Skip to content

chore(deps): update dependency sbt/sbt to v1.11.7

This MR contains the following updates:

Package Update Change
sbt/sbt minor 1.5.8 -> 1.11.7
sbt/sbt minor 1.10.1 -> 1.11.7
sbt/sbt patch 1.11.6 -> 1.11.7

Release Notes

sbt/sbt (sbt/sbt)

v1.11.7: 1.11.7

Compare Source

🚀 updates
🐛 bug fixes
🎬 behind the scenes

Full Changelog: https://github.com/sbt/sbt/compare/v1.11.6...v1.11.7

v1.11.6: 1.11.6

Compare Source

🚀 sbt launcher 1.5.0

🐛 bug fixes

🎬 behind the scene

Full Changelog: https://github.com/sbt/sbt/compare/v1.11.5...v1.11.6

v1.11.5: 1.11.5

Compare Source

changes with compatibility implications

  • sbtn is built using ubuntu-22.04 image, which will require similar Linux version with glibc 2.32 and above.

🚀 features and other updates

  • Adds Scala 3.8.0 support. See below
  • Adds Scala Nightly repository resolver. See below
  • Adds --jvm-client to the sbt runner script to launch JVM client. See below
  • Central Repository publishing: Shows validation errors if present by @​unkarjedy in #​8191
  • Central Repository publishing: Includes the root subproject name into the deployment by @​jeanmarc in #​8219
  • Reduces sbtn outputs by @​eed3si9n in #​8234

Scala Nightly repository

Scala Team now publishes nightlies to a dedicated Artifactory instance. sbt 1.11.5 adds a new resolver for this:

resolvers += Resolver.scalaNightlyRepository

ThisBuild / scalaVersion := "3.8.0-RC1-bin-20250823-712d5bc-NIGHTLY"
Compile / scalacOptions += "-language:experimental.captureChecking"

This was contributed by @​hamzaremmal in sbt/librarymanagement#532

Scala 3.8.0 support

Scala 3.8.0 will in-source the Scala standard library (scala-library) instead of using one from Scala 2.13. sbt 1.11.5 relaxes the Coursier same-version enforcement to support Scala 3.8.0.

This was pair programmed by @​hamzaremmal + @​eed3si9n during Scala Days 2025 as #​8226

sbt --jvm-client

sbt 1.11.5 runner script adds new --jvm-client flag to launch the JVM version of the thin client. The implementation is the Scala code which sbtn is based on. This will be useful on platforms or CPU architectures that we do not build sbtn.

This was contributed by @​eed3si9n in #​8232

🎬 behind the scene

new contributors

Full Changelog: https://github.com/sbt/sbt/compare/v1.11.4...v1.11.5

v1.11.4: 1.11.4

Compare Source

Updates

Full Changelog: https://github.com/sbt/sbt/compare/v1.11.3...v1.11.4

v1.11.3: 1.11.3

Compare Source

updates

  • Adds sonaUploadRequestTimeout setting to configure the upload timeout when publishing to the Central Repo by @​guizmaii in #​8171
  • fix: Adds support for pluginCrossBuild/sbtBinaryVersion "1.3", which is used by IntelliJ Scala plugin (fixes #​8166) by @​unkarjedy in #​8167
  • fix: Fixes the import order to satisfy SemanticDB by @​inglor in #​8162

new contributors

Full Changelog: https://github.com/sbt/sbt/compare/v1.11.2...v1.11.3

v1.11.2: 1.11.2

Compare Source

updates

Full Changelog: https://github.com/sbt/sbt/compare/v1.11.1...v1.11.2

v1.11.1: 1.11.1

Compare Source

updates

behind the scene

Full Changelog: https://github.com/sbt/sbt/compare/v1.11.0...v1.11.1

v1.11.0: 1.11.0

Compare Source

Central Repository publishing

The Central Repository (aka Maven Central) has long been the pillar of the JVM ecosystem including Scala. The mechanism to publish libraries to the Central has been hosted by Sonatype as OSS Repository Hosting (OSSRH) via HTTP PUT, but in March it was announced that the endpoint will be sunset in June 2025 in favor of the Central Portal at https://central.sonatype.com/.

