chore(deps): update dependency sbt/sbt to v1.11.7
This MR contains the following updates:
Package | Update | Change |
---|---|---|
sbt/sbt | minor |
1.5.8 -> 1.11.7
|
sbt/sbt | minor |
1.10.1 -> 1.11.7
|
sbt/sbt | patch |
1.11.6 -> 1.11.7
|
Release Notes
sbt/sbt (sbt/sbt)
v1.11.7
: 1.11.7
🚀 updates
- Adds
--sun-misc-unsafe-memory-access=allow
and--enable-native-access=ALL-UNNAMED
flags to suppress JDK 25 warnings by @eed3si9n in #8304 - Backports JDK 25 JEP-512/JEP-445 Main run by @eed3si9n in #8303
- fix: Fixes
runMain
task for JEP-512/JEP-445 Main by @xuwei-k in #8316 - Adds ability to filter
UpdateReport
by configurations by @mdedetrich in sbt/librarymanagement#547
🐛 bug fixes
- fix: Fixes sbt 0.13 launching by @eed3si9n in sbt/launcher#136
🎬 behind the scenes
- ci: Bump actions/setup-python from 5 to 6 by @dependabot[bot] in #8273
- deps: Updates sbt-giter8-resolver version by @xuwei-k in #8309
- test: Fixes
fallback-dependencies-inter-project
test by @xuwei-k in #8319 - test: Fixes
run/daemon-exit
test by @xuwei-k in #8320 - test: Update test dependencies by @xuwei-k in #8317
Full Changelog: https://github.com/sbt/sbt/compare/v1.11.6...v1.11.7
v1.11.6
: 1.11.6
🚀 sbt launcher 1.5.0
- Update launcher code base to to Scala 3.7.2 by @eed3si9n in sbt/launcher#126
- refactor: Adds
-Xsource:3
option by @xuwei-k in sbt/launcher#117 - deps: Removes Apache Ivy dependency from launcher by @eed3si9n in sbt/launcher#127
🐛 bug fixes
- fix: Fixes internal dependency classpath #8249 by @azdrojowa123 in #8257
- fix: Fixes client-side run on JDK 8 by @eed3si9n in #8259
🎬 behind the scene
- ci: FIxes building sbtn locally for Aarch64 / arm64 by @eed3si9n in #8258
- ci: Bump actions/checkout from 4 to 5 by @dependabot[bot] in #8246
Full Changelog: https://github.com/sbt/sbt/compare/v1.11.5...v1.11.6
v1.11.5
: 1.11.5
changes with compatibility implications
- sbtn is built using
ubuntu-22.04
image, which will require similar Linux version with glibc 2.32 and above.
🚀 features and other updates
- Adds Scala 3.8.0 support. See below
- Adds Scala Nightly repository resolver. See below
- Adds
--jvm-client
to thesbt
runner script to launch JVM client. See below - Central Repository publishing: Shows validation errors if present by @unkarjedy in #8191
- Central Repository publishing: Includes the root subproject name into the deployment by @jeanmarc in #8219
- Reduces sbtn outputs by @eed3si9n in #8234
Scala Nightly repository
Scala Team now publishes nightlies to a dedicated Artifactory instance. sbt 1.11.5 adds a new resolver for this:
resolvers += Resolver.scalaNightlyRepository
ThisBuild / scalaVersion := "3.8.0-RC1-bin-20250823-712d5bc-NIGHTLY"
Compile / scalacOptions += "-language:experimental.captureChecking"
This was contributed by @hamzaremmal in sbt/librarymanagement#532
Scala 3.8.0 support
Scala 3.8.0 will in-source the Scala standard library (scala-library
) instead of using one from Scala 2.13. sbt 1.11.5 relaxes the Coursier same-version enforcement to support Scala 3.8.0.
This was pair programmed by @hamzaremmal + @eed3si9n during Scala Days 2025 as #8226
sbt --jvm-client
sbt 1.11.5 runner script adds new --jvm-client
flag to launch the JVM version of the thin client. The implementation is the Scala code which sbtn is based on. This will be useful on platforms or CPU architectures that we do not build sbtn.
This was contributed by @eed3si9n in #8232
🎬 behind the scene
- ci: Uses sbt 1.11.4 by @eed3si9n in #8192
- ci: Adds clean.yml by @eed3si9n in #8227
- ci: Bump actions/setup-java from 4 to 5 by @dependabot[bot] in #8229
- ci: Split server-test by @eed3si9n in #8233
- deps: Bump to lm 1.11.5 by @eed3si9n in #8231
new contributors
- @jeanmarc made their first contribution in #8219
- @hamzaremmal made their first contribution in #8226
Full Changelog: https://github.com/sbt/sbt/compare/v1.11.4...v1.11.5
v1.11.4
: 1.11.4
Updates
- fix: Fixes sbt plugin cross building by @eed3si9n in sbt/librarymanagement#528
- fix: Fixes
sonaUploadRequestTimeout
by scoping globally by @eed3si9n in #8190
Full Changelog: https://github.com/sbt/sbt/compare/v1.11.3...v1.11.4
v1.11.3
: 1.11.3
updates
- Adds
sonaUploadRequestTimeout
setting to configure the upload timeout when publishing to the Central Repo by @guizmaii in #8171 - fix: Adds support for
pluginCrossBuild/sbtBinaryVersion
"1.3", which is used by IntelliJ Scala plugin (fixes #8166) by @unkarjedy in #8167 - fix: Fixes the import order to satisfy SemanticDB by @inglor in #8162
new contributors
- @inglor made their first contribution in #8162
- @guizmaii made their first contribution in #8171
Full Changelog: https://github.com/sbt/sbt/compare/v1.11.2...v1.11.3
v1.11.2
: 1.11.2
updates
- fix: Fixes intermittent NullPointerError in
update
task by reverting the use ofWeakReference
s by @mrdziuban in coursier/sbt-coursier#564 - Adds
Resolver.sonatypeCentralSnapshots
,Resolver.sonatypeCentralRepo(...)
and deprecatesResolver.sonatypeOssRepos(...)
,Opts.resolver.sonatypeOssReleases
,Opts.resolver.sonatypeOssSnapshots
, etc by @eed3si9n in sbt/librarymanagement#517 / #8156
Full Changelog: https://github.com/sbt/sbt/compare/v1.11.1...v1.11.2
v1.11.1
: 1.11.1
updates
- fix: Fixes memory leak in
update
task by @mrdziuban in coursier/sbt-coursier#563 - fix: Default
sbtPluginPublishLegacyMavenStyle
to false by @eed3si9n in #8148 - fix: Adds
sonaDeploymentName
toexcludeLintKeys
by @rtyley in #8143
behind the scene
- ci: Use Central Portal for publishing by @eed3si9n in #8147
Full Changelog: https://github.com/sbt/sbt/compare/v1.11.0...v1.11.1
v1.11.0
: 1.11.0
Central Repository publishing
The Central Repository (aka Maven Central) has long been the pillar of the JVM ecosystem including Scala. The mechanism to publish libraries to the Central has been hosted by Sonatype as OSS Repository Hosting (OSSRH) via HTTP PUT, but in March it was announced that the endpoint will be sunset in June 2025 in favor of the Central Portal at https://central.sonatype.com/.
sbt 1.11.0 implements a built-in support to publish to Central Repository via the Central Portal. To publish to the Central Portal, first set ThisBuild / publishTo
setting to the localStaging
repository:
ThisBuild / publishTo := {
val centralSnapshots = "https://central.sonatype.com/repository/maven-snapshots/"
if (isSnapshot.value) Some("central-snapshots" at centralSnapshots)
else localStaging.value
}
Add credentials
to the host central.sonatype.com
using the generated user token user name and password. sbt 1.11.0 will read from the environment variables SONATYPE_USERNAME
and SONATYPE_PASSWORD
and append a credential for central.sonatype.com
out-of-box, which might be useful for automatic publishing from the CI environment, such as GitHub Actions.
