sbt, the interactive build tool
scalaVersion
can no longer be a lower 2.13.x version number than its transitive depdencies. See below for details.Modern Scala 2.x has kept both forward and backward binary compatibility so a library compiled using Scala 2.13.12 can be used by an application compiled with Scala 2.13.11 etc, and vice versa. The forward compatibility restricts Scala 2.x from evolving during the patch releases, so in SIP-51 Lukas Rytz at Lightbend Scala Team proposed:
I propose to drop the forwards binary compatibility requirement that build tools enforce on the Scala 2.13 standard library. This will allow implementing performance optimizations of collection operations that are currently not possible. It also unblocks adding new classes and new members to existing classes in the standard library.
Lukas has also contributed changes to sbt 1.10.0 to enforce stricter scalaVersion
. Starting sbt 1.10.0, when a Scala 2.13.x patch version newer than scalaVersion
is found, it will fail the build as follows:
sbt:foo> run
[error] stack trace is suppressed; run last scalaInstance for the full output
[error] (scalaInstance) expected `foo/scalaVersion` to be "2.13.10" or later,
[error] but found "2.13.5"; upgrade scalaVerion to fix the build.
[error]
[error] to support backwards-only binary compatibility (SIP-51),
[error] the Scala 2.13 compiler cannot be older than scala-library on the
[error] dependency classpath.
[error] see `foo/evicted` to know why scala-library 2.13.10 is getting pulled in.
When you see the error message like above, you can fix this by updating the Scala version to the suggested version (e.g. 2.13.10):
ThisBuild / scalaVersion := "2.13.10"
Side note: Old timers might know that sbt 0.13.0 also introduced the idea of scala-library as a normal dependency. This created various confusions as developers expected scalaVersion
, compiler version, and scala-library version as expected to align. With the hindsight, sbt 1.10.0 will continue to respect scalaVersion
to be the source-of-truth, but will reject bad ones at build time.
This was contributed by Lukas Rytz in #7480.
IncOptions.useOptimizedSealed
not working for Scala 2.13 by @Friendseeker in zinc#1278
ClassTag
instead of Manifest
by @xuwei-k in zinc#1265
extraHash
to propagate TraitPrivateMembersModified
across external dependency by @Friendseeker in zinc#1289
extraHash
computation by @Friendseeker in zinc#1290
@inline
methods in Scala 2.x by @Friendseeker in zinc#1310
-Xshow-phases
handling by @Friendseeker in zinc#1314
sbt 1.10.0 adds a new Zinc serialization format that is faster and repeatable, unlike the current Protobuf-based serialization. Benchmark data based on scala-library + reflect + compiler:
Write time | Read time | File size | |
---|---|---|---|
sbt Text | 1002 ms | 791 ms | ~ 7102 kB |
sbt Binary | 654 ms | 277 ms | ~ 6182 kB |
ConsistentBinary | 157 ms | 100 ms | 3097 kB |
Since Zinc Analysis is internal to sbt, sbt 1.10.0 will enable this format by default. The following setting can be used to opt-out:
Global / enableConsistentCompileAnalysis := false
This was contributed by Stefan Zeiger at Databricks in zinc#1326.
sbt 1.10.0 adds a new CommandProgress API.
This was contributed by Iulian Dragos at Gradle Inc in #7350.
java.net.URL
constructor by @xuwei-k in #7398
updateSbtClassifiers
task by @azdrojowa123 in #7437
packageSrc
to include managedSources
by @Friendseeker in #7470
publisher
setting by @Tammo0987 in #7475
buildTarget/javacOptions
by @adpi2 in #7352
noOp
field in the compile report by @adpi2 in #7496
scalaVersion
can no longer be a lower 2.13.x version number than its transitive depdencies. See below for details.Modern Scala 2.x has kept both forward and backward binary compatibility so a library compiled using Scala 2.13.12 can be used by an application compiled with Scala 2.13.11 etc, and vice versa. The forward compatibility restricts Scala 2.x from evolving during the patch releases, so in SIP-51 Lukas Rytz at Lightbend Scala Team proposed:
I propose to drop the forwards binary compatibility requirement that build tools enforce on the Scala 2.13 standard library. This will allow implementing performance optimizations of collection operations that are currently not possible. It also unblocks adding new classes and new members to existing classes in the standard library.
