secant-android-wallet/.github/ISSUE_TEMPLATE/dependency.md

---
name: Dependency update
about: Update existing dependency to a new version.
title: ''
labels: dependencies
assignees: ''

---

For a Gradle dependency:
1. Update the dependency version in the root `gradle.properties`
1. Update the dependency locks
    1. For Gradle plugins: `./gradlew dependencies --write-locks`
    1. For Gradle dependencies: `./gradlew resolveAll --write-locks`
1. Verify no unexpected entries appear in the lockfiles. _A supply chain attack could occur during this stage. The lockfile narrows the supply chain attack window to this very moment (as opposed to every time a build occurs)_
1. Are there any new APIs or possible migrations for this dependency?

For Gradle itself:
1. Update the Gradle version in `gradle/wrapper/gradle-wrapper.properties`
1. Update the [Gradle SHA](https://gradle.org/release-checksums/) in `gradle/wrapper/gradle-wrapper.properties`
1. Update the Gradle wrapper by running `./gradlew wrapper --write-locks`
1. Verify no unexpected entries appear in the lockfiles. _A supply chain attack could occur during this stage. The lockfile narrows the supply chain attack window to this very moment (as opposed to every time a build occurs)_
1. Are there any new APIs or possible migrations?
[#53] Add issue template for updating dependencies 2021-10-25 09:07:09 -07:00			`---`
			`name: Dependency update`
			`about: Update existing dependency to a new version.`
			`title: ''`
			`labels: dependencies`
			`assignees: ''`

			`---`

			`For a Gradle dependency:`
[#55] Partial implementation of dependency locking With the release of Kotlin 1.6, dependency locks can apply pure Kotlin modules. Android modules are not yet supported. 2021-12-03 05:04:20 -08:00			1. Update the dependency version in the root `gradle.properties`
			`1. Update the dependency locks`
			1. For Gradle plugins: `./gradlew dependencies --write-locks`
Configure build with GitHub Actions 2022-01-26 12:13:19 -08:00			1. For Gradle dependencies: `./gradlew resolveAll --write-locks`
[#55] Partial implementation of dependency locking With the release of Kotlin 1.6, dependency locks can apply pure Kotlin modules. Android modules are not yet supported. 2021-12-03 05:04:20 -08:00			`1. Verify no unexpected entries appear in the lockfiles. _A supply chain attack could occur during this stage. The lockfile narrows the supply chain attack window to this very moment (as opposed to every time a build occurs)_`
			`1. Are there any new APIs or possible migrations for this dependency?`
[#53] Add issue template for updating dependencies 2021-10-25 09:07:09 -07:00
			`For Gradle itself:`
[#302] Gradle 7.4.2 2022-03-31 09:20:23 -07:00			1. Update the Gradle version in `gradle/wrapper/gradle-wrapper.properties`
			1. Update the [Gradle SHA](https://gradle.org/release-checksums/) in `gradle/wrapper/gradle-wrapper.properties`
[#678] Gradle 7.6 2022-12-15 07:16:50 -08:00			1. Update the Gradle wrapper by running `./gradlew wrapper --write-locks`
			`1. Verify no unexpected entries appear in the lockfiles. _A supply chain attack could occur during this stage. The lockfile narrows the supply chain attack window to this very moment (as opposed to every time a build occurs)_`
[#51] Updated build integrity documentation 2021-12-09 04:22:29 -08:00			`1. Are there any new APIs or possible migrations?`