- run: sbt ci-release
env:
PGP_PASSPHRASE: ${{ secrets.PGP_PASSPHRASE }}
PGP_SECRET: ${{ secrets.PGP_SECRET }}
SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }}
SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }}
When you're ready to publish, call publishSigned
task (available via sbt-pgp). At this point, the JARs and POM files will be staged to your local target/sona-staging
directory.
Next, call sonaUpload
to upload to the Central Portal and manually release the bundle, or call sonaRelease
to upload and automatically release to the Central Repository.
This was contributed by @eed3si9n in #8126. The feature was inspired by sbt-sonatype workflow pioneered by Taro Saito, and sonatype-central-client spearheaded by David Doyle at Lumidion.
Other updates
- fix: Avoid printing "copying runtime jar" etc to stdout by @eed3si9n in #8081
- fix: Fix incremental test (
testQuick
) with companion objects by @eed3si9n in #8087
Full Changelog: https://github.com/sbt/sbt/compare/v1.10.11...v1.11.0
v1.10.11
: 1.10.11
updates
- Updates Coursier from 2.1.22 → 2.1.23 by @eed3si9n in #8069
🐛 bug fixes
- fix: Fixes
compile
task retrying itself on compiler crashes by @eed3si9n in #8070 - fix:
sbt --client shutdown
shortcuts if the server is not already running by @eed3si9n in #8057 - fix: Fixes
sbt --client
on Windows by @eed3si9n in #8071 - fix: Avoids creating target on
sbt --version
by @eed3si9n in #8066 - fix: Fixes slash syntax keys in Scala 2.13 evolution message by @eed3si9n in #8067
Full Changelog: https://github.com/sbt/sbt/compare/v1.10.10...v1.10.11
v1.10.10
: 1.10.10
🐛 bug fixes
- fix: Fixes compilation error causing the compilation to retry ten times by @eed3si9n in #8054
Full Changelog: https://github.com/sbt/sbt/compare/v1.10.9...v1.10.10
v1.10.9
: 1.10.9
🚀 features and other updates
- Adds
allowUnsafeScalaLibUpgrade
setting to opt-out of the Scala 2.13 compatibility check (SIP-51) by @lrytz in #8012 - BSP: Implement
jvmBuildTarget
forworkspace/buildTargets
by @Friendseeker in #7913 - Detects user-specific JDK installations on macOS by @unkarjedy in #8032
- Makes timing outputs consistently show hours and hint at time format by @jsoref in #8019
- Backports SHA-256, SHA-384, and SHA-512 checksum support to forked Apache Ivy by @mkurz in sbt/ivy#49
- Client-side run capability in sbtn by @eed3si9n in #8040
🐛 bug fixes
- fix: Fixes local source dependency invalidation by @rochala in sbt/zinc#1528
- fix: Clear Zinc Analysis Cache during
Compile / clean
,Test / clean
by @Friendseeker in #7969 - fix: Fixes spurious upstream compilation when calling
previousCompile
by @Friendseeker in #7983 - fix: Fixes race condition in NetworkChannel by @dwickern in #8005
- fix: Fixes Chrome tracing file by @eed3si9n in #8020
- fix: Fixes incorrect sbt architecture logging in the runner script by @mehdignu in #8038
- fix: Fixes stdout freshness issue by @eed3si9n in #8048
- fix:
sbt init
by @eed3si9n in #8049
🎬 behind the scene
- refactor: Refactor response handler by @eed3si9n in #8035
new contributors
- @mehdignu made their first contribution in #8038
Full Changelog: https://github.com/sbt/sbt/compare/v1.10.7...v1.10.9
v1.10.8
: 1.10.8
sbt 1.10.8 is dead on arrival, please use 1.10.9 when it comes out.
v1.10.7
: 1.10.7
🚀 features and other updates
- Enable runner script's build detection by default to require
--allow-empty
by @eed3si9n in #7966 - Support glob expressions in scripted to aid sbt 2.0.0-M3 cross building by @eed3si9n in #7933 / #7968
- perf: Precompile a regex in hot code by @retronym in sbt/zinc#1508
Build directory detection
Starting 1.10.7, the sbt
runner script enables build directory detection by default. This means that the sbt
will exit with error when launched in a directory without build.sbt
or project/
, with exceptions of sbt new
, sbt --script-version
etc.
To override this behavior temporarily, you can use --allow-empty
flag. To permanently opt out of the build directory detection, create $XDG_CONFIG_HOME/sbt/sbtopts
with --allow-empty
in it.
csrMavenDependencyOverride setting
sbt 1.10.7 updates Coursier from 2.1.19 → 2.1.22. sbt 1.10.7 also adds a new setting csrMavenDependencyOverride
(default: false
), which controls the resolution, which respects Maven dependency override mechanism, also known as bill-of-materials (BOM) POM. Since there is a performance regression in the new resolver, we are setting the default to false
.
🐛 bug fixes
- fix: Add
csrMavenDependencyOverride
to opt into bill-of-material (BOM) respecting Coursier resolution by @eed3si9n in #7970 - fix: Update the template resolver to use Giter8 0.17.0, which fixes the SLF4J warning by @eed3si9n in #7947
- fix: Update JLine 2 fork to
9a88bc4
and Jansi to 2.4.1, which fixes crash on Windows on ARM by @Friendseeker in #7952
🎬 behind the scene
- ci: New Scala CLA URL by @eed3si9n in #7929
- ci: Use new Scala CLA GitHub Action by @Friendseeker in #7953
- ci: Prepare for sbt
1.10.7
by @Friendseeker in #7957 - ci: Restore disabled Multirepo integration test by @Friendseeker in #7962
Full Changelog: https://github.com/sbt/sbt/compare/v1.10.6...v1.10.7
v1.10.6
: 1.10.6
change with compatibility implication
- deps: lm-coursier 2.1.6, which updates Coursier 2.1.14 → 2.1.19 by @eed3si9n in #7920
This release changes the way "BOMs" or "dependency management" are handled during resolution, and allows users to add BOMs to a resolution. This changes the way versions are picked when BOMs or dependency management are involved, which has an impact on the resolution of libraries from many JVM ecosystems, such as Apache Spark, Springboot, Quarkus, etc.