sbt 1.11.0 implements a built-in support to publish to Central Repository via the Central Portal. To publish to the Central Portal, first set ThisBuild / publishTo setting to the localStaging repository:

ThisBuild / publishTo := {
  val centralSnapshots = "https://central.sonatype.com/repository/maven-snapshots/"
  if (isSnapshot.value) Some("central-snapshots" at centralSnapshots)
  else localStaging.value
}

Add credentials to the host central.sonatype.com using the generated user token user name and password. sbt 1.11.0 will read from the environment variables SONATYPE_USERNAME and SONATYPE_PASSWORD and append a credential for central.sonatype.com out-of-box, which might be useful for automatic publishing from the CI environment, such as GitHub Actions.

- run: sbt ci-release
  env:
    PGP_PASSPHRASE: ${{ secrets.PGP_PASSPHRASE }}
    PGP_SECRET: ${{ secrets.PGP_SECRET }}
    SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }}
    SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }}

When you're ready to publish, call publishSigned task (available via sbt-pgp). At this point, the JARs and POM files will be staged to your local target/sona-staging directory.

Next, call sonaUpload to upload to the Central Portal and manually release the bundle, or call sonaRelease to upload and automatically release to the Central Repository.

This was contributed by @​eed3si9n in #​8126. The feature was inspired by sbt-sonatype workflow pioneered by Taro Saito, and sonatype-central-client spearheaded by David Doyle at Lumidion.

Other updates

Full Changelog: https://github.com/sbt/sbt/compare/v1.10.11...v1.11.0

v1.10.11: 1.10.11

Compare Source

updates

🐛 bug fixes

Full Changelog: https://github.com/sbt/sbt/compare/v1.10.10...v1.10.11

v1.10.10: 1.10.10

Compare Source

🐛 bug fixes

  • fix: Fixes compilation error causing the compilation to retry ten times by @​eed3si9n in #​8054

Full Changelog: https://github.com/sbt/sbt/compare/v1.10.9...v1.10.10

v1.10.9: 1.10.9

Compare Source

🚀 features and other updates

🐛 bug fixes

🎬 behind the scene

new contributors

Full Changelog: https://github.com/sbt/sbt/compare/v1.10.7...v1.10.9

v1.10.8: 1.10.8

Compare Source

sbt 1.10.8 is dead on arrival, please use 1.10.9 when it comes out.

v1.10.7: 1.10.7

Compare Source

🚀 features and other updates

Build directory detection

Starting 1.10.7, the sbt runner script enables build directory detection by default. This means that the sbt will exit with error when launched in a directory without build.sbt or project/, with exceptions of sbt new, sbt --script-version etc.

To override this behavior temporarily, you can use --allow-empty flag. To permanently opt out of the build directory detection, create $XDG_CONFIG_HOME/sbt/sbtopts with --allow-empty in it.

csrMavenDependencyOverride setting

sbt 1.10.7 updates Coursier from 2.1.19 → 2.1.22. sbt 1.10.7 also adds a new setting csrMavenDependencyOverride (default: false), which controls the resolution, which respects Maven dependency override mechanism, also known as bill-of-materials (BOM) POM. Since there is a performance regression in the new resolver, we are setting the default to false.

🐛 bug fixes

  • fix: Add csrMavenDependencyOverride to opt into bill-of-material (BOM) respecting Coursier resolution by @​eed3si9n in #​7970
  • fix: Update the template resolver to use Giter8 0.17.0, which fixes the SLF4J warning by @​eed3si9n in #​7947
  • fix: Update JLine 2 fork to 9a88bc4 and Jansi to 2.4.1, which fixes crash on Windows on ARM by @​Friendseeker in #​7952

🎬 behind the scene

Full Changelog: https://github.com/sbt/sbt/compare/v1.10.6...v1.10.7

v1.10.6: 1.10.6

Compare Source

change with compatibility implication

  • deps: lm-coursier 2.1.6, which updates Coursier 2.1.14 → 2.1.19 by @​eed3si9n in #​7920

    This release changes the way "BOMs" or "dependency management" are handled during resolution, and allows users to add BOMs to a resolution. This changes the way versions are picked when BOMs or dependency management are involved, which has an impact on the resolution of libraries from many JVM ecosystems, such as Apache Spark, Springboot, Quarkus, etc.

