Looking to simplify dependency management? Adding some tooling to your processes can speed things up and point you to areas that might call for a little more attention.
Automatic version upgrades
Android Studio highlights out-of-date library versions in the editor, along with quick-fixes to upgrade them. But this requires regularly checking all of your build files.
There are a number of third party tools that can automate the process, upgrading your build files and optionally creating a pull-request for the change. They locate and update to the latest available versions of each dependency, but you still need to analyze the results before release to ensure behavioral compatibility. Some popular examples include:
Check available upgrades
Gradle versions plugin gives you more manual upgrade control.
Running its dependencyUpdates task (via ./gradlew :dependencyUpdates)
generates a report of newer versions of your library dependencies. This can be
useful to check library status and manually target which libraries you want to
upgrade at a given time.
This can be especially useful if you're using a custom approach to specify your dependency versions, instead of a version catalog.
Report dependency changes
Upgrading the versions of libraries that you directly use can have a much wider impact on your application. Each library you use might require other library dependencies, forming a larger transitive dependency graph.
Dependency guard exposes the changes in that graph between versions of your application or library. This can be an invaluable tool for upgrade analysis, ensuring you consider direct and indirect upgrades.
Detect unused and misused dependencies
Keeping your build healthy can improve build speed and ensure your application and library has access to the dependencies it needs. The Dependency analysis Gradle plugin gives you tools to examine your dependencies, checking for proper usage in your build files.
Its reports include:
- Unused dependencies
- Used transitive dependencies (you should explicitly declare these so your application can access them if your direct dependencies stop using them)
- Dependencies declared in the wrong scope
- Unnecessary use of some plugins
- GraphViz views of your dependencies
License management
Developers of each library license them for your use. You are required to adhere to the terms of the license or you cannot use that library. Some licenses are very permissive, often requiring only a notice of their use. Some are considered "viral"; if you use those libraries, you must apply the same license to your application or library.
Licenses can change with any release. Whenever you upgrade, you should verify that the dependencies you're using are licensed in a compatible way with your application or library.
Report licenses
The Gradle License Report plugin helps by reporting the licenses of all of your dependencies. Be sure to check this report when you upgrade any dependencies. Verify that the licenses are compatible with your requirements, and ensure you're meeting their required terms.
Generate license notices
Licensing terms often require a notice that users of an application or consumers of a library can access. The Play Services OSS License Plugin and Gradle License Plugin generate data and activities to display license information. (Note that you may want to create your own means of displaying the data based on your application UI).
Using plugins such as these can automate much of your notice requirements, but keep in mind that they don't report resource licenses (for example, licenses needed for fonts, images, or sounds) or licenses of code snippets that you may have copied from the internet.