bug fixes and updates
- fix: Fixes Ctrl-C not stopping
run
task due to bgRun delegation by @Friendseeker in #7916 - fix: Fixes
sbt --client
support on openSUSE by @Androz2091 in #7895 - fix: Synchronizes
dependencyTree
console output by @Friendseeker in #7906 - fix: Synchronizes
java.awt.Desktop.browse()
duringdependencyBrowseTree
by @Friendseeker in #7905 - perf: Better memory efficiency for Zinc Analysis by @dwijnand in sbt/zinc#1494
- fix: Passes
useConsistent
tostaticCachedStore
by @Friendseeker in #7869 - Make reproducibility toggleable for
ConsistentAnalysisFormat
by @Friendseeker in sbt/zinc#1479 -
clean
clearspreviousCompile
by @Friendseeker in sbt/zinc#1487 / #7922
behind the scene
- deps: Updates to Zinc 1.10.5 by @eed3si9n in #7922
- deps: Updates to IO 1.10.2 by @eed3si9n in #7921
- deps: Removes direct dependency on
org.fusesource.jansi
by @Friendseeker in #7876 - ci: Prepare for sbt
1.10.6
by @Friendseeker in #7871 - Add double quote around thread name during trace by @Friendseeker in #7886
- ci: Bump minimum Java version in launcher script to
8
by @Friendseeker in #7897 - test: Fix Flaky Test:
sbt.TagsTest
by @Friendseeker in #7919 - refactor: Improve message format for
loading settings for project
by @Friendseeker in #7909 - refactor: Respects
dependencyBrowseGraphTarget
,dependencyBrowseTreeTarget
by @Friendseeker in #7904
new contributors
- @Androz2091 made their first contribution in #7895
Full Changelog: https://github.com/sbt/sbt/compare/v1.10.5...v1.10.6
v1.10.5
: 1.10.5
updates
- deps: Updates to Coursier 2.1.14 via lm-coursier 2.1.5 by @eed3si9n in #7859
- fix: Reverts sbtn to build with glibc by @Friendseeker and @eed3si9n
- fix: Fixes sbtn to return exit code
1
when on error by @Friendseeker in #7854 - fix: Fixes
++
with a command argument with slash by @eed3si9n in #7862 - fix: Replaces Narrow No-Break Space (NNBS) in date strings with a whitespace to prevent mojibakeh by @Friendseeker in #7846
behind the scene
- refactor: Migrate all usages of
System.console == null
by @Friendseeker in #7843 - ci: Prepare for sbt
1.10.5
by @Friendseeker in #7840
Full Changelog: https://github.com/sbt/sbt/compare/v1.10.4...v1.10.5
v1.10.4
: 1.10.4
updates and bug fixes
- fix: Fixes Jansi deprecation notice by switching to jline-terminal-jni by @Friendseeker in #7811
- fix: Fixes GLIBC_2.32 issue on sbtn by statically linking musl by @Friendseeker in #7823
- fix: Throw exception when
sbt new
fails to find template by @Friendseeker in #7835 - fix: Fixes
~
withGlobal / onChangedBuildSource := ReloadOnSourceChanges
by @Friendseeker in #7838 - fix: Fixes "Unrecognized option: --server" error on BSP server by @eed3si9n in #7824
- fix: Fixes pipelined build while changing version frequently by @Friendseeker in #7830
- fix: Change the default analysis format to older binary, and make Consistent Analysis opt-in by @Friendseeker in #7807
behind the scene
- ci: Bump supported JDK version to 21 in
DEVELOPING.md
by @Friendseeker in #7784 - ci: Bump sbt to 1.10.3 by @Friendseeker in #7802
- ci: Bump
TEST_SBT_VER
to 1.10.3 & remove unused CI variables by @Friendseeker in #7825 - ci: Delete
.java-version
to not fix java version to 1.8 by @Friendseeker in #7827 - deps: Bump Scala 2.13 to 2.13.15 by @Friendseeker in #7798
- deps: Bump JLine to
3.27.1
by @Friendseeker in #7829 - deps: Zinc 1.10.4 by @eed3si9n in #7839
- refactor: Remove two unused methods that depends on Analysis Timestamp by @Friendseeker in #7787
- refactor: Deprecate useJCenter key by @Philippus in #7822
Full Changelog: https://github.com/sbt/sbt/compare/v1.10.3...v1.10.4
v1.10.3
: 1.10.3
Protobuf with potential Denial of Service (CVE-2024-7254)
sbt 1.10.3 updates protobuf-java library to 3.25.5 to address CVE-2024-7254 / https://github.com/advisories/GHSA-735f-pc8j-v9w8, which states that while parsing unknown fields in the Protobuf Java library, a maliciously crafted message can cause a StackOverflow error. Given the nature of how Protobuf is used in Zinc as internal serialization, we think the impact of this issue is minimum. However, security software might still flag this to be an issue while using sbt or Zinc, so upgrade is advised. This issue was originally reported by @gabrieljones and was fixed by Jerry Tan (@Friendseeker) in zinc#1443.
@adpi2 at Scala Center has also configured dependency graph submission to get security alerts in zinc#1448. sbt/sbt was configured by @Friendseeker in #7746.
Reverting the invalidation of circular-dependent sources
sbt 1.10.3 reverts the initial invalidation of circular-dependent Scala source pairs.
There had been a series of incremental compiler bugs such as "Invalid superClass" and "value b is not a member of A" that would go away after clean
. The root cause of these bugs were identified by @smarter (sbt/zinc#598 (comment)) and @Friendseeker to be partial compilation of circular-dependent sources where two sources A.scala
and B.scala
use some constructs from each other.
sbt 1.10.0 fixed this issue via sbt/zinc#1284 by invalidating the circular-dependent pairs together. In other words, if A.scala
was changed, it would immediately invalidate B.scala
. It turns out, that people have been writing circular-dependent code, and this has resulted in multiple reports of Zinc's over-compilation (zinc#1420, zinc#1461). Given that the invalidation seems to affect the users more frequently than the original bug, we're going to revert the fix for now. We might bring this back with an opt-out flag later on. The revert was contributed by by Li Haoyi (@lihaoyi) in sbt/zinc#1462.
Improvement: ParallelGzipOutputStream
sbt 1.10.0 via sbt/zinc#1326 added a new consistent (repeatable) formats for Analysis storage. As a minor optimization, the pull request also included an implementation of ParallelGzipOutputStream
, which would reduce the generate file size by 20%, but with little time penalty. Unfortunately, however, we have observed in CI that that the scala.concurrent.Future
-based implementation gets stuck in a deadlock. @Ichoran and @Friendseeker have contributed an alternative implementation that uses Java threads directly, which fixes the issue in sbt/zinc#1466.