bug fixes and updates

behind the scene

new contributors

Full Changelog: https://github.com/sbt/sbt/compare/v1.10.5...v1.10.6

v1.10.5: 1.10.5

Compare Source

updates

behind the scene

Full Changelog: https://github.com/sbt/sbt/compare/v1.10.4...v1.10.5

v1.10.4: 1.10.4

Compare Source

updates and bug fixes

behind the scene

Full Changelog: https://github.com/sbt/sbt/compare/v1.10.3...v1.10.4

v1.10.3: 1.10.3

Compare Source

Protobuf with potential Denial of Service (CVE-2024-7254)

sbt 1.10.3 updates protobuf-java library to 3.25.5 to address CVE-2024-7254 / https://github.com/advisories/GHSA-735f-pc8j-v9w8, which states that while parsing unknown fields in the Protobuf Java library, a maliciously crafted message can cause a StackOverflow error. Given the nature of how Protobuf is used in Zinc as internal serialization, we think the impact of this issue is minimum. However, security software might still flag this to be an issue while using sbt or Zinc, so upgrade is advised. This issue was originally reported by @​gabrieljones and was fixed by Jerry Tan (@​Friendseeker) in zinc#1443.

@​adpi2 at Scala Center has also configured dependency graph submission to get security alerts in zinc#1448. sbt/sbt was configured by @​Friendseeker in #​7746.

Reverting the invalidation of circular-dependent sources

sbt 1.10.3 reverts the initial invalidation of circular-dependent Scala source pairs.

There had been a series of incremental compiler bugs such as "Invalid superClass" and "value b is not a member of A" that would go away after clean. The root cause of these bugs were identified by @​smarter (sbt/zinc#598 (comment)) and @​Friendseeker to be partial compilation of circular-dependent sources where two sources A.scala and B.scala use some constructs from each other.

sbt 1.10.0 fixed this issue via sbt/zinc#1284 by invalidating the circular-dependent pairs together. In other words, if A.scala was changed, it would immediately invalidate B.scala. It turns out, that people have been writing circular-dependent code, and this has resulted in multiple reports of Zinc's over-compilation (zinc#1420, zinc#1461). Given that the invalidation seems to affect the users more frequently than the original bug, we're going to revert the fix for now. We might bring this back with an opt-out flag later on. The revert was contributed by by Li Haoyi (@​lihaoyi) in sbt/zinc#1462.

Improvement: ParallelGzipOutputStream

sbt 1.10.0 via sbt/zinc#1326 added a new consistent (repeatable) formats for Analysis storage. As a minor optimization, the pull request also included an implementation of ParallelGzipOutputStream, which would reduce the generate file size by 20%, but with little time penalty. Unfortunately, however, we have observed in CI that that the scala.concurrent.Future-based implementation gets stuck in a deadlock. @​Ichoran and @​Friendseeker have contributed an alternative implementation that uses Java threads directly, which fixes the issue in sbt/zinc#1466.

bug fixes and updates

behind the scene

Full Changelog: https://github.com/sbt/sbt/compare/v1.10.2...v1.10.3

v1.10.2: 1.10.2

Compare Source

Changes with compatibility implications

Updates and bug fixes

Behind the scenes

New contributors

Full Changelog: https://github.com/sbt/sbt/compare/v1.10.0...v1.10.2

v1.10.1: 1.10.1

Compare Source

bug fixes and updates
behind the scenes

Full Changelog: https://github.com/sbt/sbt/compare/v1.10.0...v1.10.1

v1.10.0: 1.10.0

Compare Source

Changes with compatibility implications
  • For SIP-51 support, scalaVersion can no longer be a lower 2.13.x version number than its transitive depdencies. See below for details.
  • ConsistentAnalysisFormat is enabled by default. See below for details.
  • Updates lm-coursier-shaded to 2.1.4, which brings in Coursier 2.1.9 #​7513.
  • Updates Jsch to mwiede/jsch fork by @​azolotko in lm#436
  • Updates the Scala version used by sbt 1.x to 2.12.19 by @​SethTisue in #​7516.
SIP-51 Support for Scala 2.13 Evolution

Modern Scala 2.x has kept both forward and backward binary compatibility so a library compiled using Scala 2.13.12 can be used by an application compiled with Scala 2.13.11 etc, and vice versa. The forward compatibility restricts Scala 2.x from evolving during the patch releases, so in SIP-51 Lukas Rytz at Lightbend Scala Team proposed:

I propose to drop the forwards binary compatibility requirement that build tools enforce on the Scala 2.13 standard library. This will allow implementing performance optimizations of collection operations that are currently not possible. It also unblocks adding new classes and new members to existing classes in the standard library.

Lukas has also contributed changes to sbt 1.10.0 to enforce stricter scalaVersion. Starting sbt 1.10.0, when a Scala 2.13.x patch version newer than scalaVersion is found, it will fail the build as follows:

sbt:foo> run
[error] stack trace is suppressed; run last scalaInstance for the full output
[error] (scalaInstance) expected `foo/scalaVersion` to be "2.13.10" or later,
[error] but found "2.13.5"; upgrade scalaVerion to fix the build.
[error]
[error] to support backwards-only binary compatibility (SIP-51),
[error] the Scala 2.13 compiler cannot be older than scala-library on the
[error] dependency classpath.
[error] see `foo/evicted` to know why scala-library 2.13.10 is getting pulled in.

When you see the error message like above, you can fix this by updating the Scala version to the suggested version (e.g. 2.13.10):

ThisBuild / scalaVersion := "2.13.10"

Side note: Old timers might know that sbt 0.13.0 also introduced the idea of scala-library as a normal dependency. This created various confusions as developers expected scalaVersion, compiler version, and scala-library version as expected to align. With the hindsight, sbt 1.10.0 will continue to respect scalaVersion to be the source-of-truth, but will reject bad ones at build time.

This was contributed by Lukas Rytz in #​7480.

Zinc fixes
ConsistentAnalysisFormat: new Zinc Analysis serialization

sbt 1.10.0 adds a new Zinc serialization format that is faster and repeatable, unlike the current Protobuf-based serialization. Benchmark data based on scala-library + reflect + compiler:

Write time Read time File size
sbt Text 1002 ms 791 ms ~ 7102 kB
sbt Binary 654 ms 277 ms ~ 6182 kB
ConsistentBinary 157 ms 100 ms 3097 kB

Since Zinc Analysis is internal to sbt, sbt 1.10.0 will enable this format by default. The following setting can be used to opt-out:

Global / enableConsistentCompileAnalysis := false

This was contributed by Stefan Zeiger at Databricks in zinc#1326.

New CommandProgress API

sbt 1.10.0 adds a new CommandProgress API.

This was contributed by Iulian Dragos at Gradle Inc in #​7350.

Other updates

v1.9.9: 1.9.9

Compare Source

Bug fixes

Full Changelog: https://github.com/sbt/sbt/compare/v1.9.8...v1.9.9

v1.9.8: 1.9.8

Compare Source

updates

Full Changelog: https://github.com/sbt/sbt/compare/v1.9.7...v1.9.8

v1.9.7: 1.9.7

Compare Source

Highlights
  • sbt 1.9.7 updates its IO module to 1.9.7, which fixes parent path traversal vulnerability in IO.unzip. This was discovered and reported by Kenji Yoshida (@​xuwei-k), and fixed by @​eed3si9n in io#360.
Zip Slip (arbitrary file write) vulnerability

See https://github.com/sbt/sbt/security/advisories/GHSA-h9mw-grgx-2fhf for the most up to date information. This affects all sbt versions prior to 1.9.7.

Path traversal vulnerabilty was discovered in IO.unzip code. This is a very common vulnerability known as Zip Slip, and was found and fixed in plexus-archiver, Ant, etc.

Given a specially crafted zip or JAR file, IO.unzip allows writing of arbitrary file. The follow is an example of a malicious entry:

+2018-04-15 22:04:42 ..... 20 20 ../../../../../../root/.ssh/authorized_keys

When executed on some path with six levels, IO.unzip could then overwrite a file under /root/. sbt main uses IO.unzip only in pullRemoteCache and Resolvers.remote, however, many projects use IO.unzip(...) directly to implement custom tasks and tests.

