0
0
Fork 0
mirror of https://github.com/renovatebot/renovate.git synced 2025-01-12 22:29:06 +00:00
renovatebot_renovate/lib/modules/manager/gradle
2025-01-11 13:16:00 +00:00
..
__fixtures__ fix(manager/gradle): normalize version aliases in version catalogs (#22470) 2023-05-29 04:02:24 +00:00
extract fix(manager/gradle): Add support for GCV 2.23.0 (#29874) 2024-06-26 16:28:13 +00:00
parser fix(gradle): remove redundant checks and parser statements (#33526) 2025-01-11 13:16:00 +00:00
artifacts.spec.ts feat(manager/gradle): Use dependencies task when generating verification metadata (#29602) 2024-06-11 18:02:50 +00:00
artifacts.ts feat(gradle-wrapper): add support for gradle daemon JVM discovery (#31319) 2024-09-15 04:59:25 +00:00
extract.spec.ts refactor(prettier): Force trailing commas (#25631) 2023-11-07 15:50:29 +00:00
extract.ts refactor(prettier): Force trailing commas (#25631) 2023-11-07 15:50:29 +00:00
index.ts docs(managers): add missing url and displayName (#32621) 2024-12-01 08:47:27 +00:00
parser.spec.ts refactor(gradle): extract redundant functions and remove snapshot (#33430) 2025-01-09 07:22:45 +00:00
parser.ts fix(gradle): remove redundant checks and parser statements (#33526) 2025-01-11 13:16:00 +00:00
readme.md docs(gradle): correct requirements to process verification-metadata (#32534) 2024-11-14 14:49:34 +00:00
types.ts feat(gradle): add support for java.toolchain.languageVersion detection in build.gradle(.kts) files (#32461) 2024-11-21 11:16:25 +00:00
update.spec.ts refactor(prettier): Force trailing commas (#25631) 2023-11-07 15:50:29 +00:00
update.ts chore: update types reference 2023-08-15 11:31:15 +02:00
utils.spec.ts refactor(prettier): Force trailing commas (#25631) 2023-11-07 15:50:29 +00:00
utils.ts fix(gradle): remove redundant checks and parser statements (#33526) 2025-01-11 13:16:00 +00:00

The gradle manager uses a custom parser written in JavaScript, similar to many others managers. It does not call gradle directly in order to extract a list of dependencies.

Updating lockfiles

The gradle manager supports gradle lock files in .lockfile artifacts, as well as lock files used by the gradle-consistent-versions plugin. During lock file maintenance, renovate calls ./gradlew :dependencies --write-locks on the root project and subprojects. For regular dependency updates, renovate automatically updates lock state entries via the --update-locks command line flag.

As the output of these commands can be very large, any text other than errors (in stderr) is discarded.

Dependency verification

If Renovate finds a gradle/verification-metadata.xml file and either <verify-metadata>true</verify-metadata> or <verify-signatures>true</verify-signatures> (or both), it updates the content by using the gradle --write-verification-metadata <hashTypes> dependencies command. Renovate will check the file for existing hash types (like sha256) and use them as <hashTypes>.

!!! warning Gradle allows verification metadata to use the md5 and sha1 algorithms. Because those algorithms are prone to collision attacks, Renovate ignores them. If Renovate encounters hashes that are generated with md5 or sha1 algorithms, Renovate uses sha256 instead.