Update the dependency version in the root gradle.properties
Update the dependency locks
For Gradle plugins: ./gradlew dependencies --write-locks
For Gradle dependencies: ./gradlew resolveAll --write-locks
Verify no unexpected entries appear in the lockfiles. A supply chain attack could occur during this stage. The lockfile narrows the supply chain attack window to this very moment (as opposed to every time a build occurs)
Are there any new APIs or possible migrations for this dependency?
For Gradle itself:
Update the Gradle version in gradle/wrapper/gradle-wrapper.properties
Update the Gradle SHA in gradle/wrapper/gradle-wrapper.properties
Update the Gradle wrapper by running ./gradlew wrapper --write-locks
Verify no unexpected entries appear in the lockfiles. A supply chain attack could occur during this stage. The lockfile narrows the supply chain attack window to this very moment (as opposed to every time a build occurs)
For a Gradle dependency:
gradle.properties
./gradlew dependencies --write-locks
./gradlew resolveAll --write-locks
For Gradle itself:
gradle/wrapper/gradle-wrapper.properties
gradle/wrapper/gradle-wrapper.properties
./gradlew wrapper --write-locks
Are there any new APIs or possible migrations?