magisk317 deleted the chore/dependency-force-update branch April 29, 2026 05:50
@sourcery-ai
Copy link
Copy Markdown

sourcery-ai Bot commented Apr 29, 2026
edited
Loading

审阅者指南(在小型 PR 上折叠)

审阅者指南

更新 Gradle 中强制依赖的版本(尤其是多个 io.netty 模块),以符合当前安全要求,并重新生成锁定文件以反映更新后的依赖关系图。

使用更新后强制 Netty 版本的依赖解析流程图

flowchart TD
    A[Start Gradle build] --> B[Load build.gradle.kts]
    B --> C[Apply configurations.all]
    C --> D[Apply resolutionStrategy]

    D --> E[Apply forced dependencies
    - io.netty:netty-codec:4.1.125.Final
    - io.netty:netty-codec-http:4.1.132.Final
    - io.netty:netty-codec-http2:4.1.132.Final
    - io.netty:netty-common:4.1.118.Final
    - io.netty:netty-handler:4.1.118.Final
    - Other forced dependencies]

    E --> F[Resolve dependency graph]
    F --> G[Update dependency lockfiles]
    G --> H[Produce build artifacts]
    H --> I[End]

    subgraph Subprojects
      B2[Load subproject build.gradle.kts] --> C2[Apply subproject configurations.all]
      C2 --> D2[Apply subproject resolutionStrategy]
      D2 --> E
    end

    A --> B2
Loading

文件级更改

更改 详情 文件
在根项目和子项目中,将 Netty 和其他库的强制依赖版本与安全性和解析要求对齐。
  • 在根构建脚本的 resolutionStrategy 代码块中,为多个 io.netty 模块添加带有更新版本的显式 force 规则
  • 在子项目的 resolutionStrategy 代码块中镜像新的 io.netty force 规则,使所有子模块都解析到相同的安全版本
  • 保留其他库(例如 commons-lang3、jose4j、bcpkix)的现有 force 规则,同时依赖工作流来删除冗余规则并刷新依赖锁定文件
 build.gradle.kts
提示与命令

与 Sourcery 交互

  • 触发新审阅: 在拉取请求中评论 @sourcery-ai review
  • 继续讨论: 直接回复 Sourcery 的审阅评论。
  • 从审阅评论生成 GitHub Issue: 在某条审阅评论下回复,要求 Sourcery 从该评论创建 issue。你也可以直接回复 @sourcery-ai issue 来从该评论创建 issue。
  • 生成拉取请求标题: 在拉取请求标题任意位置写上 @sourcery-ai,即可随时生成标题。你也可以在拉取请求中评论 @sourcery-ai title 以(重新)生成标题。
  • 生成拉取请求摘要: 在拉取请求正文任意位置写上 @sourcery-ai summary,即可在你想要的位置随时生成 PR 摘要。你也可以在拉取请求中评论 @sourcery-ai summary 以(重新)生成摘要。
  • 生成审阅者指南: 在拉取请求中评论 @sourcery-ai guide,即可随时(重新)生成审阅者指南。
  • 批量解决所有 Sourcery 评论: 在拉取请求中评论 @sourcery-ai resolve,即可将所有 Sourcery 评论标记为已解决。如果你已经处理完所有评论且不想再看到它们,这会非常有用。
  • 忽略所有 Sourcery 审阅: 在拉取请求中评论 @sourcery-ai dismiss,即可忽略所有已有的 Sourcery 审阅。尤其适用于你想从头开始一次新的审阅——别忘了再评论 @sourcery-ai review 来触发新审阅!

自定义你的体验

访问你的 控制面板 以:

  • 启用或禁用审阅功能,例如 Sourcery 生成的拉取请求摘要、审阅者指南等。
  • 更改审阅语言。
  • 添加、移除或编辑自定义审阅指引。
  • 调整其它审阅设置。

获取帮助

Original review guide in English
Reviewer's guide (collapsed on small PRs)

Reviewer's Guide

Updates Gradle forced dependency versions (notably several io.netty modules) to align with current security requirements and regenerates lockfiles to reflect the updated dependency graph.