Non-determinism from AutoPlugins loading

We've known that occasionally some builds non-deterministically flip-flops its behavior when a task or a setting is set by two independent AutoPlugins, i.e. two plugins that neither depends on the other.

sbt 1.9.7 attempts to fix non-determinism of plugin loading order. This was contributed by @​eed3si9n in #​7404.

Other updates and fixes

v1.9.6: 1.9.6

Compare Source

bug fix

Full Changelog: https://github.com/sbt/sbt/compare/v1.9.5...v1.9.6

v1.9.5: 1.9.5

Compare Source

Update: ⚠️ sbt 1.9.5 is broken, because it causes Scala compiler to generate wrong class names for anonymous class on lambda. While we investigate please refrain from publishing libraries with it. scala/bug#12868 (comment)

highlights
other updates
new contributors

Full Changelog: https://github.com/sbt/sbt/compare/v1.9.4...v1.9.5

v1.9.4: 1.9.4

Compare Source

CVE-2022-46751

CVE-2022-46751 is a security vulnerability discovered in Apache Ivy, but found also in Coursier.

With coordination with Apache Foundation, Adrien Piquerez (@​adpi2) from Scala Center backported the fix to both our Ivy 2.3 fork and Coursier. sbt 1.9.4 updates them to the fixed versions.

Other updates
new contributors

Full Changelog: https://github.com/sbt/sbt/compare/v1.9.3...v1.9.4

v1.9.3: 1.9.3

Compare Source

Actionable diagnostics (aka quickfix)

Actionable diagnostics, or quickfix, is an area in Scala tooling that's been getting attention since Chris Kipp presented it in the March 2023 Tooling Summit. Chris has written the roadmap and sent sbt/sbt#7242 that kickstarted the effort, but now there's been steady progress in Build Server Protocol, Dotty, Scala 2.13, IntelliJ, Zinc, etc. Metals 1.0.0, for example, is now capable of surfacing code actions as a quickfix.

sbt 1.9.3 adds a new interface called AnalysisCallback2 to relay code actions from the compiler(s) to Zinc's Analysis file. Future version of Scala 2.13.x (and hopefully Scala 3) will release with proper code actions, but as a demo I've implemented a code action for procedure syntax usages even on current Scala 2.13.11 with -deprecation flag.

This was contributed by Eugene Yokota (@​eed3si9n) in zinc#1226. Special thanks to @​lrytz for identifying this issue in zinc#1214.

other updates

Full Changelog: https://github.com/sbt/sbt/compare/v1.9.2...v1.9.3

v1.9.2: 1.9.2

Compare Source

Fix

Full Changelog: https://github.com/sbt/sbt/compare/v1.9.1...v1.9.2

v1.9.1: 1.9.1

Compare Source

Change to Scala CLA

sbt 1.9.1 is the first release of sbt after changing to Scala CLA in #​7306 etc. A number of contributors to sbt voiced concerns about donating our work to Lightbend after 2022, and Lightbend, Scala Center, and I agreed on changing the contributor license agreement such that the copyright would tranfer to Scala Center, a non-profit organization. sbt and its subcompoments, including Zinc, will remain available under Apache v2 license.

Updates
Behind the scene
new contributors

Full Changelog: https://github.com/sbt/sbt/compare/v1.9.0...v1.9.1

v1.9.0: 1.9.0

Compare Source

Changes with compatibility implications
  • Deprecates IntegrationTest configuration. See below.
  • Updates underlying Coursier to 2.1.2 by @​eed3si9n.
Deprecation of IntegrationTest configuration

sbt 1.9.0 deprecates IntegrationTest configuration. (RFC-3 proposes to deprecate general use of configuration axis beyond Compile and Test, and this is the first installment of the change.)

The recommended migration path is to create a subproject named "integration", or "foo-integration" etc.

lazy val integration = (project in file("integration"))
  .dependsOn(core) // your current subproject
  .settings(
    publish / skip := true,
    // test dependencies
    libraryDependencies += something % Test,
  )

From the shell you can run:

> integration/test

Assuming these are slow tests compared to the regular tests, I might not aggregate them at all from other subprojects, and maybe only run it on CI, but it's up to you.