bug fixes and updates
- deps: Updates metabuild Scala version to 2.12.20 by @SethTisue in #7636
- fix: Fixes "illegal reflective access operation" error on JDK 11 by updating JLine to 3.27.0 by @Friendseeker in #7695
- fix: Fixes transitive invalidation interfering with cycle stopping condition by @Friendseeker in zinc#1397
- fix: Fixes dependency resolution of sbt plugins by excluding custom extra attributes from POM dependencies by @adpi2 in lm#451
- fix: Fixes directory permission issue under a multi-user environment by @eed3si9n in ipcsocket#43
- deps: Updates
sbt init
template deps by @xuwei-k in #7730 - Updates sbt runner to default to sbtn for sbt 2.x by @eed3si9n in #7775
behind the scene
- ci: Bump CI to JDK 21 by @Friendseeker in #7760
- refactor: Remove deprecated
System.runFinalization
by @Friendseeker in #7732 - refactor: Remove deprecated
Thread.getId
by @Friendseeker in #7733 - refactor: Regenerate Contraband files by @Friendseeker in #7764
- deps: Bump IO, ipc-socket, and launcher by @eed3si9n in #7776
- deps: Zinc 1.10.3 by @eed3si9n in #7781
- deps: lm 1.10.2 by @eed3si9n in #7782
- ci: Set a default timeout for ci by @nathanlao in #7766
- ci: Removes
vscode-sbt-scala
from build.sbt by @Friendseeker in #7728 - ci: Adds dependabot setting for develop branch by @xuwei-k in #7701
Full Changelog: https://github.com/sbt/sbt/compare/v1.10.2...v1.10.3
v1.10.2
: 1.10.2
Changes with compatibility implications
- Uses
_sbt2_3
suffix for sbt 2.x by @eed3si9n in #7671
Updates and bug fixes
- Fixes the attribute key name from
serverIdleTimeOut
toserverIdleTimeout
to match the variable name by @lervag in #7651 - Fixes incremental Scala-Java mixed compilation that produces JAR directly by @adpi2 in sbt/zinc#1377
- Fixes over-compilation when using a class directory as a library by @adpi2 in sbt/zinc#1382
- Perf: Copy bytes directly instead of using
scala.reflect.io.Streamable
by @rochala in sbt/zinc#1395 - Includes all sources and resources in source jar by @jroper in #7630
- Fixes the handling of
Optional
inter-project dependency in BSP by @adpi2 in #7568 - Trims spaces around k and v to tolerate extra whitespace in
build.properties
by @invadergir in #7585 - Fixes legacy repositories like
scala-tools-releases
inrepositories
file blocking sbt from launching by @eed3si9n in sbt/launcher#104 - Fixes stale BSP diagnostics by @SlowBrainDude in #7610
- Fixes scripted support for sbt 2.x by @eed3si9n in #7672
- Avoids using
ThreadDeath
for future JDK compatibility by @xuwei-k in #7652 - Avoids using
ZipError
for future JDK compatibility by @eed3si9n in sbt/zinc#1393
Behind the scenes
- Update to Zinc 1.10.2 by @eed3si9n in #7674
- Update to lm 1.10.1 by @eed3si9n in #7597
- Update to Launcher 1.4.3 by @eed3si9n in #7598
- Update to the common Scala 2.12 version for the sbtn subproject by @SlowBrainDude in #7605
- Note in dev docs on supported build time JDK version dependency by @SlowBrainDude in #7606
- CI: Zinc default branch is 1.10.x by @adpi2 in #7654
- Upgrade sbt plugins to avoid deprecated repo.scala-sbt.org by @mkurz in #7555
- Update Scala 3 doc test by @eed3si9n in #7619
- Bump scalacenter/sbt-dependency-submission from 2 to 3 by @dependabot in #7565
- Fixes
dependency-management/force-update-period
test (backport of #7538) by @adpi2 in #7567 - Fixes BuildServerTest by @adpi2 in #7638
New contributors
- @invadergir made their first contribution in #7585
- @rochala made their first contribution in sbt/zinc#1395
- @SlowBrainDude made their first contribution in #7606
- @lervag made their first contribution in #7651
Full Changelog: https://github.com/sbt/sbt/compare/v1.10.0...v1.10.2
v1.10.1
: 1.10.1
bug fixes and updates
- Fixes column/position information missing from the javac error messages in IntelliJ by @vasilmkd in sbt/zinc#1373
- Fixes backslash handling in
expandMavenSettings
by @desbo in sbt/librarymanagement#444 - Fixes JSON serialization of
Map
andLList
in sjson-new 0.10.1 by @steinybot + @eed3si9n in eed3si9n/sjson-new#142 - Fixes the hash code for empty files in the classpath cache by @szeiger in sbt/zinc#1366
- Fixes
forceUpdatePeriod
by @adpi2 in #7567 - Fixes BSP handling of
Optional
inter-project dependencies by @adpi2 in #7568 - Ignores
jcenter
andscala-tools-releases
entries in the~/.sbt/repositories
file by @eed3si9n in sbt/launcher#104
behind the scenes
- Updates sbt plugins to avoid deprecated repo.scala-sbt.org by @mkurz in #7555
- Updates scalacenter/sbt-dependency-submission from 2 to 3 by @dependabot in #7565
Full Changelog: https://github.com/sbt/sbt/compare/v1.10.0...v1.10.1
v1.10.0
: 1.10.0
Changes with compatibility implications
- For SIP-51 support,
scalaVersion
can no longer be a lower 2.13.x version number than its transitive depdencies. See below for details. - ConsistentAnalysisFormat is enabled by default. See below for details.
- Updates lm-coursier-shaded to 2.1.4, which brings in Coursier 2.1.9 #7513.
- Updates Jsch to mwiede/jsch fork by @azolotko in lm#436
- Updates the Scala version used by sbt 1.x to 2.12.19 by @SethTisue in #7516.
SIP-51 Support for Scala 2.13 Evolution
Modern Scala 2.x has kept both forward and backward binary compatibility so a library compiled using Scala 2.13.12 can be used by an application compiled with Scala 2.13.11 etc, and vice versa. The forward compatibility restricts Scala 2.x from evolving during the patch releases, so in SIP-51 Lukas Rytz at Lightbend Scala Team proposed:
I propose to drop the forwards binary compatibility requirement that build tools enforce on the Scala 2.13 standard library. This will allow implementing performance optimizations of collection operations that are currently not possible. It also unblocks adding new classes and new members to existing classes in the standard library.
Lukas has also contributed changes to sbt 1.10.0 to enforce stricter scalaVersion
. Starting sbt 1.10.0, when a Scala 2.13.x patch version newer than scalaVersion
is found, it will fail the build as follows:
sbt:foo> run
[error] stack trace is suppressed; run last scalaInstance for the full output
[error] (scalaInstance) expected `foo/scalaVersion` to be "2.13.10" or later,
[error] but found "2.13.5"; upgrade scalaVerion to fix the build.
[error]
[error] to support backwards-only binary compatibility (SIP-51),
[error] the Scala 2.13 compiler cannot be older than scala-library on the
[error] dependency classpath.
[error] see `foo/evicted` to know why scala-library 2.13.10 is getting pulled in.
When you see the error message like above, you can fix this by updating the Scala version to the suggested version (e.g. 2.13.10):
ThisBuild / scalaVersion := "2.13.10"
Side note: Old timers might know that sbt 0.13.0 also introduced the idea of scala-library as a normal dependency. This created various confusions as developers expected scalaVersion
, compiler version, and scala-library version as expected to align. With the hindsight, sbt 1.10.0 will continue to respect scalaVersion
to be the source-of-truth, but will reject bad ones at build time.
This was contributed by Lukas Rytz in #7480.
Zinc fixes
- Fixes macro undercompilation by invalidating macro call sites when a type parameter changes by @Friendseeker in zinc#1316
- Fixes macro undercompilation by invalidating macro source when its dependency changes by @dwijnand in zinc#1282
- Fixes SAM type undercompilation by @Friendseeker in zinc#1288
- Fixes infinite incremental loop when Scala and Java are involved by @Friendseeker in zinc#1312
- Fixes overcompilation on default parameter changes by @Friendseeker in zinc#1324
- Fixes
IncOptions.useOptimizedSealed
not working for Scala 2.13 by @Friendseeker in zinc#1278 - Includes extra invalidations in initial validation to fix initial compilation error by @Friendseeker in zinc#1284
- Refixes compact names without breaking local names by @dwijnand in zinc#1259
- Undoes Protobuf workaround for build to work on Apple Silicon by @Friendseeker in zinc#1277
- Uses
ClassTag
instead ofManifest
by @xuwei-k in zinc#1265 - Encodes parent trait private members in
extraHash
to propagateTraitPrivateMembersModified
across external dependency by @Friendseeker in zinc#1289 - Includes internal dependency in
extraHash
computation by @Friendseeker in zinc#1290 - Deletes products of previous analysis when dropping previous analysis by @Friendseeker in zinc#1293
- Uses the most up-to-date analysis for binary to source class name lookup by @Friendseeker in zinc#1287
- Fixes inconsistent Analysis by removing source stamp caching by @Friendseeker in zinc#1319
- Invalidate sources that depends on
@inline
methods in Scala 2.x by @Friendseeker in zinc#1310 - Fixes
-Xshow-phases
handling by @Friendseeker in zinc#1314
ConsistentAnalysisFormat: new Zinc Analysis serialization
sbt 1.10.0 adds a new Zinc serialization format that is faster and repeatable, unlike the current Protobuf-based serialization. Benchmark data based on scala-library + reflect + compiler:
Write time | Read time | File size | |
---|---|---|---|
sbt Text | 1002 ms | 791 ms | ~ 7102 kB |
sbt Binary | 654 ms | 277 ms | ~ 6182 kB |
ConsistentBinary | 157 ms | 100 ms | 3097 kB |
Since Zinc Analysis is internal to sbt, sbt 1.10.0 will enable this format by default. The following setting can be used to opt-out:
Global / enableConsistentCompileAnalysis := false
This was contributed by Stefan Zeiger at Databricks in zinc#1326.
