- 
                Notifications
    You must be signed in to change notification settings 
- Fork 0
Update dependency sbt/sbt to v1.11.7 #21
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
          
     Open
      
        
      
            renovate
  wants to merge
  1
  commit into
  main
  
    
      
        
          
  
    
      Choose a base branch
      
     
    
      
        
      
      
        
          
          
        
        
          
            
              
              
              
  
           
        
        
          
            
              
              
           
        
       
     
  
        
          
            
          
            
          
        
       
    
      
from
renovate/sbt-sbt-1.x
  
      
      
   
  
    
  
  
  
 
  
      
    base: main
Could not load branches
            
              
  
    Branch not found: {{ refName }}
  
            
                
      Loading
              
            Could not load tags
            
            
              Nothing to show
            
              
  
            
                
      Loading
              
            Are you sure you want to change the base?
            Some commits from the old base branch may be removed from the timeline,
            and old review comments may become outdated.
          
          
                
     Open
            
            
          Conversation
  
    
      This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
      Learn more about bidirectional Unicode characters
    
  
  
    
    1a94133    to
    6a86a54      
    Compare
  
    6a86a54    to
    bc2cb57      
    Compare
  
    bc2cb57    to
    3729b5b      
    Compare
  
    3729b5b    to
    acbdd56      
    Compare
  
    acbdd56    to
    781197c      
    Compare
  
    781197c    to
    59dbb27      
    Compare
  
    59dbb27    to
    b3b8671      
    Compare
  
    b3b8671    to
    0fb4c4b      
    Compare
  
    0fb4c4b    to
    354d34e      
    Compare
  
    354d34e    to
    55a3f22      
    Compare
  
    55a3f22    to
    bbe9a18      
    Compare
  
    68c97b3    to
    2dd965a      
    Compare
  
    2dd965a    to
    307a154      
    Compare
  
    307a154    to
    2e66b3b      
    Compare
  
    2e66b3b    to
    0608e47      
    Compare
  
    0608e47    to
    4fdbdd7      
    Compare
  
    4fdbdd7    to
    5d8c4cd      
    Compare
  
    
  
    Sign up for free
    to join this conversation on GitHub.
    Already have an account?
    Sign in to comment
  
      Labels
    None yet
0 participants
  Add this suggestion to a batch that can be applied as a single commit.
  This suggestion is invalid because no changes were made to the code.
  Suggestions cannot be applied while the pull request is closed.
  Suggestions cannot be applied while viewing a subset of changes.
  Only one suggestion per line can be applied in a batch.
  Add this suggestion to a batch that can be applied as a single commit.
  Applying suggestions on deleted lines is not supported.
  You must change the existing code in this line in order to create a valid suggestion.
  Outdated suggestions cannot be applied.
  This suggestion has been applied or marked resolved.
  Suggestions cannot be applied from pending reviews.
  Suggestions cannot be applied on multi-line comments.
  Suggestions cannot be applied while the pull request is queued to merge.
  Suggestion cannot be applied right now. Please check back later.
  
    
  
