secant-android-wallet/.github/ISSUE_TEMPLATE/dependency.md

---
name: Dependency update
about: Update existing dependency to a new version.
title: ''
labels: dependencies
assignees: ''

---

For a Gradle dependency:
1. Update the dependency version in the root `gradle.properties`
1. Update the dependency locks
    1. For Gradle plugins: `./gradlew dependencies --write-locks`
    1. For Gradle dependencies: `./gradlew resolveAll --write-locks`
1. Verify no unexpected entries appear in the lockfiles. _A supply chain attack could occur during this stage. The lockfile narrows the supply chain attack window to this very moment (as opposed to every time a build occurs)_
1. Are there any new APIs or possible migrations for this dependency?

For Gradle itself:
1. Run `./gradle wrapper --gradle-version $X`
1. Add `distributionSha256Sum=` in `gradle/wrapper/gradle-wrapper.properties`, referencing [Gradle Release Checksums](https://gradle.org/release-checksums/)
1. Are there any new APIs or possible migrations?
[#53] Add issue template for updating dependencies 2021-10-25 09:07:09 -07:00			`---`
			`name: Dependency update`
			`about: Update existing dependency to a new version.`
			`title: ''`
			`labels: dependencies`
			`assignees: ''`

			`---`

			`For a Gradle dependency:`
[#55] Partial implementation of dependency locking With the release of Kotlin 1.6, dependency locks can apply pure Kotlin modules. Android modules are not yet supported. 2021-12-03 05:04:20 -08:00			1. Update the dependency version in the root `gradle.properties`
			`1. Update the dependency locks`
			1. For Gradle plugins: `./gradlew dependencies --write-locks`
Configure build with GitHub Actions 2022-01-26 12:13:19 -08:00			1. For Gradle dependencies: `./gradlew resolveAll --write-locks`
[#55] Partial implementation of dependency locking With the release of Kotlin 1.6, dependency locks can apply pure Kotlin modules. Android modules are not yet supported. 2021-12-03 05:04:20 -08:00			`1. Verify no unexpected entries appear in the lockfiles. _A supply chain attack could occur during this stage. The lockfile narrows the supply chain attack window to this very moment (as opposed to every time a build occurs)_`
			`1. Are there any new APIs or possible migrations for this dependency?`
[#53] Add issue template for updating dependencies 2021-10-25 09:07:09 -07:00
			`For Gradle itself:`
[#55] Partial implementation of dependency locking With the release of Kotlin 1.6, dependency locks can apply pure Kotlin modules. Android modules are not yet supported. 2021-12-03 05:04:20 -08:00			1. Run `./gradle wrapper --gradle-version $X`
[#51] Updated build integrity documentation 2021-12-09 04:22:29 -08:00			1. Add `distributionSha256Sum=` in `gradle/wrapper/gradle-wrapper.properties`, referencing [Gradle Release Checksums](https://gradle.org/release-checksums/)
			`1. Are there any new APIs or possible migrations?`