Skip to content

feat: update gradle dependencies, upgrade maplibre native android to 12.2.+ #413

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
josxha merged 3 commits into from
Dec 4, 2025
Merged

feat: update gradle dependencies, upgrade maplibre native android to 12.2.+ #413

josxha merged 3 commits into from
Dec 4, 2025

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 24, 2025
edited
Loading

Bumps the dependencies group with 1 update in the /example/android directory: org.jlleitschuh.gradle.ktlint.
Bumps the dependencies group with 4 updates in the /maplibre/android directory: com.android.tools.build:gradle, org.jlleitschuh.gradle:ktlint-gradle, org.maplibre.gl:android-sdk and io.nlopez.compose.rules:ktlint.

Updates org.jlleitschuh.gradle.ktlint from 13.1.+ to 14.0.1

Updates com.android.tools.build:gradle from 8.12.3 to 8.13.1

Updates org.jlleitschuh.gradle:ktlint-gradle from 13.1.+ to 14.0.1

Updates org.maplibre.gl:android-sdk from 12.0.+ to 12.1.3

Release notes

Sourced from org.maplibre.gl:android-sdk's releases.

android-v12.1.3

  • Disable UnsatisfiedLinkError during local tests (#3942)

android-v12.1.2

  • Update to latest MLT submodule (#3945).

android-v12.1.1

  • Update to latest MLT submodule (#3945).

android-v12.1.1-pre1

No release notes provided.

android-v12.1.0

✨ Features and improvements

  • Add support for parsing MLT-format vector tile sources (#3246).
  • Throw exception on System.loadLibrary fail (#3916).
  • Release allocated compass Bitmap as soon as possible (#3889).
  • Apply symbol shader changes from JS for Metal, Vulkan, and OpenGL (#3873).
  • Improve CMake build setup Harfbuzz and Freetype deps (#3879).

🐞 Bug fixes

  • [vulkan] Prevent member variable shadowing in mbgl::vulkan::ShaderProgram (#3886).
  • Add padding support to MapSnapshotter Android (#3882).
  • Fix requestRenderAndNotify continuous callback (#3913).
  • Add null check to Projection.getContentPadding() (#3937).
  • Assume CustomGeometrySource is cancelled when peer is null (#3933).
  • Use weak pointer for core layer (#3931).
Commits

Updates io.nlopez.compose.rules:ktlint from 0.4.27 to 0.4.28

Release notes

Sourced from io.nlopez.compose.rules:ktlint's releases.

v0.4.28

Notably, the only real "functional" change in this release is that ktlint is now targeting version 1.8.0, compiled against kotlin 2.2.21.

What's changed

Commits

Most Recent Ignore Conditions Applied to This Pull Request
Dependency Name Ignore Conditions
com.android.tools.build:gradle [>= 8.7.a, < 8.8]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Nov 24, 2025
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Nov 24, 2025
@github-project-automation github-project-automation bot moved this to Backlog in maplibre dev Nov 24, 2025
@cloudflare-workers-and-pages
Copy link

cloudflare-workers-and-pages bot commented Nov 24, 2025
edited
Loading

Deploying flutter-maplibre with  Cloudflare Pages  Cloudflare Pages

Latest commit: d474f45
Status: ✅  Deploy successful!
Preview URL: https://af88dc40.flutter-maplibre.pages.dev
Branch Preview URL: https://dependabot-gradle-example-an-cmll.flutter-maplibre.pages.dev

View logs

@dependabot dependabot bot added the java Pull requests that update Java code label Nov 24, 2025
@dependabot dependabot bot force-pushed the dependabot/gradle/example/android/dependencies-1afa71634e branch from 18ee005 to c7167e2 Compare December 1, 2025 17:14
@dependabot
build(deps): bump the dependencies group across 2 directories with 5 …
b111b1c 
…updates

Bumps the dependencies group with 1 update in the /example/android directory: org.jlleitschuh.gradle.ktlint.
Bumps the dependencies group with 4 updates in the /maplibre/android directory: com.android.tools.build:gradle, org.jlleitschuh.gradle:ktlint-gradle, [org.maplibre.gl:android-sdk](https://github.com/maplibre/maplibre-native) and [io.nlopez.compose.rules:ktlint](https://github.com/mrmans0n/compose-rules).


Updates `org.jlleitschuh.gradle.ktlint` from 13.1.+ to 14.0.1

Updates `com.android.tools.build:gradle` from 8.12.3 to 8.13.1

Updates `org.jlleitschuh.gradle:ktlint-gradle` from 13.1.+ to 14.0.1

Updates `org.maplibre.gl:android-sdk` from 12.0.+ to 12.1.3
- [Release notes](https://github.com/maplibre/maplibre-native/releases)
- [Changelog](https://github.com/maplibre/maplibre-native/blob/main/CHANGELOG.md)
- [Commits](https://github.com/maplibre/maplibre-native/commits/android-v12.1.3)

Updates `io.nlopez.compose.rules:ktlint` from 0.4.27 to 0.4.28
- [Release notes](https://github.com/mrmans0n/compose-rules/releases)
- [Commits](mrmans0n/compose-rules@v0.4.27...v0.4.28)

---
updated-dependencies:
- dependency-name: org.jlleitschuh.gradle.ktlint
  dependency-version: 14.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: com.android.tools.build:gradle
  dependency-version: 8.13.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: org.jlleitschuh.gradle:ktlint-gradle
  dependency-version: 14.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: org.maplibre.gl:android-sdk
  dependency-version: 12.1.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: io.nlopez.compose.rules:ktlint
  dependency-version: 0.4.28
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/gradle/example/android/dependencies-1afa71634e branch from c7167e2 to b111b1c Compare December 4, 2025 10:29
@josxha josxha moved this from Backlog to In Progress in maplibre dev Dec 4, 2025
@josxha josxha changed the title build(deps): bump the dependencies group across 2 directories with 5 updates feat: update gradle dependencies, upgrade maplibre native android to 12.2.+ Dec 4, 2025
@josxha josxha requested a review from Copilot December 4, 2025 11:18
Copilot finished reviewing on behalf of josxha December 4, 2025 11:21
Copilot AI reviewed Dec 4, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates multiple Gradle dependencies for the Android platform, with the primary goal of upgrading MapLibre Native Android SDK from 12.0.+ to 12.2.+. The update brings new features and bug fixes from MapLibre Native, including MLT-format vector tile source support and various stability improvements. However, there is a critical issue with an invalid version for the compose rules dependency.

Key Changes:

  • Upgrade MapLibre Native Android SDK to 12.2.+
  • Update ktlint tooling from 13.1.+ to 14.0.+ across both example and library projects
  • Update Android Gradle Plugin to 8.13.1
  • Auto-generated JNI bindings updated to reflect new MapLibre SDK methods

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 4 comments.

File Description
maplibre/lib/src/platform/android/jni.g.dart Auto-generated JNI bindings updated with new setFrustumOffset method from MapLibre SDK 12.2
maplibre/android/build.gradle Updated Android Gradle Plugin (8.13.1), ktlint-gradle (14.0.+), MapLibre SDK (12.2.+), and compose rules dependency (contains invalid version)
maplibre/CHANGELOG.md Documents the MapLibre Native upgrade to version 12.2
example/android/settings.gradle.kts Updated ktlint plugin to 14.0.+ to align with library project

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

maplibre/android/build.gradle
dependencies {
// jnigen picks up api dependencies
api 'org.maplibre.gl:android-sdk:12.0.+'
api 'org.maplibre.gl:android-sdk:12.2.+'
Copy link

Copilot AI Dec 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There's a discrepancy between the PR description and the actual code changes. The PR description states that org.maplibre.gl:android-sdk was updated from 12.0.+ to 12.1.3, but the actual code shows it's being updated to 12.2.+ (which matches the PR title).

The dynamic version pattern 12.2.+ will resolve to the latest 12.2.x version available (e.g., 12.2.0, 12.2.1, etc.), which is the correct approach here. However, the PR description should be updated to reflect the actual version pattern being used.

Copilot uses AI. Check for mistakes.
maplibre/android/build.gradle
dependencies {
// jnigen picks up api dependencies
api 'org.maplibre.gl:android-sdk:12.0.+'
api 'org.maplibre.gl:android-sdk:12.2.+'
Copy link

Copilot AI Dec 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using a dynamic dependency version org.maplibre.gl:android-sdk:12.2.+ is a supply-chain risk and a security misconfiguration. An attacker compromising a future 12.2.x release or a malicious artifact in the repository could be pulled into production builds without code changes, leading to unintended behavior or compromise. Pin the dependency to an exact, vetted version (e.g., 12.2.3) or use a strict version constraint and lockfile to ensure reproducible builds.

Suggested change
api 'org.maplibre.gl:android-sdk:12.2.+'
api 'org.maplibre.gl:android-sdk:12.2.3'

Copilot uses AI. Check for mistakes.
maplibre/android/build.gradle
classpath("org.jetbrains.kotlin:kotlin-gradle-plugin:$kotlin_version")
// noinspection GradleDynamicVersion
classpath("org.jlleitschuh.gradle:ktlint-gradle:13.1.+")
classpath("org.jlleitschuh.gradle:ktlint-gradle:14.0.+")
Copy link

Copilot AI Dec 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using a dynamic plugin version org.jlleitschuh.gradle:ktlint-gradle:14.0.+ is a supply-chain risk and a security misconfiguration. A compromised or buggy future 14.0.x release could be automatically consumed during builds, potentially executing malicious code in the CI/build environment. Pin to an exact version (e.g., 14.0.1) and use dependency locking to ensure reproducible and secure builds.

Copilot uses AI. Check for mistakes.
example/android/settings.gradle.kts
id("com.android.application") version "8.12.0" apply false
id("org.jetbrains.kotlin.android") version "2.1.21" apply false
id("org.jlleitschuh.gradle.ktlint") version "13.1.+" apply false
id("org.jlleitschuh.gradle.ktlint") version "14.0.+" apply false
Copy link

Copilot AI Dec 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using a dynamic plugin version org.jlleitschuh.gradle.ktlint:14.0.+ is a supply-chain risk and security misconfiguration. A compromised or unstable future 14.0.x release could be pulled into builds, potentially executing malicious code or breaking CI. Pin to an exact version (e.g., 14.0.1) and enable dependency locking to ensure reproducible, secure builds.

Suggested change
id("org.jlleitschuh.gradle.ktlint") version "14.0.+" apply false
id("org.jlleitschuh.gradle.ktlint") version "14.0.1" apply false

Copilot uses AI. Check for mistakes.
@josxha josxha merged commit e4330df into main Dec 4, 2025
21 checks passed
@josxha josxha deleted the dependabot/gradle/example/android/dependencies-1afa71634e branch December 4, 2025 11:29
@github-project-automation github-project-automation bot moved this from In Progress to Done in maplibre dev Dec 4, 2025
@josxha josxha added this to the v0.3.2 milestone Dec 4, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file java Pull requests that update Java code

Projects

maplibre dev
Status: Done

Milestone

v0.3.2

Development

Successfully merging this pull request may close these issues.

2 participants

@josxha