docs: promote use of bill of materials in quickstart documentation #1620
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
lqiu96
reviewed
Jan 16, 2025
| @@ -50,35 +50,69 @@ credentials as well as utility methods to create them and to get Application Def | |||
|
|
|||
| ## Quickstart | |||
|
|
|||
| ### Using Maven | |||
There was a problem hiding this comment.
Thanks!
Thoughts on also mentioning libraries-bom here (perhaps a small section)? We can mention that if you use libraries-bom, then auth-bom is imported as well.
Otherwise, you should manually import the auth-bom (like below)
There was a problem hiding this comment.
Sounds good. I'll add a section.
There was a problem hiding this comment.
Ah, I think it's not as trivial to ensure the snippet with libraries-bom has an up-to-date <version/> since it's not managed in versions.txt.
Other repos such as google-cloud-java use the config yaml.
We also have the case of spring-cloud-gcp which seems to rely on renovate-bot. I think it's better to wait for such PR and otherwise raise an issue to keep it up to date.
There was a problem hiding this comment.
Ah yeah makes sense. Maybe we don't need to have a code reference here. We could just reference this page: https://cloud.google.com/java/docs/bom
lqiu96
reviewed
Jan 16, 2025
lqiu96
reviewed
Jan 16, 2025
lqiu96
reviewed
Jan 16, 2025
lqiu96
reviewed
Jan 16, 2025
lqiu96
reviewed
Jan 16, 2025
Co-authored-by: Lawrence Qiu <lawrenceqiu@google.com>
Co-authored-by: Lawrence Qiu <lawrenceqiu@google.com>
diegomarquezp
commented
Jan 17, 2025
There was a problem hiding this comment.
@lqiu96 thanks for the comments. Just for clarity, #1616 (review) was pretty much to ensure these versions in our READMEs get updated properly by release-please
lqiu96
reviewed
Jan 17, 2025
README.md
Outdated
| @@ -50,35 +50,92 @@ credentials as well as utility methods to create them and to get Application Def | |||
|
|
|||
| ## Quickstart | |||
|
|
|||
| ### Alternative: using `java-libraries-bom` | |||
There was a problem hiding this comment.
Perhaps not as alternative since it's the first option listed. I think we can probably put something like Preferred/ Preference?
lqiu96
reviewed
Jan 17, 2025
lqiu96
approved these changes
Jan 17, 2025
Co-authored-by: Lawrence Qiu <lawrenceqiu@google.com>
diegomarquezp
added
the
automerge
gcf-merge-on-green
bot
removed
the
automerge
|
svc-squareup-copybara
pushed a commit
to cashapp/misk
that referenced
this pull request
Jan 24, 2025
| Package | Type | Package file | Manager | Update | Change | |---|---|---|---|---|---| | [org.jetbrains:annotations](https://github.com/JetBrains/java-annotations) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `26.0.1` -> `26.0.2` | | [io.grpc:grpc-stub](https://github.com/grpc/grpc-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `1.69.1` -> `1.70.0` | | [io.grpc:grpc-protobuf](https://github.com/grpc/grpc-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `1.69.1` -> `1.70.0` | | [io.grpc:grpc-netty](https://github.com/grpc/grpc-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `1.69.1` -> `1.70.0` | | [io.grpc:protoc-gen-grpc-java](https://github.com/grpc/grpc-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `1.69.1` -> `1.70.0` | | [io.grpc:grpc-bom](https://github.com/grpc/grpc-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `1.69.1` -> `1.70.0` | | [io.grpc:grpc-api](https://github.com/grpc/grpc-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `1.69.1` -> `1.70.0` | | [com.google.api-client:google-api-client](https://github.com/googleapis/google-api-java-client) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.7.1` -> `2.7.2` | | [com.squareup.wire:wire-schema](https://github.com/square/wire) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `5.0.0` -> `5.2.1` | | [com.squareup.wire:wire-runtime](https://github.com/square/wire) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `5.0.0` -> `5.2.1` | | [com.squareup.wire:wire-reflector](https://github.com/square/wire) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `5.0.0` -> `5.2.1` | | [com.squareup.wire:wire-moshi-adapter](https://github.com/square/wire) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `5.0.0` -> `5.2.1` | | [com.squareup.wire:wire-grpc-client](https://github.com/square/wire) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `5.0.0` -> `5.2.1` | | [com.squareup.wire:wire-gradle-plugin](https://github.com/square/wire) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `5.0.0` -> `5.2.1` | | [com.squareup.wire:wire-bom](https://github.com/square/wire) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `5.0.0` -> `5.2.1` | | [com.google.auth:google-auth-library-oauth2-http](https://github.com/googleapis/google-auth-library-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `1.30.1` -> `1.31.0` | | [com.google.auth:google-auth-library-credentials](https://github.com/googleapis/google-auth-library-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `1.30.1` -> `1.31.0` | | [com.datadoghq:dd-trace-api](https://github.com/datadog/dd-trace-java) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `1.45.1` -> `1.45.2` | | [com.datadoghq:dd-trace-ot](https://github.com/datadog/dd-trace-java) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `1.45.1` -> `1.45.2` | | [software.amazon.awssdk:sdk-core](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.30.2` -> `2.30.4` | | [software.amazon.awssdk:dynamodb-enhanced](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.30.2` -> `2.30.4` | | [software.amazon.awssdk:dynamodb](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.30.2` -> `2.30.4` | | [software.amazon.awssdk:aws-core](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.30.2` -> `2.30.4` | | [software.amazon.awssdk:bom](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.30.2` -> `2.30.4` | | [software.amazon.awssdk:auth](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.30.2` -> `2.30.4` | --- ### Release Notes <details> <summary>JetBrains/java-annotations (org.jetbrains:annotations)</summary> ### [`v26.0.2`](https://github.com/JetBrains/java-annotations/blob/HEAD/CHANGELOG.md#Version-2602) [Compare Source](JetBrains/java-annotations@26.0.1...26.0.2) - Fixed missing klibs for apple artifacts. </details> <details> <summary>googleapis/google-api-java-client (com.google.api-client:google-api-client)</summary> ### [`v2.7.2`](https://github.com/googleapis/google-api-java-client/blob/HEAD/CHANGELOG.md#272-2025-01-22) ##### Bug Fixes - Add warnings to users about using credentials from external sources ([#​2551](googleapis/google-api-java-client#2551)) ([3bb2879](googleapis/google-api-java-client@3bb2879)) </details> <details> <summary>square/wire (com.squareup.wire:wire-schema)</summary> ### [`v5.2.1`](https://github.com/square/wire/blob/HEAD/CHANGELOG.md#Version-521) [Compare Source](square/wire@5.2.0...5.2.1) *2025-01-07* ##### JVM generation - Fix support for mutable messages in Wire's Kotlin Generator. ([#​3233](square/wire#3233) by \[Rahul Ravikumar]\[tikurahul]) ### [`v5.2.0`](https://github.com/square/wire/blob/HEAD/CHANGELOG.md#Version-520) [Compare Source](square/wire@5.1.0...5.2.0) *2025-01-06* ##### Common - Enforce recursion limit when parsing nested groups. ([#​3119](square/wire#3119)) ##### CLI `wire-compiler` - It is now possible to set multiple targets. ([#​3106](square/wire#3106) & [#​3107](square/wire#3107)) - The option `opaque_types` introduced in `4.9.2` for the Wire Gradle plugin is now available on CLI. ([#​3147](square/wire#3147)) ##### JVM generation - [KotlinPoet has been updated to `2.0.0`](https://square.github.io/kotlinpoet/changelog/#version-200) which dramatically changes how generated Kotlin files are wrapped. This