New CommandProgress API
sbt 1.10.0 adds a new CommandProgress API.
This was contributed by Iulian Dragos at Gradle Inc in #7350.
Other updates
- Updates to JLine 3.24.1 and JAnsi 2.4.1 by @hvesalai/@mazugrin in #7419/#7545
- Supports cross-build for external project ref by @RustedBones in #7389
- Avoids deprecated
java.net.URL
constructor by @xuwei-k in #7398 - Fixes bug of unmanagedResourceDirectories by @minkyu97 in #7178
- Fixes
updateSbtClassifiers
task by @azdrojowa123 in #7437 - Fixes
packageSrc
to includemanagedSources
by @Friendseeker in #7470 - Fixes publishing to use the publisher specified using the
publisher
setting by @Tammo0987 in #7475 - Fixes eviction warning message by avoid repeating versions by @rtyley in lm#433
- BSP: Implements
buildTarget/javacOptions
by @adpi2 in #7352 - BSP: Adds
noOp
field in the compile report by @adpi2 in #7496
v1.9.9
: 1.9.9
Bug fixes
- To fix
console
task on Scala 2.13.13, sbt 1.9.9 backports updates to JLine 3.24.1 and JAnsi 2.4.0 by @hvesalai in #7503 / #7502 - To fix sbt 1.9.8's
UnsatisfiedLinkError
withstat
, sbt 1.9.9 removes native code that was used to get the millisecond-precision timestamp that was broken (JDK-8177809) on JDK 8 prior to OpenJDK 8u302 by @eed3si9n in sbt/io#367
Full Changelog: https://github.com/sbt/sbt/compare/v1.9.8...v1.9.9
v1.9.8
: 1.9.8
updates
- Fixes
IO.getModifiedOrZero
on Alpine etc, by using clibstat()
instead of non-standard__xstat64
abi by @bratkartoffel in sbt/io#362 - As a temporary fix for JLine issue, this disables vi-style effects inside emacs by @hvesalai in #7420
- Backports fix for
updateSbtClassifiers
not downloading sources #7437 by @azdrojowa123 - Backports missing logger methods that take Java Supplier #7447 by @mkurz
Full Changelog: https://github.com/sbt/sbt/compare/v1.9.7...v1.9.8
v1.9.7
: 1.9.7
Highlights
- sbt 1.9.7 updates its IO module to 1.9.7, which fixes parent path traversal vulnerability in
IO.unzip
. This was discovered and reported by Kenji Yoshida (@xuwei-k), and fixed by @eed3si9n in io#360.
Zip Slip (arbitrary file write) vulnerability
See https://github.com/sbt/sbt/security/advisories/GHSA-h9mw-grgx-2fhf for the most up to date information. This affects all sbt versions prior to 1.9.7.
Path traversal vulnerabilty was discovered in IO.unzip
code. This is a very common vulnerability known as Zip Slip, and was found and fixed in plexus-archiver, Ant, etc.
Given a specially crafted zip or JAR file, IO.unzip
allows writing of arbitrary file. The follow is an example of a malicious entry:
+2018-04-15 22:04:42 ..... 20 20 ../../../../../../root/.ssh/authorized_keys
When executed on some path with six levels, IO.unzip
could then overwrite a file under /root/
. sbt main uses IO.unzip
only in pullRemoteCache
and Resolvers.remote
, however, many projects use IO.unzip(...)
directly to implement custom tasks and tests.
Non-determinism from AutoPlugins loading
We've known that occasionally some builds non-deterministically flip-flops its behavior when a task or a setting is set by two independent AutoPlugins, i.e. two plugins that neither depends on the other.
sbt 1.9.7 attempts to fix non-determinism of plugin loading order. This was contributed by @eed3si9n in #7404.
Other updates and fixes
- Updates Coursier to 2.1.7 by @regiskuckaertz in #7392
- Updates Swoval to 2.1.12 by @eatkins in io#353.
- Fixes
.sbtopts
support forsbt
runner script on Windows by @ptrdom in #7393 - Adds documentation on
scriptedSbt
key by @mdedetrich in #7383 - Includes the URL in
dependencyBrowseTree
log by @mkurz in #7396
v1.9.6
: 1.9.6
bug fix
- sbt 1.9.6 reverts "internal representation of class symbol names" change (sbt/zinc#1244), which caused Scala compiler to generate wrong anonymous class name by @eed3si9n in sbt/zinc#1256. See scala/bug#12868 for more details.
Full Changelog: https://github.com/sbt/sbt/compare/v1.9.5...v1.9.6
v1.9.5
: 1.9.5
Update:
highlights
- Switches to pre-compiled compiler bridge for Scala 2.13.12+ #7374 by @eed3si9n
- Fixes NPE when just
-X
is passed toscalacOptions
zinc#1246 by @unkarjedy
other updates
- Fixes internal representation of class symbol names zinc#1244 by @dwijnand
- Fixes
NumberFormatException
inCrossVersionUtil.binaryScalaVersion
lm#426 by @HelloKunal - Fixes
scripted
client/server instability on Windows #7087 by @mdedetrich - Fixes
sbt
launcher script bug on Windows #7365 by @JD557 - Fixes
help
command on oldshell #7358 by @azdrojowa123 - Adds
allModuleReports
toUpdateReport
lm#428 by @mdedetrich - Handles javac warning messages zinc#1228 by @Arthurm1
- Enables inliner for Scala 2.13 compiler bridge zinc#1247 by @mdedetrich
new contributors
- @azdrojowa123 made their first contribution in #7358
- @JD557 made their first contribution in #7367
Full Changelog: https://github.com/sbt/sbt/compare/v1.9.4...v1.9.5
v1.9.4
: 1.9.4
CVE-2022-46751
CVE-2022-46751 is a security vulnerability discovered in Apache Ivy, but found also in Coursier.
With coordination with Apache Foundation, Adrien Piquerez (@adpi2) from Scala Center backported the fix to both our Ivy 2.3 fork and Coursier. sbt 1.9.4 updates them to the fixed versions.
