Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Send resolved list of gradle dependencies (including versions) back to the client #644

Closed
Filazapovich opened this issue Jan 28, 2025 · 5 comments · Fixed by #645
Closed

Send resolved list of gradle dependencies (including versions) back to the client #644

Filazapovich opened this issue Jan 28, 2025 · 5 comments · Fixed by #645
Milestone
2.8.6

Comments

@Filazapovich
Copy link

It can be useful for analyzing dependencies for security reasons. The same idea as for #470 but for Android
@Filazapovich Filazapovich changed the title Send resolved versions and list of gradle dependencies back to the client Send resolved list of gradle dependencies (including versions) back to the client Jan 28, 2025
@ekharkunov
Copy link
Contributor

@Filazapovich Please, provide description of expected format for requested information. There are no formalized format (like Podfile.lock) for gradle dependencies.

@harel-mi-MA
Copy link

harel-mi-MA commented Jan 29, 2025
edited
Loading

@Filazapovich Please, provide description of expected format for requested information. There are no formalized format (like Podfile.lock) for gradle dependencies.

There's a format, gradle.lockfile as specified here: https://docs.gradle.org/current/userguide/dependency_locking.html#sec:generate-locks

It would also be helpful to retrieve the tree of the dependencies as shown here:
https://docs.gradle.org/current/userguide/viewing_debugging_dependencies.html#sec:listing-dependencies

@britzl britzl mentioned this issue Jan 29, 2025
Merged
@ekharkunov ekharkunov added this to the Next release milestone Jan 30, 2025
@harel-mi-MA
Copy link

Hi,
Thank you for being swift about it!
Is there an option though to include the dependencies tree as well as I mentioned before (https://docs.gradle.org/current/userguide/viewing_debugging_dependencies.html#sec:listing-dependencies)?
It would help understanding how each of the dependencies has been introduced to the code base and would allow to evaluate how to upgrade a package if being transitive.

@britzl
Copy link
Contributor

britzl commented Jan 30, 2025

Hi, Thank you for being swift about it! Is there an option though to include the dependencies tree as well as I mentioned before (https://docs.gradle.org/current/userguide/viewing_debugging_dependencies.html#sec:listing-dependencies)? It would help understanding how each of the dependencies has been introduced to the code base and would allow to evaluate how to upgrade a package if being transitive.

This is something we can add in a separate PR. The gradle.lockfile will solve the urgent need of understanding how gradle resolved your dependencies.

@britzl
Copy link
Contributor

britzl commented Jan 30, 2025

This is something we can add in a separate PR

Feature Request: #647

@ekharkunov ekharkunov modified the milestones: Next release, 2.8.6 Jan 30, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
2.8.6
Development

Successfully merging a pull request may close this issue.

Send gradle log to client defold/extender
4 participants
@ekharkunov @britzl @Filazapovich @harel-mi-MA