is neither a source nor a binary breaking changes. - A new `@WireEnclosingType` annotation is now applied to generated types so R8 doesn't prune too much. ([#​3123](square/wire#3123)) - Split the redact method into chunks when a type has more than 100 fields to avoid compilation error. ([#​3214](square/wire#3214) by \[Damian Wieczorek]\[damianw]) - Add support for mutable messages in Wire's Kotlin Generator. ([#​3217](square/wire#3217) by \[Rahul Ravikumar]\[tikurahul]) - You can opt-in by adding `mutableTypes = true` on your Kotlin target. This is unsafe and we do not recommend that you use it unless you have a sound use-case for it. - Wire is now using Palantir's JavaPoet instead of Square's JavaPoet. ##### Swift - Fix buffer overflow and data corruption when a type has more than 5 layers of nesting ([#​3203](square/wire#3203) by \[Eric Amorde]\[amorde]) ### [`v5.1.0`](https://github.com/square/wire/blob/HEAD/CHANGELOG.md#Version-510) [Compare Source](square/wire@5.0.0...5.1.0) *2024-09-11* ##### Common - Support for Kotlin `2.0.20`. ([#​3093](square/wire#3093)) - `srcDir(String)` has been undeprecated. ([#​3039](square/wire#3039)) - Some loggings now happen at the debug level, instead of info. ([#​3041](square/wire#3041)) - Remove some unactionable warnings on Kotlin/JS ([#​3047](square/wire#3047)) - Propagate the deprecated flag on EnumType after pruning by wire-gradle-plugin ([#​3076](square/wire#3076) by \[Aaron Edwards]\[aaron-edwards]) - Introduce `ProtoReader32`, a specialization for Kotlin/JS ([#​3077](square/wire#3077)) This is an alternative to `ProtoReader`, which uses `Long` as a cursor. It originates as an optimization for Kotlin/JS, where `Long` cursors are prohibitively expensive. - Fix Gradle project isolation issue when reading a property ([#​3078](square/wire#3078) by \[Aurimas]\[liutikas]) - Change the recursion limit to match grpc's default ([#​3091](square/wire#3091)) ##### Kotlin - New enum option `enum_mode` to take precedence over the `enumMode` option added in `5.0.0-alpha02`. Use this if you want to migrate your enums granularly. ([#​2993](square/wire#2993)) - Don't throw if reading trailers fail ([#​3087](square/wire#3087)) ##### Swift - Avoid crash when parsing an empty repeated `[packed=true]` for fixed-length types. ([#​3044](square/wire#3044) by \[Sasha Weiss]\[sashaweiss-signal]) </details> <details> <summary>googleapis/google-auth-library-java (com.google.auth:google-auth-library-oauth2-http)</summary> ### [`v1.31.0`](https://github.com/googleapis/google-auth-library-java/blob/HEAD/CHANGELOG.md#1310-2025-01-22) ##### Features - ImpersonatedCredentials to support universe domain for idtoken and signblob ([#​1566](googleapis/google-auth-library-java#1566)) ([adc2ff3](googleapis/google-auth-library-java@adc2ff3)) - Support transport and binding-enforcement MDS parameters. ([#​1558](googleapis/google-auth-library-java#1558)) ([9828a8e](googleapis/google-auth-library-java@9828a8e)) ##### Documentation - Promote use of bill of materials in quickstart documentation ([#​1620](googleapis/google-auth-library-java#1620)) ([fc20d9c](googleapis/google-auth-library-java@fc20d9c)), closes [#​1552](googleapis/google-auth-library-java#1552) </details> <details> <summary>datadog/dd-trace-java (com.datadoghq:dd-trace-api)</summary> ### [`v1.45.2`](https://github.com/DataDog/dd-trace-java/releases/tag/v1.45.2): 1.45.2 ##### Components ##### Application Security Management (WAF) - 🐛 🍒 8258 - Prevents a NPE when there is no subscriber for user events ([#​8260](DataDog/dd-trace-java#8260) - [@​manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 6pm every weekday,before 2am every weekday" in timezone Australia/Melbourne, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). GitOrigin-RevId: 12db0f59db2e6ebf55203c87fccab042d495106a
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #1552