Why deprecate IntegrationTest? IntegrationTest was a demoware for the idea of custom configuration axis, and now that we are planning to deprecate the mechanism to simplify sbt, we wanted to stop advertising it. We won't remove it during sbt 1.x series, but deprecation signals the non-recommendation status.

This was contributed by @​eed3si9n and @​mdedetrich in lm#414/#​7261.

POM consistency of sbt plugin publishing

sbt 1.9.0 publishes sbt plugin to Maven repository in a POM-consistent way. sbt has been publishing POM file of sbt plugins as sbt-something-1.2.3.pom even though the artifact URL is suffixed as sbt-something_2.12_1.0. This allowed "sbt-something" to be registered by Maven Central, allowing search. However, as more plugins moved to Maven Central, it was considered that keeping POM consisntency rule was more important, especially for corporate repositories to proxy them.

sbt 1.9.0 will publish using both the conventional POM-inconsistent style and POM-consistent style so prior sbt releases can still consume the plugin. However, this can be opted-out using sbtPluginPublishLegacyMavenStyle setting.

This fix was contributed by Adrien Piquerez (@​adpi2) at Scala Center in coursier#2633, sbt#7096 etc. Special thanks to William Narmontas (@​ScalaWilliam) and Wudong Liu (@​wudong) whose experimental plugin sbt-vspp paved the way for this feature.

sbt new, a text-based adventure

sbt 1.9.0 adds text-based menu when sbt new or sbt init is called without arguments:

$ sbt -Dsbt.version=1.9.0-RC2 init
....

Welcome to sbt new!
Here are some templates to get started:
 a) scala/toolkit.local               - Scala Toolkit (beta) by Scala Center and VirtusLab
 b) typelevel/toolkit.local           - Toolkit to start building Typelevel apps
 c) sbt/cross-platform.local          - A cross-JVM/JS/Native project
 d) scala/scala-seed.g8               - Scala 2 seed template
 e) playframework/play-scala-seed.g8  - A Play project in Scala
 f) playframework/play-java-seed.g8   - A Play project in Java
 g) scala-js/vite.g8                  - A Scala.JS + Vite project
 i) holdenk/sparkProjectTemplate.g8   - A Scala Spark project
 m) spotify/scio.g8                   - A Scio project
 n) disneystreaming/smithy4s.g8       - A Smithy4s project
 q) quit
Select a template (default: a):

Unlike Giter8, .local template creates build.sbt etc in the current directory, and reboots into an sbt session.

This was contributed by Eugene Yokota (@​eed3si9n) in #​7228.

Actionable diagnostics steps

sbt 1.9.0 adds actions to Problem, allowing the compiler to suggest code edits as part of the compiler warnings and errors in a structual manner.

See Roadmap for actionable diagnostics for more details. The changes were contributed by @​ckipp01 in #​7242 and @​eed3si9n in bsp#527/#​7251/zinc#1186 etc.

releaseNotesURL setting

sbt 1.9.0 adds releaseNotesURL setting, which creates info.releaseNotesUrl property in the POM file. This will then be used by Scala Steward. See Add release notes URLs to your POMs for details.

This was contributed by Arman Bilge in lm#410.

Other updates
Behind the scene

v1.8.3: 1.8.3

Compare Source

Security fix
IO.withTemporaryFile fix

sbt 1.8.3 fixes sbt.io.IO.withTemporaryFile etc not limiting access on Unix-like systems. Prior to this patch release, some functions were using java.io.File.createTempFile, which does not set strict file permissions, as opposed to the NIO-equivalent that does.

This means that on a shared Unix-like systems, build user or plugin's use of sbt.io.IO.withTemporaryFile etc would have exposed the information to other users.

This issue was reported by Oleksandr Zolotko at IBM, and was fixed by Eugene Yokota (@​eed3si9n) in io#344/zinc#1185.

