zec
/
secant-android-wallet
mirror of https://github.com/zcash/secant-android-wallet.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
secant-android-wallet/.github/ISSUE_TEMPLATE/dependency.md

1.3 KiB
Raw Blame History

name about title labels assignees
Dependency update Update existing dependency to a new version. dependencies

For a Gradle dependency:

  1. Update the dependency version in the root gradle.properties
  2. Update the dependency locks
    1. For Gradle plugins: ./gradlew dependencies --write-locks
    2. For Gradle dependencies: ./gradlew resolveAll --write-locks
  3. Verify no unexpected entries appear in the lockfiles. A supply chain attack could occur during this stage. The lockfile narrows the supply chain attack window to this very moment (as opposed to every time a build occurs)
  4. Are there any new APIs or possible migrations for this dependency?

For Gradle itself:

  1. Update the Gradle version in gradle/wrapper/gradle-wrapper.properties
  2. Update the Gradle SHA in gradle/wrapper/gradle-wrapper.properties
  3. Update the Gradle wrapper by running ./gradlew wrapper --write-locks
  4. Verify no unexpected entries appear in the lockfiles. A supply chain attack could occur during this stage. The lockfile narrows the supply chain attack window to this very moment (as opposed to every time a build occurs)
  5. Re-add the Gradle SHA to gradle/wrapper/gradle-wrapper.properties
  6. Are there any new APIs or possible migrations?