Update Gradle wrapper files to 8.6

[asos-edgeorge]

Background

The local Gradle wrapper-related files within the project do not match the expected files for the Gradle version specified within the gradle-wrapper.properties file

distributionUrl=https\://services.gradle.org/distributions/gradle-8.6-bin.zip

This is likely occurring as the expected ./gradlew wrapper call was not previously used to upgrade the wrapper and the file was edited manually

To confirm this locally, you can run gradlew wrapper --gradle-version=8.6 --distribution-type=bin locally and observe there's a difference in a number of the related wrapper files

$ ./gradlew wrapper --gradle-version=8.6 --distribution-type=bin

# [Truncated]
BUILD SUCCESSFUL in 5s
4 actionable tasks: 2 executed, 2 up-to-date 

$ git status --porcelain
 M gradle/wrapper/gradle-wrapper.jar
 M gradle/wrapper/gradle-wrapper.properties
 M gradlew
 M gradlew.bat

What I've changed

This change contains the result of running the following command:

gradlew wrapper --gradle-version=8.6 --distribution-type=bin --gradle-distribution-sha256-sum=9631d53cf3e74bfa726893aee1f8994fee4e060c401335946dba2156f440f24c

Running the above locally within the project will ensure the relevant Gradle wrapper files for Gradle 8.6 are added.

Additionally, by providing the expected SHA-256 checksum for the Gradle 8.6 distribution (source) in this way, a distributionSha256Sum property is created within gradle-wrapper.properties which provides additional protection against Gradle supply chain attacks by ensuring future downloads via the distributionUrl are matched against the checksum and failing the builds otherwise.

See this post and relevant docs for more information.

Any questions, feel free to ask!

[benju69]

Ok nice, yes it's better to upgrade with the command :) We can even upgrade to Gradle 8.7

[martinbonnin]

Thanks!

For the record, I double checked the files matched like described in this other comment