Lukas has also contributed changes to sbt 1.10.0 to enforce stricter scalaVersion
. Starting sbt 1.10.0, when a Scala 2.13.x patch version newer than scalaVersion
is found, it will fail the build as follows:
sbt:foo> run
[error] stack trace is suppressed; run last scalaInstance for the full output
[error] (scalaInstance) expected `foo/scalaVersion` to be "2.13.10" or later,
[error] but found "2.13.5"; upgrade scalaVerion to fix the build.
[error]
[error] to support backwards-only binary compatibility (SIP-51),
[error] the Scala 2.13 compiler cannot be older than scala-library on the
[error] dependency classpath.
[error] see `foo/evicted` to know why scala-library 2.13.10 is getting pulled in.
When you see the error message like above, you can fix this by updating the Scala version to the suggested version (e.g. 2.13.10):
ThisBuild / scalaVersion := "2.13.10"
Side note: Old timers might know that sbt 0.13.0 also introduced the idea of scala-library as a normal dependency. This created various confusions as developers expected scalaVersion
, compiler version, and scala-library version as expected to align. With the hindsight, sbt 1.10.0 will continue to respect scalaVersion
to be the source-of-truth, but will reject bad ones at build time.
This was contributed by Lukas Rytz in #7480.
IncOptions.useOptimizedSealed
not working for Scala 2.13 by @Friendseeker in zinc#1278
ClassTag
instead of Manifest
by @xuwei-k in zinc#1265
extraHash
to propagate TraitPrivateMembersModified
across external dependency by @Friendseeker in zinc#1289
extraHash
computation by @Friendseeker in zinc#1290
@inline
methods in Scala 2.x by @Friendseeker in zinc#1310
-Xshow-phases
handling by @Friendseeker in zinc#1314
sbt 1.10.0 adds a new Zinc serialization format that is faster and repeatable, unlike the current Protobuf-based serialization. Benchmark data based on scala-library + reflect + compiler:
Write time | Read time | File size | |
---|---|---|---|
sbt Text | 1002 ms | 791 ms | ~ 7102 kB |
sbt Binary | 654 ms | 277 ms | ~ 6182 kB |
ConsistentBinary | 157 ms | 100 ms | 3097 kB |
Since Zinc Analysis is internal to sbt, sbt 1.10.0 will enable this format by default. The following setting can be used to opt-out:
Global / enableConsistentCompileAnalysis := false
This was contributed by Stefan Zeiger at Databricks in zinc#1326.
sbt 1.10.0 adds a new CommandProgress API.
This was contributed by Iulian Dragos at Gradle Inc in #7350.
java.net.URL
constructor by @xuwei-k in #7398
updateSbtClassifiers
task by @azdrojowa123 in #7437
packageSrc
to include managedSources
by @Friendseeker in #7470
publisher
setting by @Tammo0987 in #7475
buildTarget/javacOptions
by @adpi2 in #7352
noOp
field in the compile report by @adpi2 in #7496
scalaVersion
can no longer be a lower 2.13.x version number than its transitive dependencies. See below for details.Modern Scala 2.x has kept both forward and backward binary compatibility so a library compiled using Scala 2.13.12 can be used by an application compiled with Scala 2.13.11 etc, and vice versa. The forward compatibility restricts Scala 2.x from evolving during the patch releases, so in SIP-51 Lukas Rytz at Lightbend Scala Team proposed:
I propose to drop the forwards binary compatibility requirement that build tools enforce on the Scala 2.13 standard library. This will allow implementing performance optimizations of collection operations that are currently not possible. It also unblocks adding new classes and new members to existing classes in the standard library.