Flow diagram for dependency resolution with updated forced Netty versions

flowchart TD
    A[Start Gradle build] --> B[Load build.gradle.kts]
    B --> C[Apply configurations.all]
    C --> D[Apply resolutionStrategy]

    D --> E[Apply forced dependencies
    - io.netty:netty-codec:4.1.125.Final
    - io.netty:netty-codec-http:4.1.132.Final
    - io.netty:netty-codec-http2:4.1.132.Final
    - io.netty:netty-common:4.1.118.Final
    - io.netty:netty-handler:4.1.118.Final
    - Other forced dependencies]

    E --> F[Resolve dependency graph]
    F --> G[Update dependency lockfiles]
    G --> H[Produce build artifacts]
    H --> I[End]

    subgraph Subprojects
      B2[Load subproject build.gradle.kts] --> C2[Apply subproject configurations.all]
      C2 --> D2[Apply subproject resolutionStrategy]
      D2 --> E
    end

    A --> B2
Loading

File-Level Changes

Change Details Files
Align forced dependency versions for Netty and other libraries with security and resolution requirements across root and subprojects.
  • Add explicit force rules for multiple io.netty modules with updated versions in the root buildscript resolutionStrategy block
  • Mirror the new io.netty force rules in the subprojects resolutionStrategy block so all submodules resolve to the same secured versions
  • Retain existing force rules for other libraries (e.g., commons-lang3, jose4j, bcpkix) while relying on the workflow to drop redundant ones and refresh dependency lockfiles
 build.gradle.kts
Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it. You can also reply to a
    review comment with @sourcery-ai issue to create an issue from it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time. You can also comment
    @sourcery-ai title on the pull request to (re-)generate the title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time exactly where you
    want it. You can also comment @sourcery-ai summary on the pull request to
    (re-)generate the summary at any time.
  • Generate reviewer's guide: Comment @sourcery-ai guide on the pull
    request to (re-)generate the reviewer's guide at any time.
  • Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
    pull request to resolve all Sourcery comments. Useful if you've already
    addressed all the comments and don't want to see them anymore.
  • Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
    request to dismiss all existing Sourcery reviews. Especially useful if you
    want to start fresh with a new review - don't forget to comment
    @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

sourcery-ai[bot]
sourcery-ai Bot reviewed Apr 29, 2026
View reviewed changes
Copy link
Copy Markdown

@sourcery-ai sourcery-ai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey - 我在这里给出了一些高层面的反馈:

  • 不同模块中强制指定的 Netty 版本不一致(例如:codec 为 4.1.125.Final,而 codec-http/http2 为 4.1.132.Final,common/handler 为 4.1.118.Final);建议将它们统一到同一个 Netty 版本列车上,以避免一些微妙的运行时不兼容问题。
  • 由于这些 Netty 的强制版本同时出现在根工程和子项目的 resolutionStrategy 块中,建议将它们集中管理(例如通过 BOM 或版本目录条目),以降低未来自动化更新时版本漂移的风险。
给 AI Agent 的提示 
Please address the comments from this code review:

## Overall Comments
- The forced Netty versions are inconsistent across modules (e.g., codec at 4.1.125.Final vs codec-http/http2 at 4.1.132.Final and common/handler at 4.1.118.Final); consider aligning them to a single Netty release train to avoid subtle runtime incompatibilities.
- Since these Netty forces are duplicated in both the root and subprojects resolutionStrategy blocks, consider centralizing them (e.g., via a BOM or version catalog entry) to reduce the chance of drift in future automated updates.
Sourcery 对开源项目是免费的——如果你觉得我们的评审有帮助,欢迎分享 ✨
帮我变得更有用!请在每条评论上点 👍 或 👎,我会根据你的反馈改进后续的评审。
Original comment in English

Hey - I've left some high level feedback:

  • The forced Netty versions are inconsistent across modules (e.g., codec at 4.1.125.Final vs codec-http/http2 at 4.1.132.Final and common/handler at 4.1.118.Final); consider aligning them to a single Netty release train to avoid subtle runtime incompatibilities.
  • Since these Netty forces are duplicated in both the root and subprojects resolutionStrategy blocks, consider centralizing them (e.g., via a BOM or version catalog entry) to reduce the chance of drift in future automated updates.
Prompt for AI Agents 
Please address the comments from this code review:

## Overall Comments
- The forced Netty versions are inconsistent across modules (e.g., codec at 4.1.125.Final vs codec-http/http2 at 4.1.132.Final and common/handler at 4.1.118.Final); consider aligning them to a single Netty release train to avoid subtle runtime incompatibilities.
- Since these Netty forces are duplicated in both the root and subprojects resolutionStrategy blocks, consider centralizing them (e.g., via a BOM or version catalog entry) to reduce the chance of drift in future automated updates.
Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sourcery-ai sourcery-ai[bot] sourcery-ai[bot] left review comments

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file java Pull requests that update java code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@magisk317