Skip to content

Commit 9675fd8

Browse files
yeikelgmazzo
yeikel
and
gmazzo
authored
Explain the dependency name for the Gradle Wrapper (#1)
* Updated `dependabot`'s docs to add `Gradle Wrapper` * Explain the dependency name for the Gradle Wrapper * Reword --------- Co-authored-by: Guillermo Mazzola <gmazzo65@gmail.com>
1 parent 9bd0c80 commit 9675fd8

File tree

1 file changed

+2
-1
lines changed

1 file changed

+2
-1
lines changed

data/reusables/dependabot/supported-package-managers.md

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -122,7 +122,7 @@ For more information about using {% data variables.product.prodname_dependabot_v
122122

123123
{% data variables.product.prodname_dependabot %} doesn't run Gradle but supports updates to the following files:
124124
* `build.gradle`, `build.gradle.kts` (for Kotlin projects)
125-
* `gradle/wrapper/gradle-wrapper.properties` (for the Gradle Wrapper)
125+
* `gradle/wrapper/gradle-wrapper.properties` (for Gradle wrapper)
126126
* `gradle/libs.versions.toml` (for projects using a standard Gradle version catalog)
127127
* `gradle.lockfile` (for projects using Gradle dependency locking)
128128
* Files included via the `apply` declaration that have `dependencies` in the filename. Note that `apply` does not support `apply to`, recursion, or advanced syntaxes (for example, Kotlin's `apply` with `mapOf`, filenames defined by property).
@@ -134,6 +134,7 @@ For {% data variables.product.prodname_dependabot_security_updates %}, Gradle su
134134
> [!NOTE]
135135
> * When you upload Gradle dependencies to the dependency graph using the {% data variables.dependency-submission-api.name %}, all project dependencies are uploaded, even transitive dependencies that aren't explicitly mentioned in any dependency file. When an alert is detected in a transitive dependency, {% data variables.product.prodname_dependabot %} isn't able to find the vulnerable dependency in the repository, and therefore won't create a security update for that alert.
136136
> * {% data variables.product.prodname_dependabot_version_updates %} will, however, create pull requests when the parent dependency is explicitly declared as a direct dependency in the project's manifest file.
137+
> * When updating the Gradle Wrapper, {% data variables.product.prodname_dependabot %} uses `gradle-wrapper` for the dependency name.
137138
138139
### Helm Charts
139140

0 commit comments

Comments
 (0)