-
-
Notifications
You must be signed in to change notification settings - Fork 3.5k
Update ktlint to 1.x #10894
Copy link
Copy link
Closed
Labels
code qualityImprovements to the codebase to improve the code qualityImprovements to the codebase to improve the code qualitydependencyIssues and PRs related to dependenciesIssues and PRs related to dependenciesdiscussionThis needs to be discussed before anything is doneThis needs to be discussed before anything is done
Description
Metadata
Metadata
Assignees
Labels
code qualityImprovements to the codebase to improve the code qualityImprovements to the codebase to improve the code qualitydependencyIssues and PRs related to dependenciesIssues and PRs related to dependenciesdiscussionThis needs to be discussed before anything is doneThis needs to be discussed before anything is done
Type
Projects
Status
Done
Problem
ktlint is currently failing our vulnerability / snyk pipelines. One of its dependencies is vulnerable (CVE-2023-6378). This has no implications on NewPipe itself, because ktlint is used to format code while developing.
Upgrading ktlint is easy and requires following changes:
build.gradle:ktlint 'com.pinterest:ktlint:0.45.2'->ktlint 'com.pinterest.ktlint:ktlint-cli:1.x.x'org.schabi.newpipe.info_list->org.schabi.newpipe.infoListThe problem is that all Kotlin files are going to be reformatted which causes merge conflicts with all PRs touching Kotlin code
Proposed solution
Wait with upgrade until most PRs are merged, update it before starting the rewrite