    
This PR contains the following updates:
1.9.9->1.11.7Release Notes
sbt/sbt (sbt/sbt)
v1.11.7: 1.11.7Compare Source
🚀 updates
--sun-misc-unsafe-memory-access=allowand--enable-native-access=ALL-UNNAMEDflags to suppress JDK 25 warnings by @eed3si9n in #8304runMaintask for JEP-512/JEP-445 Main by @xuwei-k in #8316UpdateReportby configurations by @mdedetrich in sbt/librarymanagement#547🐛 bug fixes
🎬 behind the scenes
fallback-dependencies-inter-projecttest by @xuwei-k in #8319run/daemon-exittest by @xuwei-k in #8320Full Changelog: sbt/sbt@v1.11.6...v1.11.7
v1.11.6: 1.11.6Compare Source
🚀 sbt launcher 1.5.0
-Xsource:3option by @xuwei-k in sbt/launcher#117🐛 bug fixes
🎬 behind the scene
Full Changelog: sbt/sbt@v1.11.5...v1.11.6
v1.11.5: 1.11.5Compare Source
changes with compatibility implications
ubuntu-22.04image, which will require similar Linux version with glibc 2.32 and above.🚀 features and other updates
--jvm-clientto thesbtrunner script to launch JVM client. See belowScala Nightly repository
Scala Team now publishes nightlies to a dedicated Artifactory instance. sbt 1.11.5 adds a new resolver for this:
This was contributed by @hamzaremmal in sbt/librarymanagement#532
Scala 3.8.0 support
Scala 3.8.0 will in-source the Scala standard library (
scala-library) instead of using one from Scala 2.13. sbt 1.11.5 relaxes the Coursier same-version enforcement to support Scala 3.8.0.This was pair programmed by @hamzaremmal + @eed3si9n during Scala Days 2025 as #8226
sbt --jvm-clientsbt 1.11.5 runner script adds new
--jvm-clientflag to launch the JVM version of the thin client. The implementation is the Scala code which sbtn is based on. This will be useful on platforms or CPU architectures that we do not build sbtn.This was contributed by @eed3si9n in #8232
🎬 behind the scene
new contributors
Full Changelog: sbt/sbt@v1.11.4...v1.11.5
v1.11.4: 1.11.4Compare Source
Updates
sonaUploadRequestTimeoutby scoping globally by @eed3si9n in #8190Full Changelog: sbt/sbt@v1.11.3...v1.11.4
v1.11.3: 1.11.3Compare Source
updates
sonaUploadRequestTimeoutsetting to configure the upload timeout when publishing to the Central Repo by @guizmaii in #8171pluginCrossBuild/sbtBinaryVersion"1.3", which is used by IntelliJ Scala plugin (fixes #8166) by @unkarjedy in #8167new contributors
Full Changelog: sbt/sbt@v1.11.2...v1.11.3
v1.11.2: 1.11.2Compare Source
updates
updatetask by reverting the use ofWeakReferences by @mrdziuban in coursier/sbt-coursier#564Resolver.sonatypeCentralSnapshots,Resolver.sonatypeCentralRepo(...)and deprecatesResolver.sonatypeOssRepos(...),Opts.resolver.sonatypeOssReleases,Opts.resolver.sonatypeOssSnapshots, etc by @eed3si9n in sbt/librarymanagement#517 / #8156Full Changelog: sbt/sbt@v1.11.1...v1.11.2
v1.11.1: 1.11.1Compare Source
updates
updatetask by @mrdziuban in coursier/sbt-coursier#563sbtPluginPublishLegacyMavenStyleto false by @eed3si9n in #8148sonaDeploymentNametoexcludeLintKeysby @rtyley in #8143behind the scene
Full Changelog: sbt/sbt@v1.11.0...v1.11.1
v1.11.0: 1.11.0Compare Source
Central Repository publishing
The Central Repository (aka Maven Central) has long been the pillar of the JVM ecosystem including Scala. The mechanism to publish libraries to the Central has been hosted by Sonatype as OSS Repository Hosting (OSSRH) via HTTP PUT, but in March it was announced that the endpoint will be sunset in June 2025 in favor of the Central Portal at https://central.sonatype.com/.
sbt 1.11.0 implements a built-in support to publish to Central Repository via the Central Portal. To publish to the Central Portal, first set
ThisBuild / publishTosetting to thelocalStagingrepository:Add
