starred/pkl
1
0
Fork 0
mirror of https://github.com/apple/pkl.git synced 2026-05-21 06:16:57 +02:00
Code Issues 198 Packages Projects Releases 10 Wiki Activity

Remove lockfiles, manage Gradle dependencies with Dependabot (#1535)

Browse Source 
Dependabot currently does not update lockfiles in multi-module projects
(see https://github.com/dependabot/dependabot-core/issues/14633)

To work around this issue, we will simply remove our lockfiles, and
change our version catalog to use fully specified versions.
The removal of lockfiles introduces two issues:

1. It is less visible what our dependency graph is
2. Our builds are potentially non-reproducible

To work around this, two mitigations are in place:

1. Enable `failOnDynamicVersions()`, which causes Gradle to fail the
build if any dependencies declare a version range
2. Enable GitHub dependency submission, which provides insight into the
project SBOM
This commit is contained in:
Daniel Chao
2026-04-20 09:29:33 -07:00
committed by GitHub
parent 9046221e03
commit 07c68239b9
26 changed files with 40 additions and 1683 deletions
Download Patch File Download Diff File Expand all files Collapse all files
pkl-tools/gradle.lockfile
-62
View File
@@ -1,62 +0,0 @@
# This is a Gradle generated file for dependency locking.
# Manual edits can break the build and are not advised.
# This file is expected to be part of source control.
com.github.ajalt.clikt:clikt-core-jvm:5.0.3=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
com.github.ajalt.clikt:clikt-core:5.0.3=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
com.github.ajalt.clikt:clikt-jvm:5.0.3=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
com.github.ajalt.clikt:clikt-markdown-jvm:5.0.3=runtimeClasspath,testRuntimeClasspath
com.github.ajalt.clikt:clikt-markdown:5.0.3=runtimeClasspath,testRuntimeClasspath
com.github.ajalt.clikt:clikt:5.0.3=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
com.github.ajalt.colormath:colormath-jvm:3.6.0=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
com.github.ajalt.colormath:colormath:3.6.0=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
com.github.ajalt.mordant:mordant-core-jvm:3.0.1=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
com.github.ajalt.mordant:mordant-core:3.0.1=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
com.github.ajalt.mordant:mordant-jvm-ffm-jvm:3.0.1=runtimeClasspath,testRuntimeClasspath
com.github.ajalt.mordant:mordant-jvm-ffm:3.0.1=runtimeClasspath,testRuntimeClasspath
com.github.ajalt.mordant:mordant-jvm-graal-ffi-jvm:3.0.1=runtimeClasspath,testRuntimeClasspath
com.github.ajalt.mordant:mordant-jvm-graal-ffi:3.0.1=runtimeClasspath,testRuntimeClasspath
com.github.ajalt.mordant:mordant-jvm-jna-jvm:3.0.1=runtimeClasspath,testRuntimeClasspath
com.github.ajalt.mordant:mordant-jvm-jna:3.0.1=runtimeClasspath,testRuntimeClasspath
com.github.ajalt.mordant:mordant-jvm:3.0.1=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
com.github.ajalt.mordant:mordant-markdown-jvm:3.0.1=runtimeClasspath,testRuntimeClasspath
com.github.ajalt.mordant:mordant-markdown:3.0.1=runtimeClasspath,testRuntimeClasspath
com.github.ajalt.mordant:mordant:3.0.1=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
com.palantir.javapoet:javapoet:0.14.0=runtimeClasspath,testRuntimeClasspath
com.squareup:kotlinpoet:1.6.0=runtimeClasspath,testRuntimeClasspath
io.leangen.geantyref:geantyref:1.3.16=runtimeClasspath,testRuntimeClasspath
net.java.dev.jna:jna:5.14.0=runtimeClasspath,testRuntimeClasspath
org.commonmark:commonmark-ext-gfm-tables:0.28.0=runtimeClasspath,testRuntimeClasspath
org.commonmark:commonmark:0.28.0=runtimeClasspath,testRuntimeClasspath
org.graalvm.polyglot:polyglot:25.0.1=runtimeClasspath,testRuntimeClasspath
org.graalvm.sdk:collections:25.0.1=runtimeClasspath,testRuntimeClasspath
org.graalvm.sdk:graal-sdk:25.0.1=runtimeClasspath,testRuntimeClasspath
org.graalvm.sdk:jniutils:25.0.1=runtimeClasspath,testRuntimeClasspath
org.graalvm.sdk:nativeimage:25.0.1=runtimeClasspath,testRuntimeClasspath
org.graalvm.sdk:word:25.0.1=runtimeClasspath,testRuntimeClasspath
org.graalvm.truffle:truffle-api:25.0.1=runtimeClasspath,testRuntimeClasspath
org.graalvm.truffle:truffle-compiler:25.0.1=runtimeClasspath,testRuntimeClasspath
org.graalvm.truffle:truffle-runtime:25.0.1=runtimeClasspath,testRuntimeClasspath
org.jetbrains.kotlin:kotlin-reflect:2.2.21=runtimeClasspath,testRuntimeClasspath
org.jetbrains.kotlin:kotlin-stdlib:2.2.21=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
org.jetbrains.kotlinx:kotlinx-coroutines-bom:1.10.2=runtimeClasspath,testRuntimeClasspath
org.jetbrains.kotlinx:kotlinx-coroutines-core-jvm:1.10.2=runtimeClasspath,testRuntimeClasspath
org.jetbrains.kotlinx:kotlinx-coroutines-core:1.10.2=runtimeClasspath,testRuntimeClasspath
org.jetbrains.kotlinx:kotlinx-html-jvm:0.12.0=runtimeClasspath,testRuntimeClasspath
org.jetbrains.kotlinx:kotlinx-serialization-bom:1.9.0=runtimeClasspath,testRuntimeClasspath
org.jetbrains.kotlinx:kotlinx-serialization-core-jvm:1.9.0=runtimeClasspath,testRuntimeClasspath
org.jetbrains.kotlinx:kotlinx-serialization-core:1.9.0=runtimeClasspath,testRuntimeClasspath
org.jetbrains.kotlinx:kotlinx-serialization-json-jvm:1.9.0=runtimeClasspath,testRuntimeClasspath
org.jetbrains.kotlinx:kotlinx-serialization-json:1.9.0=runtimeClasspath,testRuntimeClasspath
org.jetbrains:annotations:13.0=compileClasspath,testCompileClasspath
org.jetbrains:annotations:23.0.0=runtimeClasspath,testRuntimeClasspath
org.jetbrains:markdown-jvm:0.7.3=runtimeClasspath,testRuntimeClasspath
org.jetbrains:markdown:0.7.3=runtimeClasspath,testRuntimeClasspath
org.jline:jline-native:4.0.12=runtimeClasspath,testRuntimeClasspath
org.jline:jline-reader:4.0.12=runtimeClasspath,testRuntimeClasspath
org.jline:jline-terminal-jni:4.0.12=runtimeClasspath,testRuntimeClasspath
org.jline:jline-terminal:4.0.12=runtimeClasspath,testRuntimeClasspath
org.jspecify:jspecify:1.0.0=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
org.msgpack:msgpack-core:0.9.11=runtimeClasspath,testRuntimeClasspath
org.organicdesign:Paguro:3.10.3=runtimeClasspath,testRuntimeClasspath
org.snakeyaml:snakeyaml-engine:2.10=runtimeClasspath,testRuntimeClasspath
empty=annotationProcessor,fatJar,firstPartySourcesJars,placeholderAnnotationProcessor,placeholderCompileClasspath,placeholderRuntimeClasspath,shadow,signatures,testAnnotationProcessor