Other updates
- Fixes
sbt_script
lookup by replacing all spaces with%20
(not only the first one) in the path. by @arturaz in #7349 - Fixes scala-debug-adapter#543: Maintain order of internal deps by @adpi2 in #7347
- Removes
conscriptConfigs
task, not used and needed(?) anymore by @mkurz in #7353 - Adds a Scala 3 seed to the
sbt new
menu by @SethTisue in #7354
new contributors
Full Changelog: https://github.com/sbt/sbt/compare/v1.9.3...v1.9.4
v1.9.3
: 1.9.3
Actionable diagnostics (aka quickfix)
Actionable diagnostics, or quickfix, is an area in Scala tooling that's been getting attention since Chris Kipp presented it in the March 2023 Tooling Summit. Chris has written the roadmap and sent sbt/sbt#7242 that kickstarted the effort, but now there's been steady progress in Build Server Protocol, Dotty, Scala 2.13, IntelliJ, Zinc, etc. Metals 1.0.0, for example, is now capable of surfacing code actions as a quickfix.
sbt 1.9.3 adds a new interface called AnalysisCallback2
to relay code actions from the compiler(s) to Zinc's Analysis file. Future version of Scala 2.13.x (and hopefully Scala 3) will release with proper code actions, but as a demo I've implemented a code action for procedure syntax usages even on current Scala 2.13.11 with -deprecation
flag.
This was contributed by Eugene Yokota (@eed3si9n) in zinc#1226. Special thanks to @lrytz for identifying this issue in zinc#1214.
other updates
- Adds M1/M2/Aarch64 build of sbtn into the installer by @julienrf in #7329
- Fixes scripted tests timing out after 5 minutes by @eed3si9n in #7336
Full Changelog: https://github.com/sbt/sbt/compare/v1.9.2...v1.9.3
v1.9.2
: 1.9.2
Fix
- Let
++
fall back to a bincompat Scala version by @eed3si9n in #7328
Full Changelog: https://github.com/sbt/sbt/compare/v1.9.1...v1.9.2
v1.9.1
: 1.9.1
Change to Scala CLA
sbt 1.9.1 is the first release of sbt after changing to Scala CLA in #7306 etc. A number of contributors to sbt voiced concerns about donating our work to Lightbend after 2022, and Lightbend, Scala Center, and I agreed on changing the contributor license agreement such that the copyright would tranfer to Scala Center, a non-profit organization. sbt and its subcompoments, including Zinc, will remain available under Apache v2 license.
Updates
- Fixes "Repository for publishing is not specified" error even when
publish / skip
is settrue
by @adpi2 in #7295 - Fixes scripted test not working when
sbtPluginPublishLegacyMavenStyle := false
by @adpi2 in #7286 - Fixes copy-pasting to
sbt console
being slow by @andrzejressel in #7280 - Fixes missing range in BSP Diagnostic by @adpi2 in #7298
- Fixes zip64 offset writing by @dwijnand in zinc#1206
- Fixes a typo in the description of
exportPipelining
key by @alexklibisz in #7291 -
dependencyBrowseGraph
anddependencyDot
render in color by @sideeffffect in #7301. This can be opted-out usingdependencyDotNodeColors
setting. - Adds softwaremill/tapir.g8 to
sbt new
default menu by @katlasik in #7300 - Makes
sbt new
default menu extensible viatemplateDescriptions
setting key andtemplateRunLocal
input key by @eed3si9n in #7304 - Adds Hedgehog Scala to default test framework by @kevin-lee in #7287
- Updates
semanticdbVersion
to 4.7.8 by @ckipp01 in #7294 - Updates JNA to 5.13.0 by @xuwei-k in io#346
- Updates Scala 2.13 for Zinc etc to 2.13.11 by @mkurz in #7279
- Updates sbtn to 1.9.0 by @mkurz in #7290
- Updates Scala Toolkit to 0.2.0 by @eed3si9n in #7318
Behind the scene
- Adds
@tailrec
annotation by @xuwei-k in zinc#1209 - Updates Scala versions in scripted tests by @xuwei-k in #7312
- Many typo fixes by @xuwei-k in #7313
- Fixes Scaladoc warnings by @xuwei-k in #7314
- Typo fix in
DEVELOPING.md
by @dongxuwang in #7299 - Avoids deprecated
java.net.URL
constructor by @xuwei-k in #7315 - Refactors
filter
towithFilter
where possible by @xuwei-k in #7317
new contributors
- @andrzejressel made their first contribution in #7280
- @kevin-lee made their first contribution in #7287
- @alexklibisz made their first contribution in #7291
- @dongxuwang made their first contribution in #7299
- @katlasik made their first contribution in #7300
Full Changelog: https://github.com/sbt/sbt/compare/v1.9.0...v1.9.1
v1.9.0
: 1.9.0
Changes with compatibility implications
- Deprecates
IntegrationTest
configuration. See below. - Updates underlying Coursier to 2.1.2 by @eed3si9n.
Deprecation of IntegrationTest configuration
sbt 1.9.0 deprecates IntegrationTest
configuration. (RFC-3 proposes to deprecate general use of configuration axis beyond Compile
and Test
, and this is the first installment of the change.)
The recommended migration path is to create a subproject named "integration", or "foo-integration" etc.
lazy val integration = (project in file("integration"))
.dependsOn(core) // your current subproject
.settings(
publish / skip := true,
// test dependencies
libraryDependencies += something % Test,
)
From the shell you can run:
> integration/test
Assuming these are slow tests compared to the regular tests, I might not aggregate them at all from other subprojects, and maybe only run it on CI, but it's up to you.
Why deprecate IntegrationTest
? IntegrationTest
was a demoware for the idea of custom configuration axis, and now that we are planning to deprecate the mechanism to simplify sbt, we wanted to stop advertising it. We won't remove it during sbt 1.x series, but deprecation signals the non-recommendation status.
This was contributed by @eed3si9n and @mdedetrich in lm#414/#7261.
POM consistency of sbt plugin publishing
sbt 1.9.0 publishes sbt plugin to Maven repository in a POM-consistent way. sbt has been publishing POM file of sbt plugins as sbt-something-1.2.3.pom
even though the artifact URL is suffixed as sbt-something_2.12_1.0
. This allowed "sbt-something" to be registered by Maven Central, allowing search. However, as more plugins moved to Maven Central, it was considered that keeping POM consisntency rule was more important, especially for corporate repositories to proxy them.
sbt 1.9.0 will publish using both the conventional POM-inconsistent style and POM-consistent style so prior sbt releases can still consume the plugin. However, this can be opted-out using sbtPluginPublishLegacyMavenStyle
setting.
This fix was contributed by Adrien Piquerez (@adpi2) at Scala Center in coursier#2633, sbt#7096 etc. Special thanks to William Narmontas (@ScalaWilliam) and Wudong Liu (@wudong) whose experimental plugin sbt-vspp paved the way for this feature.
sbt new
, a text-based adventure
sbt 1.9.0 adds text-based menu when sbt new
or sbt init
is called without arguments:
$ sbt -Dsbt.version=1.9.0-RC2 init
....
Welcome to sbt new!
Here are some templates to get started:
a) scala/toolkit.local - Scala Toolkit (beta) by Scala Center and VirtusLab
b) typelevel/toolkit.local - Toolkit to start building Typelevel apps
c) sbt/cross-platform.local - A cross-JVM/JS/Native project
d) scala/scala-seed.g8 - Scala 2 seed template
e) playframework/play-scala-seed.g8 - A Play project in Scala
f) playframework/play-java-seed.g8 - A Play project in Java
g) scala-js/vite.g8 - A Scala.JS + Vite project
i) holdenk/sparkProjectTemplate.g8 - A Scala Spark project
m) spotify/scio.g8 - A Scio project
n) disneystreaming/smithy4s.g8 - A Smithy4s project
q) quit
Select a template (default: a):
Unlike Giter8, .local
template creates build.sbt
etc in the current directory, and reboots into an sbt session.
This was contributed by Eugene Yokota (@eed3si9n) in #7228.
