dependencies.md

Dependencies

These are the dependencies used by Tidecoin. You can find installation instructions in the /doc/build-*.md file for your platform, or self-compile them using depends.

Compiler

Tidecoin requires one of the following compilers.

Dependency	Minimum required
Clang	16.0
GCC	11.1

Required

Build

Dependency	Releases	Minimum required
Boost	link	1.74.0
CMake	link	3.22
libevent	link	2.1.8

Runtime

Dependency	Releases	Minimum required
glibc	link	2.31

Optional

Build

Dependency	Releases	Minimum required
Cap'n Proto	link	0.7.1
Python (scripts, tests)	link	3.10
Qt (gui)	link	6.2
qrencode (gui)	link	N/A
SQLite (wallet)	link	3.7.17
systemtap (tracing)	link	N/A
ZeroMQ (notifications)	link	4.0.0

Runtime

Dependency	Releases	Minimum required
Fontconfig (gui)	link	2.6
FreeType (gui)	link	2.3.0

Dependency Review Policy

Pinned versions are intentionally conservative for reproducible builds, but they must be reviewed on a fixed cadence and with security-first escalation.

Cadence

• Perform a dependency review at least once per quarter.
• Perform a full dependency review before each Tidecoin release branch cut.
• Track each review in an issue or PR that records what was checked and why versions were or were not updated.

Security escalation

• High or critical security advisories affecting runtime or build-time dependencies must trigger an out-of-band review within 7 days.
• If remediation is available and compatible, prioritize version bumps or patches ahead of non-security feature work.
• If immediate upgrade is not possible, document compensating controls and target timeline in the tracking issue/PR.

Scope

• Dependencies tracked in depends/packages/*.mk.
• Toolchain baselines listed in this document.
• CI/lint tool versions that can affect correctness or supply-chain risk.