v8.4.0

• Extract dependencies comparison into a library so it can be reused
• Core locking: verify & notify on offline behavior

v8.3.0

When using Gradle core locks, caching is disabled for changing modules and dynamic dependencies when configurations are unresolved and the --write-locks or --update-locks flags are passed in to update dependencies.

This is done by setting cacheDynamicVersionsFor(0, 'seconds') and cacheChangingModulesFor(0, 'seconds')

v8.2.0

Do not remove Gradle core locking lockfiles for no-longer locked configurations until dependency update task so that using this new plugin version will not immediately cause file system changes when running ./gradlew clean build

Uses Gradle 5.6.3

v8.1.0

Introduce skipped configuration names prefixes

Gradle 6.0 compatibility:

Gradle 6.0 changes the consumption and resolution behavior of configurations from the Java plugin. This version introduces the concept of alternative resolution configurations, which are used here.

Gradle 6.1 deprecates declaring dependencies on compile and runtime configurations

The following changes are made:

• Update tests to use implementation configuration rather than compile to prevent warnings like:

The compile configuration has been deprecated for dependency declaration. This will fail with an error in Gradle 7.0. Please use the implementation configuration instead.

• Migrate to core locks should migrate over configurations without an alternative resolution configuration (as introduced in Gradle 6.0) to prevent warnings like:

The runtime configuration has been deprecated for resolution. This will fail with an error in Gradle 7.0. Please resolve the runtimeClasspath configuration instead.

• LockableConfigurations method should only return configurations without a (safely found) resolution alternative (as introduced in Gradle 6.0)

• Global locking subproject configurations must be resolvable, consumable, and without a resolution alternative to prevent warnings like:

The compile configuration has been deprecated for consumption. This will fail with an error in Gradle 7.0. Please use attributes to consume the apiElements configuration instead.

• Do not remove Gradle core locking lockfiles for no-longer locked configurations until dependency update task so that using this new plugin version will not immediately cause file system changes when running ./gradlew clean build

v8.0.0

Remove Wayback functionality. This removes the need for http-builder which added dependencies with existing CVEs

v7.8.0

Core Locking dependency resolution

Core locking: verify dependency resolution once configurations are resolved; remove only lockfiles that are not requested to be locked

Notes:

1. dependency verification determines if all configurations were resolved correctly and that the lock state is not out of date. Errors in these are collected and cause a build failure with the reasons listed.
2. verification of dependency resolution does not take place when the migrationToCoreLocks task is invoked, as the dependency lock state is not complete enough at that point.
3. when lockfiles are removed, this is logged as a warning and the way to add them to be locked is emitted

Works with parallel builds

Updates

• plugin-plugin 12.3.5

v7.7.2

Remove maven coordinates

v7.7.1

com.netflix.nebula:nebula-gradle-interop:1.0.10

v7.7.0

Remove usage of deprecated DefaultVersionSelectorScheme constructor

v7.6.8

• Core locking: activate dependency locking for each configuration only once

• Upgrade to Gradle 5.6.1

• Upgrade to Kotlin 1.3.41

• Upgrade to plugin-plugin 12.1.0