Lukas has also contributed changes to sbt 1.10.0 to enforce stricter scalaVersion
. Starting sbt 1.10.0, when a Scala 2.13.x patch version newer than scalaVersion
is found, it will fail the build as follows:
sbt:foo> run
[error] stack trace is suppressed; run last scalaInstance for the full output
[error] (scalaInstance) `foo/scalaVersion` needs to be upgraded to 2.13.10. To support backwards-only
[error] binary compatibility (SIP-51), the Scala compiler cannot be older than scala-library on the
[error] dependency classpath. See `foo/evicted` why scala-library was upgraded from 2.13.5 to 2.13.10.
When you see the error message like above, you can fix this by updating the Scala version to the suggested version (e.g. 2.13.10):
ThisBuild / scalaVersion := "2.13.10"
Side note: Old timers might know that sbt 0.13.0 also introduced the idea of scala-library as a normal dependency. This created various confusions as developers expected scalaVersion
, compiler version, and scala-library version as expected to align. With the hindsight, sbt 1.10.0 will continue to respect scalaVersion
to be the source-of-truth, but will reject bad ones at build time.
This was contributed by Lukas Rytz in #7480.
IncOptions.useOptimizedSealed
not working for Scala 2.13 by @Friendseeker in zinc#1278
ClassTag
instead of Manifest
by @xuwei-k in zinc#1265
extraHash
to propagate TraitPrivateMembersModified
across external dependency by @Friendseeker in zinc#1289
extraHash
computation by @Friendseeker in zinc#1290
@inline
methods in Scala 2.x by @Friendseeker in zinc#1310
-Xshow-phases
handling by @Friendseeker in zinc#1314
sbt 1.10.0 adds a new Zinc serialization format that is faster and repeatable, unlike the current Protobuf-based serialization. Note: We missed this for RC-1. We will adopt this in RC-2.
This was contributed by Stefan Zeiger in zinc#1326.
sbt 1.10.0 adds a new CommandProgress API.
This was contributed by @dragos in #7350.
java.net.URL
constructor by @xuwei-k in #7398
updateSbtClassifiers
task by @azdrojowa123 in #7437
packageSrc
to include managedSources
by @Friendseeker in #7470
publisher
setting by @Tammo0987 in #7475
buildTarget/javacOptions
by @adpi2 in #7352
noOp
field in the compile report by @adpi2 in #7496
Full Changelog: https://github.com/sbt/sbt/compare/v1.9.9...v1.10.0-RC1
console
task on Scala 2.13.13, sbt 1.9.9 backports updates to JLine 3.24.1 and JAnsi 2.4.0 by @hvesalai in https://github.com/sbt/sbt/pull/7503 / https://github.com/sbt/sbt/issues/7502
UnsatisfiedLinkError
with stat
, sbt 1.9.9 removes native code that was used to get the millisecond-precision timestamp that was broken (JDK-8177809) on JDK 8 prior to OpenJDK 8u302 by @eed3si9n in https://github.com/sbt/io/pull/367
Full Changelog: https://github.com/sbt/sbt/compare/v1.9.8...v1.9.9
IO.getModifiedOrZero
on Alpine etc, by using clib stat()
instead of non-standard __xstat64
abi by @bratkartoffel in https://github.com/sbt/io/pull/362
updateSbtClassifiers
not downloading sources https://github.com/sbt/sbt/pull/7437 by @azdrojowa123Full Changelog: https://github.com/sbt/sbt/compare/v1.9.7...v1.9.8
ClassTag
instead of Manifest
by @xuwei-k in https://github.com/sbt/zinc/pull/1265
extraHash
to propagate TraitPrivateMembersModified
across external dependency by @Friendseeker in https://github.com/sbt/zinc/pull/1289
extraHash
computation by @Friendseeker in https://github.com/sbt/zinc/pull/1290
buildTarget/javacOptions
by @adpi2 in https://github.com/sbt/sbt/pull/7352
.sbtopts
file and JAVA_TOOL_OPTIONS
environmental variable by @ptrdom in https://github.com/sbt/sbt/pull/7393
java.net.URL
constructor by @xuwei-k in https://github.com/sbt/sbt/pull/7398
updateSbtClassifiers
task by @azdrojowa123 in https://github.com/sbt/sbt/pull/7437
NoSuchMethodError
when call runFinalization
by @xuwei-k in https://github.com/sbt/sbt/pull/7399
dependencyBrowseTree
by @mkurz in https://github.com/sbt/sbt/pull/7396
Full Changelog: https://github.com/sbt/sbt/compare/v1.9.6...v1.10.0-M1
IO.unzip
. This was discovered and reported by Kenji Yoshida (@xuwei-k), and fixed by @eed3si9n in io#360.See https://github.com/sbt/sbt/security/advisories/GHSA-h9mw-grgx-2fhf for the most up to date information. This affects all sbt versions prior to 1.9.7.