credentialsto the hostcentral.sonatype.comusing the generated user token user name and password. sbt 1.11.0 will read from the environment variablesSONATYPE_USERNAMEandSONATYPE_PASSWORDand append a credential forcentral.sonatype.comout-of-box, which might be useful for automatic publishing from the CI environment, such as GitHub Actions.When you're ready to publish, call
publishSignedtask (available via sbt-pgp). At this point, the JARs and POM files will be staged to your localtarget/sona-stagingdirectory.Next, call
sonaUploadto upload to the Central Portal and manually release the bundle, or callsonaReleaseto upload and automatically release to the Central Repository.This was contributed by @eed3si9n in #8126. The feature was inspired by sbt-sonatype workflow pioneered by Taro Saito, and sonatype-central-client spearheaded by David Doyle at Lumidion.
Other updates
testQuick) with companion objects by @eed3si9n in #8087Full Changelog: sbt/sbt@v1.10.11...v1.11.0
v1.10.11: 1.10.11Compare Source
updates
🐛 bug fixes
compiletask retrying itself on compiler crashes by @eed3si9n in #8070sbt --client shutdownshortcuts if the server is not already running by @eed3si9n in #8057sbt --clienton Windows by @eed3si9n in #8071sbt --versionby @eed3si9n in #8066Full Changelog: sbt/sbt@v1.10.10...v1.10.11
v1.10.10: 1.10.10Compare Source
🐛 bug fixes
Full Changelog: sbt/sbt@v1.10.9...v1.10.10
v1.10.9: 1.10.9Compare Source
🚀 features and other updates
allowUnsafeScalaLibUpgradesetting to opt-out of the Scala 2.13 compatibility check (SIP-51) by @lrytz in #8012jvmBuildTargetforworkspace/buildTargetsby @Friendseeker in #7913🐛 bug fixes
Compile / clean,Test / cleanby @Friendseeker in #7969previousCompileby @Friendseeker in #7983sbt initby @eed3si9n in #8049🎬 behind the scene
new contributors
Full Changelog: sbt/sbt@v1.10.7...v1.10.9
v1.10.8: 1.10.8Compare Source
sbt 1.10.8 is dead on arrival, please use 1.10.9 when it comes out.
v1.10.7: 1.10.7Compare Source
🚀 features and other updates
--allow-emptyby @eed3si9n in #7966Build directory detection
Starting 1.10.7, the
sbtrunner script enables build directory detection by default. This means that thesbtwill exit with error when launched in a directory withoutbuild.sbtorproject/, with exceptions ofsbt new,sbt --script-versionetc.To override this behavior temporarily, you can use
--allow-emptyflag. To permanently opt out of the build directory detection, create$XDG_CONFIG_HOME/sbt/sbtoptswith--allow-emptyin it.csrMavenDependencyOverride setting
sbt 1.10.7 updates Coursier from 2.1.19 → 2.1.22. sbt 1.10.7 also adds a new setting
csrMavenDependencyOverride(default:false), which controls the resolution, which respects Maven dependency override mechanism, also known as bill-of-materials (BOM) POM. Since there is a performance regression in the new resolver, we are setting the default tofalse.🐛 bug fixes
csrMavenDependencyOverrideto opt into bill-of-material (BOM) respecting Coursier resolution by @eed3si9n in #79709a88bc4and Jansi to 2.4.1, which fixes crash on Windows on ARM by @Friendseeker in #7952🎬 behind the scene
1.10.7by @Friendseeker in #7957Full Changelog: sbt/sbt@v1.10.6...v1.10.7
v1.10.6: 1.10.6Compare Source
change with compatibility implication
bug fixes and updates
runtask due to bgRun delegation by @Friendseeker in #7916sbt --clientsupport on openSUSE by @Androz2091 in #7895dependencyTreeconsole output by @Friendseeker in #7906java.awt.Desktop.browse()duringdependencyBrowseTreeby @Friendseeker in #7905useConsistenttostaticCachedStoreby @Friendseeker in #7869ConsistentAnalysisFormatby @Friendseeker in sbt/zinc#1479cleanclearspreviousCompileby @Friendseeker in sbt/zinc#1487 / #7922behind the scene
org.fusesource.jansiby @Friendseeker in #78761.10.6by @Friendseeker in #78718by @Friendseeker in #7897sbt.TagsTestby @Friendseeker in #7919loading settings for projectby @Friendseeker in #7909dependencyBrowseGraphTarget,dependencyBrowseTreeTargetby @Friendseeker in #7904new contributors
