Skip to content

chore(deps): bump com.vanniktech.maven.publish from 0.34.0 to 0.37.0#2364

Closed
dependabot[bot] wants to merge 3 commits into
masterfrom
dependabot/gradle/com.vanniktech.maven.publish-0.37.0
Closed

chore(deps): bump com.vanniktech.maven.publish from 0.34.0 to 0.37.0#2364
dependabot[bot] wants to merge 3 commits into
masterfrom
dependabot/gradle/com.vanniktech.maven.publish-0.37.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor

Bumps com.vanniktech.maven.publish from 0.34.0 to 0.37.0.

Release notes

Sourced from com.vanniktech.maven.publish's releases.

0.37.0

  • When publishing to Maven Central, redundant checksum files are now excluded by default: checksums of .asc signature files (gradle/gradle#20232) and the sha256/sha512 checksums, which are never read by Gradle or Maven Central. The published checksums can be configured through checksums(...) in the DSL or the mavenCentralChecksums Gradle property (default md5,sha1). Signature checksum exclusion can be controlled through excludeSignatureChecksums() or the mavenCentralExcludeSignatureChecksums Gradle property.
  • Maven Central deployment id is being logged after upload.

Minimum supported versions

  • JDK 17
  • Gradle 9.0.0
  • Android Gradle Plugin 8.13.0
  • Kotlin Gradle Plugin 2.2.0

Compatibility tested up to

  • JDK 26
  • Gradle 9.6.0
  • Gradle 9.7.0-milestone-1
  • Android Gradle Plugin 9.2.1
  • Android Gradle Plugin 9.3.0-rc01
  • Android Gradle Plugin 9.4.0-alpha01
  • Kotlin Gradle Plugin 2.4.0

0.37.0-rc1

  • When publishing to Maven Central, redundant checksum files are now excluded by default: checksums of .asc signature files (gradle/gradle#20232) and the sha256/sha512 checksums, which are never read by Gradle or Maven Central. The published checksums can be configured through checksums(...) in the DSL or the mavenCentralChecksums Gradle property (default md5,sha1). Signature checksum exclusion can be controlled through excludeSignatureChecksums() or the mavenCentralExcludeSignatureChecksums Gradle property.
  • Maven Central deployment id is being logged after upload.

Minimum supported versions

  • JDK 17
  • Gradle 9.0.0
  • Android Gradle Plugin 8.13.0
  • Kotlin Gradle Plugin 2.2.0

Compatibility tested up to

  • JDK 26
  • Gradle 9.6.0
  • Gradle 9.7.0-milestone-1
  • Android Gradle Plugin 9.2.1
  • Android Gradle Plugin 9.3.0-rc01
  • Android Gradle Plugin 9.4.0-alpha01
  • Kotlin Gradle Plugin 2.4.0

0.36.0

BREAKING

... (truncated)

Changelog

Sourced from com.vanniktech.maven.publish's changelog.

0.37.0 (2026-06-21)

  • When publishing to Maven Central, redundant checksum files are now excluded by default: checksums of .asc signature files (gradle/gradle#20232) and the sha256/sha512 checksums, which are never read by Gradle or Maven Central. The published checksums can be configured through checksums(...) in the DSL or the mavenCentralChecksums Gradle property (default md5,sha1). Signature checksum exclusion can be controlled through excludeSignatureChecksums() or the mavenCentralExcludeSignatureChecksums Gradle property.
  • Maven Central deployment id is being logged after upload.

Minimum supported versions

  • JDK 17
  • Gradle 9.0.0
  • Android Gradle Plugin 8.13.0
  • Kotlin Gradle Plugin 2.2.0

Compatibility tested up to

  • JDK 26
  • Gradle 9.6.0
  • Gradle 9.7.0-milestone-1
  • Android Gradle Plugin 9.2.1
  • Android Gradle Plugin 9.3.0-rc01
  • Android Gradle Plugin 9.4.0-alpha01
  • Kotlin Gradle Plugin 2.4.0

0.36.0 (2026-01-13)

BREAKING

  • Updated minimum supported JDK, Gradle, Android Gradle Plugin and Kotlin versions.
  • Removed support for Dokka v1, it's now required to use Dokka in v2 mode.
  • Mark DirectorySignatureType internal.

Behavior changes

  • validateDeployment now has the DeploymentValidation enum as type instead of being a boolean. The default is now to just wait for the VALIDATED state. The previous behavior can be achieved by setting it to PUBLISHED. NONE can be used for disabling the validation completely.
  • When calling configure(...) manually to configure what to publish and not passing javadocJar explicity, the plugin now defaults to publishing an empty javadoc jar.

Features

  • Android projects now support using Dokka for javadoc creation, this will happen automatically when using the default options and the Dokka plugin is applied to the project.
  • Added consistent JavadocJar and SourcesJar options to configureBasedOnAppliedPlugins and to all applicable project types that can be passed to configure. The previous Boolean based versions have been deprecated.
  • When enabling Maven Central publishing through the DSL, the mavenCentralDeploymentValidation and mavenCentralAutomaticPublishing are used for the default values of the 2 parameters when they are not passed explicitly. This allows to more easily override them in certain environments.
  • When isolated projects is enabled the module/project specific gradle.properties files are now considered in

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [com.vanniktech.maven.publish](https://github.com/vanniktech/gradle-maven-publish-plugin) from 0.34.0 to 0.37.0.
- [Release notes](https://github.com/vanniktech/gradle-maven-publish-plugin/releases)
- [Changelog](https://github.com/vanniktech/gradle-maven-publish-plugin/blob/main/CHANGELOG.md)
- [Commits](vanniktech/gradle-maven-publish-plugin@0.34.0...0.37.0)

---
updated-dependencies:
- dependency-name: com.vanniktech.maven.publish
  dependency-version: 0.37.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@russellwheatley

Copy link
Copy Markdown
Member

Closing this out for now, we need to bump to AGP 9.X which requires a much bigger PR than proposed dependabot PR

@github-project-automation github-project-automation Bot moved this from Backlog to Done in studio-2394994192-60a69 Jul 7, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jul 7, 2026

Copy link
Copy Markdown
Contributor Author

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot Bot deleted the dependabot/gradle/com.vanniktech.maven.publish-0.37.0 branch July 7, 2026 09:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant