dep-man

Clone Tools
  • last updated a few seconds ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Make some error messages clearer

    • -1
    • +0
    ./01-core-dependency-management/dependency_verification.adoc
  1. … 4 more files in changeset.
Fix incorrect doc about disabling verification

    • -1
    • +1
    ./01-core-dependency-management/dependency_verification.adoc
Add documentation about disabling verification

    • -0
    • +34
    ./01-core-dependency-management/dependency_verification.adoc
  1. … 7 more files in changeset.
Add a note about why users should care

    • -1
    • +20
    ./01-core-dependency-management/dependency_verification.adoc
Dependency verification: Adjust sample commands and XML

Signed-off-by: Peter Stöckli <peter.stockli@alphabot.com>

    • -4
    • +4
    ./01-core-dependency-management/dependency_verification.adoc
Improve wording in the dependency version alignment docs

Signed-off-by: Márton Braun <braunmarci@gmail.com>

    • -4
    • +4
    ./03-controlling-transitive-dependencies/dependency_version_alignment.adoc
swap anchor names that got permuted accidentally

Signed-off-by: Stefan Neuhaus <stefan@stefanneuhaus.org>

    • -2
    • +2
    ./03-controlling-transitive-dependencies/platforms.adoc
Fix Typo

Signed-off-by: Stefan Neuhaus <stefan@stefanneuhaus.org>

    • -1
    • +1
    ./03-controlling-transitive-dependencies/platforms.adoc
Add support for key fingerprints

In order to provide maximum security, it's now possible to use full key

fingerprints, in addition to long (64-bit) key ids, in trusted or ignored

keys.

It doesn't matter what format is used: if a trusted key uses a long id,

then it's possible that if there's a key collision, an artifact would be

trusted even if it shouldn't. If a fingerprint is used instead, then we

would use the full fingerprint for verification.

It's worth nothing that PGP doesn't provide the full fingerprint in signatures

for the key issuer. This means that when we're going to download keys, we

will still use the long ids.

Fixes #11770

    • -3
    • +9
    ./01-core-dependency-management/dependency_verification.adoc
  1. … 19 more files in changeset.
Add documentation for exclusive repository content filtering

    • -0
    • +21
    ./01-core-dependency-management/declaring_repositories.adoc
  1. … 2 more files in changeset.
Improve wording of verification docs

    • -3
    • +2
    ./01-core-dependency-management/dependency_verification.adoc
Mention that the GPG file must be considered binary

    • -0
    • +8
    ./01-core-dependency-management/dependency_verification.adoc
Add note about key expiration

    • -0
    • +8
    ./01-core-dependency-management/dependency_verification.adoc
Fix review comments

    • -10
    • +46
    ./01-core-dependency-management/dependency_verification.adoc
Add a section explaining how to manually check artifacts

This is based on a real debugging session on the Gradle build

itself.

    • -4
    • +101
    ./01-core-dependency-management/dependency_verification.adoc
Initial documentation for dependency verification

This commit adds the documentation for _dependency verification_,

including:

- checksum verification

- signature verification

- best practices when handling verificaton errors

    • -0
    • +752
    ./01-core-dependency-management/dependency_verification.adoc
  1. … 2 more files in changeset.
Fix links to Javadoc

    • -5
    • +5
    ./06-publishing/publishing_customization.adoc
Fix links to javadoc

    • -5
    • +5
    ./06-publishing/publishing_customization.adoc
Escape less-than-equals so it does not render as an arrow

    • -1
    • +1
    ./03-controlling-transitive-dependencies/dependency_capability_conflict.adoc
Improve documentation on capabilities conflict solving

Clearly states that skipping conflict resolution when desired module is

not a candidate is the expected pattern.

    • -0
    • +13
    ./03-controlling-transitive-dependencies/dependency_capability_conflict.adoc
  1. … 2 more files in changeset.
rework links to snippets

    • -34
    • +34
    ./01-core-dependency-management/declaring_dependencies.adoc
    • -54
    • +54
    ./01-core-dependency-management/declaring_repositories.adoc
    • -4
    • +4
    ./01-core-dependency-management/viewing_debugging_dependencies.adoc
    • -14
    • +14
    ./02-declaring-dependency-versions/dependency_locking.adoc
    • -14
    • +14
    ./02-declaring-dependency-versions/dynamic_versions.adoc
    • -2
    • +2
    ./02-declaring-dependency-versions/rich_versions.adoc
    • -6
    • +6
    ./02-declaring-dependency-versions/single_versions.adoc
    • -28
    • +28
    ./03-controlling-transitive-dependencies/component_metadata_rules.adoc
    • -6
    • +6
    ./03-controlling-transitive-dependencies/dependency_capability_conflict.adoc
    • -2
    • +2
    ./03-controlling-transitive-dependencies/dependency_constraints.adoc
    • -13
    • +13
    ./03-controlling-transitive-dependencies/dependency_downgrade_and_exclude.adoc
    • -16
    • +16
    ./03-controlling-transitive-dependencies/dependency_version_alignment.adoc
    • -6
    • +6
    ./03-controlling-transitive-dependencies/platforms.adoc
    • -10
    • +10
    ./03-controlling-transitive-dependencies/resolution-strategy-tuning.adoc
    • -24
    • +24
    ./03-controlling-transitive-dependencies/resolution_rules.adoc
  1. … 92 more files in changeset.
Merge pull request #11465 from gradle/jjohannes/belongs-to

Implement 'belongsTo' for published platforms through real platform dependencies

    • -2
    • +1
    ./03-controlling-transitive-dependencies/component_metadata_rules.adoc
  1. … 1 more file in changeset.
Clarify the two options you have to use 'belongsTo()'

    • -2
    • +1
    ./03-controlling-transitive-dependencies/component_metadata_rules.adoc
    • -11
    • +50
    ./03-controlling-transitive-dependencies/dependency_version_alignment.adoc
  1. … 2 more files in changeset.
Fix documentation typos

Signed-off-by: Michael Ernst <mernst@cs.washington.edu>

    • -8
    • +8
    ./03-controlling-transitive-dependencies/component_metadata_rules.adoc
    • -1
    • +1
    ./03-controlling-transitive-dependencies/dependency_downgrade_and_exclude.adoc
    • -2
    • +2
    ./04-modeling-features/artifact_transforms.adoc
  1. … 19 more files in changeset.
Document lock mode

Fixes #9907

    • -1
    • +19
    ./02-declaring-dependency-versions/dependency_locking.adoc
  1. … 8 more files in changeset.
Document GMM validation rules

Also fix language in migration and spec documents.

    • -0
    • +14
    ./06-publishing/publishing_gradle_module_metadata.adoc
  1. … 2 more files in changeset.
Fix instructions for skipping sha256 and sha512

Also document their creation in the publishing chapter.

Issue #11308

  1. … 1 more file in changeset.
Fix deactivate locking sample (#11188)

The sample reference was wrong and it was missing an introductory text.

    • -6
    • +9
    ./02-declaring-dependency-versions/dependency_locking.adoc
Fix typo in section on variants in user manual

    • -1
    • +1
    ./04-modeling-features/variant_model.adoc
Document the dependency cache copy

The dependency cache can now be copied without having to respect

its absolute path.

Issue #1338

    • -0
    • +20
    ./01-core-dependency-management/dependency_resolution.adoc