[JAVA-5291] Use Gradle version catalogs to declare dependencies Created: 12/Jan/24  Updated: 16/Jan/24

Status: Backlog
Project: Java Driver
Component/s: Build
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Major - P3
Reporter: Jeffrey Yemin Assignee: Unassigned
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
is related to JAVA-4876 Update the build to modern Gradle Backlog

 Description   

A version catalog is a list of dependencies, represented as dependency coordinates, that a user can pick from when declaring dependencies in a build script.

The Gradle documentation is here: https://docs.gradle.org/7.3/userguide/platforms.html#sub:version-catalog-declaration

It has a number of nice properties, but the main one is that tools like Dependabot require its use in order to report on Gradle projects.  See here: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#gradle

POC here: https://github.com/jyemin/mongo-java-driver/commit/cc7d040afece1b58d24b9684deb929be2ed030b7

Note that in Gradle 7.3 it's still in preview, so the feature has to be explicitly enabled.

 
 



 Comments   
Comment by Ross Lawley [ 16/Jan/24 ]

https://github.blog/changelog/2023-08-24-gradle-support-for-dependabot-security-updates/

Generated at Thu Feb 08 09:04:12 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.