- Add ivylessPublishMavenToFile and ivylessPublishMavenToUrl for Maven layout
- Handle MavenCache and MavenRepo in ivylessPublishTask (file + HTTP)
- Add credentialFor for realm+host credential matching per Publishing docs
- Consume HTTP response body on success to avoid connection leak
- Add scripted tests: ivyless-publish-maven, ivyless-publish-maven-http
When using the aggregated key parser, a key is now valid if it exists in `data` for that scope **or** it's an aggregate key and every key it aggregates to exists in `data`. So `(root, scripted)` is accepted when the root aggregates a project that defines `scripted`, and running `scripted` at root runs it on that project as before.
Implements ivyless publish task as part of #7639 (drop Ivy dependency).
Fixes#8639.
- Add ivylessPublish for URLRepository: HTTP PUT with optional Basic auth,
same layout as ivyless publishLocal (artifacts + ivy.xml + checksums).
- Add ivylessPublishToFile for FileRepository: write to local path for
testing without HTTP server.
- Add ivylessPublishTask: when useIvy is false, use ivyless path for
URLRepository or FileRepository; otherwise use Ivy.
- Wire publish in Defaults to LibraryManagement.ivylessPublishTask
(tagged Publish, Network).
- Add scripted test dependency-management/ivyless-publish using
Resolver.file to verify ivyless publish produces identical layout.
Credentials supported via allCredentials (Basic auth for PUT).
When a project depended on another project that was built with a different Scala binary version (e.g. 2.12 vs 2.13), compilation could fail with "not found: value X" because resolution was asking for the wrong artifact.
This change updates how we build the `ModuleID` for inter-project dependencies in `projectDependenciesTask`: we now request the dependency’s Scala binary version (e.g. `bar_2.12`) instead of the current project’s, so the resolver can find the right artifact. We keep existing behavior for `Disabled` and `Constant` cross-version, and add a small safeguard in the default case when the dependency’s Scala version differs from the current project’s.
**Consuming BOMs**
- You can declare a BOM with `.pomOnly()` and versionless deps with `"*"`:
- `libraryDependencies += ("com.fasterxml.jackson" % "jackson-bom" % "2.21.0").pomOnly()`
- `libraryDependencies += "com.fasterxml.jackson.core" % "jackson-core" % "*"`
- BOMs are passed to Coursier via `Resolve.addBom()`; version `"*"` is resolved from the BOM.
**makePom**
- POM-only dependencies are emitted under `<dependencyManagement><dependencies>...</dependencies></dependencyManagement>` with `<type>pom</type>` and `<scope>import</scope>`.
- Dependencies with version `"*"` are emitted without a `<version>` element so Maven uses the BOM-managed version.
**Ivy / publishLocal emulation**
- When publishing to Ivy (e.g. `publishLocal`), BOM-resolved versions (deps that had `"*"`) are written into the published `ivy.xml` as forced dependencies (`force="true"`), so consumers that depend on this module get those versions.
Resolving ThisProject to ProjectRef(uri, p.id) created a self-reference
in the aggregate (and dependency) list. BuildUtil.checkCycles runs
topological sort on this relation and throws Cyclic when it sees the
self-loop.
Treat ThisProject as no-op: resolve to Vector.empty so the build loads
without error. aggregate(ThisProject) / dependsOn(ThisProject) is
effectively a no-op (self is already included).
Fixes#3616 - Scope's resolveProjectBuild and resolveProjectRef
mishandle ThisProject.
Previously, using ThisProject in aggregate() or dependsOn() would
cause a runtime error: 'Cannot resolve ThisProject w/o the current
project'.
This change adds proper handling for ThisProject in Load.scala:
- In checkAll: Skip validation for ThisProject (refers to self)
- In resolveProjects: Resolve ThisProject to ProjectRef(uri, p.id)
Problem
When a user defines an alias with a name that matches an existing task or setting key (e.g., `alias c = compile` when a custom task `c` exists), the alias silently wins and shadows the task.
Solution
Detect conflicts at alias creation time and fail with an error message:
```
Alias 'c' conflicts with a task or setting key of the same name. Use a different alias name to avoid ambiguity.