Actionable diagnostics steps
sbt 1.9.0 adds actions
to Problem
, allowing the compiler to suggest code edits as part of the compiler warnings and errors in a structual manner.
See Roadmap for actionable diagnostics for more details. The changes were contributed by @ckipp01 in #7242 and @eed3si9n in bsp#527/#7251/zinc#1186 etc.
releaseNotesURL
setting
sbt 1.9.0 adds releaseNotesURL
setting, which creates info.releaseNotesUrl
property in the POM file. This will then be used by Scala Steward. See
Add release notes URLs to your POMs for details.
This was contributed by Arman Bilge in lm#410.
Other updates
- Updates Scala 2.13 cross build for Zinc to 2.13.10 to address CVE-2022-36944 by @rhuddleston
- Updates underlying Scala to 2.12.18 for JDK 21-ea in #7271 by @eed3si9n.
- Fixes Zinc incremental compilation looping infinitely zinc#1182 by @CarstonSchilds
- Fixes
libraryDependencySchemes
not overridingassumedVersionScheme
lm#415 by @adriaanm - Fixes spurious whitespace in the runner script by @keynmol in #7134
- Makes
RunProfiler
available by @dragos in #7215 - Makes
publishLocal / skip
work by @mdedetrich in #7165 - Fixes NullPointerError under
-Vdebug
by @som-snytt in zinc#1141 - Fixes Maven
settings.xml
properties expansion by @nrinaudo in lm#413 - Adds
FileFilter.nothing
andFileFilter.everything
by @mdedetrich in io#340 - Adds
Resolver.ApacheMavenSnapshotsRepo
by @mdedetrich - Avoids deprecated
java.net.URL
constructor by @xuwei-k in io#341 - Updates to Swoval 2.1.10 by @eatkins in io#343
- Updates to sbt-giter8-resolver 0.16.2 by @eed3si9n
- Fixes dead lock between
LoggerContext
andTerminal
by @adpi2 in #7191 - Notifies
ClassFileManager
fromIncOptions
inIncremental.prune
by @lrytz in zinc1148 - Updates usage info for java-home in the runner script by @liang3zy22 in #7171
- Deprecates misspelled
Problem#diagnosticRelatedInforamation
by @ckipp01 in #7241 - Adds built-in support for weaver-cats test framework #7263 by @kubukoz
Behind the scene
- Replaces olafurpg/setup-scala with actions/setup-java by @mzuehlke in #7154
- Uses
sonatypeOssRepos
instead ofsonatypeRepo
by @yoshinorin in #7227
v1.8.3
: 1.8.3
Security fix
- Fixes
sbt.io.IO.withTemporaryFile
not limiting access on Unix-like systems in io#344/zinc#1185 by @eed3si9n
IO.withTemporaryFile fix
sbt 1.8.3 fixes sbt.io.IO.withTemporaryFile
etc not limiting access on Unix-like systems. Prior to this patch release, some functions were using java.io.File.createTempFile
, which does not set strict file permissions, as opposed to the NIO-equivalent that does.
This means that on a shared Unix-like systems, build user or plugin's use of sbt.io.IO.withTemporaryFile
etc would have exposed the information to other users.
This issue was reported by Oleksandr Zolotko at IBM, and was fixed by Eugene Yokota (@eed3si9n) in io#344/zinc#1185.
Other updates
sbt 1.8.3 backports Zinc and IO fixes from 1.9.0-RC2 as well.
- Fixes Zinc incremental compilation looping infinitely zinc#1182 by @CarstonSchilds
- Fixes spurious whitespace in the runner script by @keynmol in #7134
- Fixes NullPointerError under
-Vdebug
by @som-snytt in zinc#1141 - Avoids deprecated
java.net.URL
constructor by @xuwei-k in io#341 - Updates to Swoval 2.1.10 by @eatkins in io#343
- Notifies
ClassFileManager
fromIncOptions
inIncremental.prune
by @lrytz in zinc1148 - Adds
FileFilter.nothing
andFileFilter.everything
by @mdedetrich in io#340
v1.8.2
: 1.8.2
updates
- Fixes M1/M2/Aarch64 Mac support by #7120 by @eed3si9n
- Fixes glibc 2.31/Debian 11/Ubuntu 20.04 compatibility #7118 by @eed3si9n
v1.8.1
: 1.8.1
Bug fixes
- Fixes slf4j 2.x getting pulled into the metabuild #7115 by @eed3si9n
- Fixes BSP support on Windows by making
PATH
environment variable case insensitive by #7085 by @dos65
Updates
- Adds sbtn (GraalVM native client) for Linux on Aarch64 ipcsocket#33, #7108 etc by @mkurz and @eed3si9n
New Contributors
Full Changelog: https://github.com/sbt/sbt/compare/v1.8.0...v1.8.1
v1.8.0
: 1.8.0
Security fixes
- Updates to Coursier 2.1.0-RC1 to address CVE-2022-37866
- Updates to Ivy 2.3.0-sbt-a8f9eb5bf09d0539ea3658a2c2d4e09755b5133e to address CVE-2022-37866
Changes with compatibility implications
- Updates to Scala 2.12.17 + Scala compiler 2.12.17, which upgrades to scala-xml 2.x #7021
Bug fixes
Other updates
- Adds long classpath support on JDK 9+ via argument file (opt out using
-Dsbt.argsfile=false
orSBT_ARGSFILE
environment variable) #7010 by @easel - Adds out-of-box ZIO Test support #7053 by @987Nabil
- Adds support for newly introduced
buildTarget/outputPaths
method of Build Server Protocol. #6985 by @povder
New Contributors
- @easel made their first contribution in #7010
- @sashashura made their first contribution in #7023
- @987Nabil made their first contribution in #7053
Full Changelog: https://github.com/sbt/sbt/compare/v1.7.1...v1.8.0
v1.7.3
: 1.7.3
updates
- Updates underlying Coursier from 2.1.0-M2 to 2.1.0-M7-18-g67daad6a9 (lm-coursier-shaded 2.0.12) by @eed3si9n in #7060
- Sets up automatic release to to WinGet by @vedantmgoyal2009 in #6981
new contributors
- @vedantmgoyal2009 made their first contribution in #6981
Full Changelog: https://github.com/sbt/sbt/compare/v1.7.2...v1.7.3
v1.7.2
: 1.7.2
See https://github.com/sbt/sbt/releases/tag/v1.7.0 for the details on sbt 1.7.x.
- Fixes invalidation of incremental
testQuick
task #6903 by @gontard - Fixes
/tmp/.sbt/
collision for domain socket #7041 by @eed3si9n - Adds workaround for
dependencyBrowseGraph
with sometimes missing node #6978 by @frosforever - Updates
sbt new
by default to use Giter8 0.15.0 #7038 by @eed3si9n - Updates launcher to support Scala 3 apps #7035 by @eed3si9n
- Adds
diagnosticCode
anddiagnosticRelatedInforamation
(sic) toInterfaceUtil.problem(...)
#7006 by @ckipp01 - Forwards
diagnosticCode
to BSP #6998 by @ckipp01 - Improves log for not found remote cache #6824 by @gontard
v1.7.1
: 1.7.1
See https://github.com/sbt/sbt/releases/tag/v1.7.0 for the details on sbt 1.7.x.
