Dependency locking picking up non-release versions


(Lukasz Sanek) #1

Hi, we’re using Gradle’s dependency locking and noticed an unexpected behavior with some of the dependencies. An example of a problematic dependency is https://mvnrepository.com/artifact/org.scalatest/scalatest_2.12/3.0.6-SNAP3 - what’s happening is that the declared dynamic version of that dependency in our build file is 3.0.+, however the dependency locking mechanism picks up 3.0.6-SNAP3 as the latest version instead of 3.0.5. Is that intentional? Shouldn’t it only consider release versions (i.e., without any metadata or suffixes)?