```
Fixes#8627
- Use ${OUT} placeholder and remove StringVirtualFile1 special-case handling
- Make dirZipExt check generic (use vf instead of svf: StringVirtualFile1)
- Let syncBlobs handle StringVirtualFile1 transparently via fileConverter.toPath()
Fixes#8631
**Changes:**
- Add `useIvy` setting key (defaults to `true`)
- Add `ivylessPublishLocalImpl` helper that publishes without Ivy
- Modify `publishLocal` to use ivyless publisher when `useIvy := false`
- Generate ivy.xml via `lmcoursier.IvyXml`
- Generate MD5/SHA-1 checksums for all files
- Add scripted test `dependency-management/ivyless-publish-local`
## Problem
We enforce same-version policy for scala-reflect in Scala 2.13.
However due to sandwich dependency, the graph can bump
scala-library to 3.8.1, which is missing scala-reflect counterpart.
## Solution
Drop the same-version policy.
**Problem**
When `autoAPIMappings := true` is set on a Scala 3 project, running `sbt doc` emits warnings:
```
[warn] bad option '-doc-external-doc:/modules/java.base#https://docs.oracle.com/...
```
This happens because Scala 3's scaladoc doesn't recognize Scala 2's `-doc-external-doc` option.
Fixes#6652
**Solution**
- Added `Opts.doc.externalAPIScala3` that generates the Scala 3 format: `-external-mappings:regex::[scaladoc3|javadoc]::url`
- Modified `Defaults.scala` to use the appropriate method based on Scala version
- Added heuristics to detect javadoc vs scaladoc based on file/URL patterns
**What it does**
When you run `dependencyLock`, sbt generates a `deps.lock` file that captures your resolved dependencies. This file can be checked into version control to ensure reproducible builds across different machines and CI environments.
**New tasks**
- **`dependencyLock`** - Generates the lock file from the current resolution
- **`dependencyLockCheck`** - Validates the lock file is up-to-date (fails build if stale)
**How it works**
The lock file stores a hash of your declared dependencies and resolvers. When dependencies change, the hash changes, and `dependencyLockCheck` will fail until you regenerate the lock file.
If no lock file exists, `dependencyLockCheck` passes silently - this allows gradual adoption.
Add support for `"3-latest.candidate"` to automatically resolve to the latest Scala 3 RC from Maven Central.
```scala
scalaVersion := "3-latest.candidate"
```
Ref https://github.com/sbt/sbt/discussions/8590
This PR adds a scripted test to prevent regression of issue #6175, where `MethodHandle.invokeExact` failed to compile on JDK 15+ when using `-release 11`.
Changes:
- Added `sbt-app/src/sbt-test/java/method-handle-release/` scripted test
- Test uses Scala 2.13.16 with `-release:11` to reproduce the original issue scenario
- Verifies that polymorphic signature methods compile correctly under cross-version targeting
**Problem**
Currently the shell delegates request tasks even when a non-existent
task like Compile / update is requested.
**Solution**
This removes the delegation, if the input key is scoped, so it will fail.
We will, however, continue to delegate on the subproject axis,
since it's useful to use Global or ThisBuild scoping.
**Problem**
When binary compatibility eviction errors occur, users cannot run
`dependencyTree` to debug the dependency conflict because it fails
with the same eviction error.
**Solution**
Set `evictionErrorLevel` and `assumedEvictionErrorLevel` to `Level.Warn`
for the `dependencyTreeIgnoreMissingUpdate` task, allowing the dependency
tree to be displayed even when eviction errors are present.
Fixes#7255
Fixes#7489
When using nested task scopes like otherTask / testTask, the
inputFileChanges macro was returning the wrong scope. It checked
if the scope already had a task axis and returned it as-is, but
this meant it would use otherTask's scope instead of testTask's.
The fix always sets the task axis to the key being queried,
ensuring fileInputs settings are found at the correct scope.
**Problem**
When a val definition in build.sbt changes and the user runs `reload`, sbt crashes with `NoClassDefFoundError: $Wrap<hash>$`.