Bug fix
- Fixes Java incremental compilation, specifically parsing of annotations in class files of @SethTisue in sbt/zinc#1111
Full Changelog: https://github.com/sbt/sbt/compare/v1.7.0...v1.7.1
v1.7.0
: 1.7.0
Changes with compatibility implications
-
++
is stricter. See below. - Drops OkHttp 3.x dependency lm#399 by @eed3si9n
- Updates to Scala 2.12.16
- Moves domain socket location to
XDG_RUNTIME_DIR
and/tmp
#6887 by @AlonsoM45 - Deprecates
Resolver.sonatypeRepo
and addsResolver.sonatypeOssRepos
, which includes https://s01.oss.sonatype.org/ by @armanbilge in lm#393
++
command updates
Prior to sbt 1.7 ++ <sv> <command1>
filtered subprojects using crossScalaVersions
having the same ABI suffix as <sv>
. This behavior was generally not well understood, and also created incorrect result for Scala 3.x since ++ 3.0.1 test
could downgrade subproject that may require 3.1 or above.
sbt 1.7.0 fixes this by requiring ++ <sv> <command1>
so <sv>
part can be given as a semantic version selector expression, such as 3.1.x
or 2.13.x
. Note that the expression may match at most one Scala version to switch into. In sbt 1.7.0, a concrete version such as ++ 3.0.1
equires exact version to be present in crossScalaVersion
.
This contribution was a collaborated effort among Arnout Engelen #6894, Rui Gonçalves lm#400, and Eugene Yokota.
Scala 3 compiler error improvements
In zinc#1082, Toshiyuki Takahashi contributed a fix to ignore Problem#rendered
passed from the compiler when sbt uses position mapper to transform the position. This is aimed at fixing the error reporting for Play on Scala 3.
In #6874, Chris Kipp extended xsbti.Problem
to track richer information available in Scala 3. This is aimed at enhancing the compilation errors reported to BSP client such as Metals.
BSP updates
- Fixes sbt sending cumulative
build/publishDiagnostics
in BSP #6847/#6929 by @tanishiking and @kpodsiad - Adds optional framework field to the BSP response #6830 by @kpodsiad
- Adds BSP environment request support #6858 by @kpodsiad
Other updates
- Fixes under-compilation when Java annotation changes by @SethTisue in zinc#1079
- Fixes ipcsocket JNI cleanup code deleting empty directories in
/tmp
ipc#23 by @eed3si9n - Fixes command argument parsing with quotes in
-a="b c"
pattern #6816 by @Nirvikalpa108 - Fixes
ThisBuild / includePluginResolvers
#6849 by @bjaglin - Fixes watchOnTermination callbacks #6870 by @eatkins
- Fixes
proxyInputStream#available
, which affected sbt-sitepreviewSite
#6965 by @eed3si9n
v1.6.2
: 1.6.2
- Fixes test framework loading failure not failing the build #6806 by @eed3si9n
- Fixes
readLine
catchingInterruptedException
#6803 by @tpetillot - Fixes
sbt --help
by removing unimplemented-S-X
option #6799 by @Nirvikalpa108
License
sbt 1.6.2 adds License
object that defines predefined license values:
licenses := List(License.Apache2)
Predefined values are License.Apache2
, License.MIT
, License.CC0
, and License.GPL3_or_later
. lm#395 by @eed3si9n
v1.6.1
: 1.6.1
- sbt 1.6.1 updates log4j 2 to 2.17.1, which fixes a remote code execution vulnerability when attacker controls configuration (CVE-2021-44832) #6765 by @eed3si9n
v1.6.0
: 1.6.0
Changes with compatibility implications
- Updates to log4j 2.17.0. See The state of the log4j CVE in the Scala ecosystem for details.
- The Scala version used to compile
build.sbt
is updated to Scala 2.12.15, which improves the compatibility with JDK 17+. The metabuild is compiled with-Xsource:3
flag #6664 by @Nirvikalpa108 + @eed3si9n -
sbt.TrapExit
is dropped due to Security Manager being deprecated in JDK 17. Callingsys.exit
inrun
ortest
would shutdown the sbt session. Use forking to prevent it #6665 by @eed3si9n - sbt 1.6.0 reads credentials from the file specified using
SBT_CREDENTIALS
environment variable, following sbt launcher #6724 by @daddykotex
BSP improvements
- Fixes
.sbtopts
not getting picked up when sbt server is started by Metals #6593 by @adpi2 - Fixes BSP IntelliJ import when
java
is not onPATH
#6576 by @github-samuel-clarenc - Implements BSP
buildTarget/cleanCache
, which fixes IntelliJrebuild
#6638 by @hmemcpy - Implements BSP
build/taskProgress
notifications #6642 by @hmemcpy - Improves BSP IntelliJ import by sending information about sbt server process failure #6573 by @github-samuel-clarenc
- Makes BSP requests robust to some target failures #6609 by @adpi2
- Sends BSP diagnostics and meaningful error message when reloading fails #6566 by @adpi2
- Fixes handling of sources in the base directory #6701 by @adpi2
- Fixes
sbtn
buffer not printing out all the outputs on system out #6703 by @adpi2 - Fixes infinite loop when server fails to load #6707 by @adpi2
- Fixes handling of fake position such as
<macro>
, which are occasionally returned by the compiler #6730 by @eed3si9n - Adds
sbt shutdownall
to shutdown all sbt server instances #6697 by @er1c - Adds
sbt --no-server
to not start the server or use a virtual terminal #6728 by @eed3si9n
Zinc improvements
- Fixes under-compilation of folded constants (see also SI-7173) zinc@d15228/zinc#1003 by @ephemerist and @dwijnand
- Fixes over-compilation of extended classes on JDK 11 zinc#998 by @lrytz
- Improves performance of loading used names from persisted
Analysis
file zinc#995 by @dwijnand - Fixes hashing of large files zinc#1018 by @niktrop
Remote caching improvements
sbt 1.6.0 improves remote caching of resources
directory by virtualizing the internal sync state (copy-resources.txt
). This allows incremental resource
directory synching to be resumed from the remote cache, similar to how Zinc has been able to resume incremental compilation from the remote cache. This was contributed by Amina Adewusi (@Nirvikalpa108) as #6611.
Dependency tree improvements
- Fixes
dependencyTree
to useasciiGraphWidth
setting 6693 by @kijuky - Fixes rendering cycles in
dependencyBrowseTree
#6675 by @nimatrueway - Migrates
dependencyBrowseTree
to use Contraband data types instead ofscala.util.parsing.json
#6699 by @Nirvikalpa108
Other updates
- Updates to lm-coursier 2.0.9, which uses Coursier 2.1.0-M2. This fixes full Scala suffix getting incorrectly overwritten by
scalaVersion
#6753 by @eed3si9n - Fixes tab completion of global keys #6716 by @eed3si9n
- Fixes shutdown hook error in timing report #6630 by @Nirvikalpa108
- Fixes
ClassCastException
inXMainConfiguration
#6649 by @eed3si9n - Moves
scalaInstanceTopLoader
tocompileBase
settings #6480 by @adpi2 - Fixes
crossSbtVersions
included intolintBuild
#6656 by @Nirvikalpa108 - Fixes
realpathish
function insbt
runner script #6641 by @darabos - Fixes repeated version numbers in eviction error lm#386 by @rtyley
- Flyweights
ConfigRef
to reduce heap usage lm#390 by @eed3si9n - Adds Windows Java home selectors for JDK cross building #6684 by @kxbmap
- Makes scripted Java home configurable using
scripted / javaHome
#6673 by @kxbmap -
maven.repo.local
system property configures local Maven repository lm#391 by @peter-janssen
Configuration
-
If you want to rebase/retry this MR, check this box
This MR has been generated by Renovate Bot.