Path traversal vulnerabilty was discovered in IO.unzip
code. This is a very common vulnerability known as Zip Slip, and was found and fixed in plexus-archiver, Ant, etc.
Given a specially crafted zip or JAR file, IO.unzip
allows writing of arbitrary file. The follow is an example of a malicious entry:
+2018-04-15 22:04:42 ..... 20 20 ../../../../../../root/.ssh/authorized_keys
When executed on some path with six levels, IO.unzip
could then overwrite a file under /root/
. sbt main uses IO.unzip
only in pullRemoteCache
and Resolvers.remote
, however, many projects use IO.unzip(...)
directly to implement custom tasks and tests.
We've known that occasionally some builds non-deterministically flip-flops its behavior when a task or a setting is set by two independent AutoPlugins, i.e. two plugins that neither depends on the other.
sbt 1.9.7 attempts to fix non-determinism of plugin loading order. This was contributed by @eed3si9n in #7404.
Updates Coursier to 2.1.7 by @regiskuckaertz in #7392
Fixes .sbtopts
support for sbt
runner script on Windows by @ptrdom in #7393
Adds documentation on scriptedSbt
key by @mdedetrich in #7383
Includes the URL in dependencyBrowseTree
log by @mkurz in #7396
Full Changelog: https://github.com/sbt/sbt/compare/v1.9.5...v1.9.6
Update: ⚠️ sbt 1.9.5 is broken, because it causes Scala compiler to generate wrong class names for anonymous class on lambda. While we investigate please refrain from publishing libraries with it. https://github.com/scala/bug/issues/12868#issuecomment-1720848704
-X
is passed to scalacOptions
zinc#1246 by @unkarjedy
NumberFormatException
in CrossVersionUtil.binaryScalaVersion
lm#426 by @HelloKunal
scripted
client/server instability on Windows #7087 by @mdedetrich
sbt
launcher script bug on Windows #7365 by @JD557
help
command on oldshell #7358 by @azdrojowa123
allModuleReports
to UpdateReport
lm#428 by @mdedetrich
Full Changelog: https://github.com/sbt/sbt/compare/v1.9.4...v1.9.5
CVE-2022-46751 is a security vulnerability discovered in Apache Ivy, but found also in Coursier.
With coordination with Apache Foundation, Adrien Piquerez (@adpi2) from Scala Center backported the fix to both our Ivy 2.3 fork and Coursier. sbt 1.9.4 updates them to the fixed versions.
sbt_script
lookup by replacing all spaces with %20
(not only the first one) in the path. by @arturaz in https://github.com/sbt/sbt/pull/7349
conscriptConfigs
task, not used and needed(?) anymore by @mkurz in https://github.com/sbt/sbt/pull/7353
sbt new
menu by @SethTisue in https://github.com/sbt/sbt/pull/7354
Full Changelog: https://github.com/sbt/sbt/compare/v1.9.3...v1.9.4