Other updates

sbt 1.8.3 backports Zinc and IO fixes from 1.9.0-RC2 as well.

v1.8.2: 1.8.2

Compare Source

updates

v1.8.1: 1.8.1

Compare Source

Bug fixes
Updates
New Contributors

Full Changelog: https://github.com/sbt/sbt/compare/v1.8.0...v1.8.1

v1.8.0: 1.8.0

Compare Source

Security fixes
  • Updates to Coursier 2.1.0-RC1 to address CVE-2022-37866
  • Updates to Ivy 2.3.0-sbt-a8f9eb5bf09d0539ea3658a2c2d4e09755b5133e to address CVE-2022-37866
Changes with compatibility implications
  • Updates to Scala 2.12.17 + Scala compiler 2.12.17, which upgrades to scala-xml 2.x #​7021
Bug fixes
Other updates
  • Adds long classpath support on JDK 9+ via argument file (opt out using -Dsbt.argsfile=false or SBT_ARGSFILE environment variable) #​7010 by @​easel
  • Adds out-of-box ZIO Test support #​7053 by @​987Nabil
  • Adds support for newly introduced buildTarget/outputPaths method of Build Server Protocol. #​6985 by @​povder
New Contributors

Full Changelog: https://github.com/sbt/sbt/compare/v1.7.1...v1.8.0

v1.7.3: 1.7.3

Compare Source

updates
new contributors

Full Changelog: https://github.com/sbt/sbt/compare/v1.7.2...v1.7.3

v1.7.2: 1.7.2

Compare Source

See https://github.com/sbt/sbt/releases/tag/v1.7.0 for the details on sbt 1.7.x.

v1.7.1: 1.7.1

Compare Source

See https://github.com/sbt/sbt/releases/tag/v1.7.0 for the details on sbt 1.7.x.

Bug fix

Full Changelog: https://github.com/sbt/sbt/compare/v1.7.0...v1.7.1

v1.7.0: 1.7.0

Compare Source

Changes with compatibility implications
++ command updates

Prior to sbt 1.7 ++ <sv> <command1> filtered subprojects using crossScalaVersions having the same ABI suffix as <sv>. This behavior was generally not well understood, and also created incorrect result for Scala 3.x since ++ 3.0.1 test could downgrade subproject that may require 3.1 or above.

sbt 1.7.0 fixes this by requiring ++ <sv> <command1> so <sv> part can be given as a semantic version selector expression, such as 3.1.x or 2.13.x. Note that the expression may match at most one Scala version to switch into. In sbt 1.7.0, a concrete version such as ++ 3.0.1 equires exact version to be present in crossScalaVersion.

This contribution was a collaborated effort among Arnout Engelen #​6894, Rui Gonçalves lm#400, and Eugene Yokota.

Scala 3 compiler error improvements

In zinc#1082, Toshiyuki Takahashi contributed a fix to ignore Problem#rendered passed from the compiler when sbt uses position mapper to transform the position. This is aimed at fixing the error reporting for Play on Scala 3.

In #​6874, Chris Kipp extended xsbti.Problem to track richer information available in Scala 3. This is aimed at enhancing the compilation errors reported to BSP client such as Metals.

BSP updates
Other updates

v1.6.2: 1.6.2

Compare Source

License

sbt 1.6.2 adds License object that defines predefined license values:

licenses := List(License.Apache2)

Predefined values are License.Apache2, License.MIT, License.CC0, and License.GPL3_or_later. lm#395 by @​eed3si9n

v1.6.1: 1.6.1

Compare Source

  • sbt 1.6.1 updates log4j 2 to 2.17.1, which fixes a remote code execution vulnerability when attacker controls configuration (CVE-2021-44832) #​6765 by @​eed3si9n

v1.6.0: 1.6.0

Compare Source

Changes with compatibility implications
BSP improvements
Zinc improvements
Remote caching improvements

sbt 1.6.0 improves remote caching of resources directory by virtualizing the internal sync state (copy-resources.txt). This allows incremental resource directory synching to be resumed from the remote cache, similar to how Zinc has been able to resume incremental compilation from the remote cache. This was contributed by Amina Adewusi (@​Nirvikalpa108) as #​6611.

Dependency tree improvements
Other updates

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻️ Rebasing: Whenever MR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about these updates again.


  • If you want to rebase/retry this MR, check this box

This MR has been generated by Renovate Bot.

Edited by Renovate Bot

Merge request reports

Loading