Full Changelog: sbt/sbt@v1.10.5...v1.10.6
v1.10.5: 1.10.5Compare Source
updates
1when on error by @Friendseeker in #7854++with a command argument with slash by @eed3si9n in #7862behind the scene
System.console == nullby @Friendseeker in #78431.10.5by @Friendseeker in #7840Full Changelog: sbt/sbt@v1.10.4...v1.10.5
v1.10.4: 1.10.4Compare Source
updates and bug fixes
sbt newfails to find template by @Friendseeker in #7835~withGlobal / onChangedBuildSource := ReloadOnSourceChangesby @Friendseeker in #7838behind the scene
DEVELOPING.mdby @Friendseeker in #7784TEST_SBT_VERto 1.10.3 & remove unused CI variables by @Friendseeker in #7825.java-versionto not fix java version to 1.8 by @Friendseeker in #78273.27.1by @Friendseeker in #7829Full Changelog: sbt/sbt@v1.10.3...v1.10.4
v1.10.3: 1.10.3Compare Source
Protobuf with potential Denial of Service (CVE-2024-7254)
sbt 1.10.3 updates protobuf-java library to 3.25.5 to address CVE-2024-7254 / GHSA-735f-pc8j-v9w8, which states that while parsing unknown fields in the Protobuf Java library, a maliciously crafted message can cause a StackOverflow error. Given the nature of how Protobuf is used in Zinc as internal serialization, we think the impact of this issue is minimum. However, security software might still flag this to be an issue while using sbt or Zinc, so upgrade is advised. This issue was originally reported by @gabrieljones and was fixed by Jerry Tan (@Friendseeker) in zinc#1443.
@adpi2 at Scala Center has also configured dependency graph submission to get security alerts in zinc#1448. sbt/sbt was configured by @Friendseeker in #7746.
Reverting the invalidation of circular-dependent sources
sbt 1.10.3 reverts the initial invalidation of circular-dependent Scala source pairs.
There had been a series of incremental compiler bugs such as "Invalid superClass" and "value b is not a member of A" that would go away after
clean. The root cause of these bugs were identified by @smarter (sbt/zinc#598 (comment)) and @Friendseeker to be partial compilation of circular-dependent sources where two sourcesA.scalaandB.scalause some constructs from each other.sbt 1.10.0 fixed this issue via sbt/zinc#1284 by invalidating the circular-dependent pairs together. In other words, if
A.scalawas changed, it would immediately invalidateB.scala. It turns out, that people have been writing circular-dependent code, and this has resulted in multiple reports of Zinc's over-compilation (zinc#1420, zinc#1461). Given that the invalidation seems to affect the users more frequently than the original bug, we're going to revert the fix for now. We might bring this back with an opt-out flag later on. The revert was contributed by by Li Haoyi (@lihaoyi) in sbt/zinc#1462.Improvement: ParallelGzipOutputStream
sbt 1.10.0 via sbt/zinc#1326 added a new consistent (repeatable) formats for Analysis storage. As a minor optimization, the pull request also included an implementation of
ParallelGzipOutputStream, which would reduce the generate file size by 20%, but with little time penalty. Unfortunately, however, we have observed in CI that that thescala.concurrent.Future-based implementation gets stuck in a deadlock. @Ichoran and @Friendseeker have contributed an alternative implementation that uses Java threads directly, which fixes the issue in sbt/zinc#1466.bug fixes and updates
sbt inittemplate deps by @xuwei-k in #7730behind the scene
System.runFinalizationby @Friendseeker in #7732Thread.getIdby @Friendseeker in #7733vscode-sbt-scalafrom build.sbt by @Friendseeker in #7728Full Changelog: sbt/sbt@v1.10.2...v1.10.3
v1.10.2: 1.10.2Compare Source
Changes with compatibility implications
