You can clone with
HTTPS or Subversion.
I just see yesod-core depending on this, but in the latest version released on hackage (0.7.0.2), the .cabal file specifies the cookie dependency as >= 0.0 && < 0.1, sticking with cookie version 0.0.0 and ruling out the two releases since then.
Just checking that this is correct - the recent cookie versions are to be used in a yet-to-be-released yesod-core version?
Yes, that's correct. Originally, 0.1 was going to be used with Yesod 0.8, but I made some breaking API changes since and it will now work with cookie 0.2.
By the way, I try to keep track of this stuff with packdeps in general: http://packdeps.haskellers.com/feed?needle=yesod-core
Is packdeps kept up-to-date? http://packdeps.haskellers.com/feed?needle=yesod lists only yesod-auth as being ahead of yesod 0.8.1, while I know at least yesod-static is ahead of that yesod version, too.
Yes it is. I only released yesod-static about an hour ago, so packdeps hasn't had a chance to update yet (it does so every 6 hours or so).