_sbt2_3suffix for sbt 2.x by @eed3si9n in #7671Updates and bug fixes
serverIdleTimeOuttoserverIdleTimeoutto match the variable name by @lervag in #7651scala.reflect.io.Streamableby @rochala in sbt/zinc#1395Optionalinter-project dependency in BSP by @adpi2 in #7568build.propertiesby @invadergir in #7585scala-tools-releasesinrepositoriesfile blocking sbt from launching by @eed3si9n in sbt/launcher#104ThreadDeathfor future JDK compatibility by @xuwei-k in #7652ZipErrorfor future JDK compatibility by @eed3si9n in sbt/zinc#1393Behind the scenes
dependency-management/force-update-periodtest (backport of #7538) by @adpi2 in #7567New contributors
Full Changelog: sbt/sbt@v1.10.0...v1.10.2
v1.10.1: 1.10.1Compare Source
bug fixes and updates
expandMavenSettingsby @desbo in sbt/librarymanagement#444MapandLListin sjson-new 0.10.1 by @steinybot + @eed3si9n in eed3si9n/sjson-new#142forceUpdatePeriodby @adpi2 in #7567Optionalinter-project dependencies by @adpi2 in #7568jcenterandscala-tools-releasesentries in the~/.sbt/repositoriesfile by @eed3si9n in sbt/launcher#104behind the scenes
Full Changelog: sbt/sbt@v1.10.0...v1.10.1
v1.10.0: 1.10.0Compare Source
Changes with compatibility implications
scalaVersioncan no longer be a lower 2.13.x version number than its transitive depdencies. See below for details.SIP-51 Support for Scala 2.13 Evolution
Modern Scala 2.x has kept both forward and backward binary compatibility so a library compiled using Scala 2.13.12 can be used by an application compiled with Scala 2.13.11 etc, and vice versa. The forward compatibility restricts Scala 2.x from evolving during the patch releases, so in SIP-51 Lukas Rytz at Lightbend Scala Team proposed:
Lukas has also contributed changes to sbt 1.10.0 to enforce stricter
scalaVersion. Starting sbt 1.10.0, when a Scala 2.13.x patch version newer thanscalaVersionis found, it will fail the build as follows:When you see the error message like above, you can fix this by updating the Scala version to the suggested version (e.g. 2.13.10):
Side note: Old timers might know that sbt 0.13.0 also introduced the idea of scala-library as a normal dependency. This created various confusions as developers expected
scalaVersion, compiler version, and scala-library version as expected to align. With the hindsight, sbt 1.10.0 will continue to respectscalaVersionto be the source-of-truth, but will reject bad ones at build time.This was contributed by Lukas Rytz in #7480.
Zinc fixes
IncOptions.useOptimizedSealednot working for Scala 2.13 by @Friendseeker in zinc#1278ClassTaginstead ofManifestby @xuwei-k in zinc#1265extraHashto propagateTraitPrivateMembersModifiedacross external dependency by @Friendseeker in zinc#1289extraHashcomputation by @Friendseeker in zinc#1290@inlinemethods in Scala 2.x by @Friendseeker in zinc#1310-Xshow-phaseshandling by @Friendseeker in zinc#1314ConsistentAnalysisFormat: new Zinc Analysis serialization
sbt 1.10.0 adds a new Zinc serialization format that is faster and repeatable, unlike the current Protobuf-based serialization. Benchmark data based on scala-library + reflect + compiler:
Since Zinc Analysis is internal to sbt, sbt 1.10.0 will enable this format by default. The following setting can be used to opt-out:
This was contributed by Stefan Zeiger at Databricks in zinc#1326.
New CommandProgress API
sbt 1.10.0 adds a new CommandProgress API.
This was contributed by Iulian Dragos at Gradle Inc in #7350.
Other updates
java.net.URLconstructor by @xuwei-k in #7398updateSbtClassifierstask by @azdrojowa123 in #7437packageSrcto includemanagedSourcesby @Friendseeker in #7470publishersetting by @Tammo0987 in #7475buildTarget/javacOptionsby @adpi2 in #7352noOpfield in the compile report by @adpi2 in #7496Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.