```
java.lang.NoClassDefFoundError: $Wrape8743d4f36$
at $Wrap0b8ea34d40$.$anonfun$1(build.sbt:1)
```
The workaround was to delete `project/target` directory.
**Solution**
The root cause was that imports were not included in the hash calculation when evaluating build.sbt expressions. When a val definition changes:
1. Its `$Wrap` module gets a new hash
2. Settings that reference the val get new imports pointing to the new module
3. But if the setting expression didn't change, its hash was the same
4. The old cached class was loaded with bytecode referencing the old module
Fix: Include imports in the hash calculation in `Eval.evalCommon`. Also re-enable `cleanEvalClasses` in `Load.scala` which was disabled pending this fix.
Filters out empty versions during parser construction to prevent RuntimeException when creating token parsers. Includes comprehensive test coverage for edge cases.
DependencyTreePlugin is an AutoPlugin with trigger = AllRequirements,
so it loads automatically in scripted tests without requiring explicit
plugin configuration.
* Add JSON output support to dependencyLicenseInfo
- Add LicenseInfo rendering object with text and JSON output
- Add dependencyLicenseInfo input task key
- Implement dependencyLicenseInfo task with JSON format support
- Supports --out option for file output
- Auto-detects JSON format from .json file extension
- Follows same pattern as dependencyTree task
Resolves#7771
* always create symlinks to the cache in the target locations, even if the digest matches #8445
* create a test (currently failing even on #develop) that fails because if `zipPath` in `sbt.util.ActionCache.packageDirectory` is a symlink to the CAS, in later calls, this path in the CAS gets overridden by the new sources.
- in this test, after "run 1" in line 15, the produced file "target/out/jvm/scala-3.7.4/a/classes.sbtdir.zip" is a symlink to the CAS, let's call it SH1.
- when "run 3" is executed, `IO.zip` saves the new value to `zipPath`, which is "target/out/jvm/scala-3.7.4/a/classes.sbtdir.zip -> SH1", so SH1 gets overridden.
- when the last "run 1" is executed, the cache retrieves SH1, but it contains the data from "run 3" (the test fails with "actual A.x is 3").
* when packaging a directory into a zip, use a temp directory to avoid overwriting the cache #8461
This adds a new setting that allows users to
configure Coursier's FileCache to cache local file:// artifacts. When enabled,
artifacts from local repositories are copied to the cache directory, which is
useful for scenarios like bundling compiler artifacts in a local repo for
offline use.
Fixes#7547
**Problem**
When cross-building sbt plugins with explicit `scalaVersion` set in `build.sbt`, the `updateSbtClassifiers` task fails because it uses the launcher's Scala version instead of the appropriate Scala version for the target sbt version.
For example, with this configuration:
```scala
lazy val root = (project in file("."))
.enablePlugins(SbtPlugin)
.settings(
scalaVersion := "2.10.7", // Explicit for IDE support
crossSbtVersions := Seq("0.13.17", "1.0.0"),
)
```
Running sbt "show updateSbtClassifiers" would fail with:
Error downloading org.scala-sbt:scripted-plugin_2.12:0.13.17
It should look for scripted-plugin_2.10:0.13.17 since sbt 0.13.x uses Scala 2.10.
**Solution**
Modified sbtClassifiersTasks in Defaults.scala to:
1. Check if the project is an sbt plugin (sbtPlugin.value)
2. For plugins, derive the Scala version from pluginCrossBuild / sbtBinaryVersion using PluginCross.scalaVersionFromSbtBinaryVersion
3. For non-plugins, continue using the launcher's Scala version (original behavior)
**Problem**
When project A's dependencies changed and A was compiled in one command, project B (depending on A) would not invalidate its update cache in a subsequent command. This caused stale classpaths.
The root cause was that `depsUpdated` only checked `!stats.cached`, which only detected fresh resolves within the same command. When a dependency was served from cache (even if resolved fresh in a previous command), `cached` was marked `true`, causing incorrect cache reuse.
Debug scenario from issue:
sbt:aaa> clean
sbt:aaa> a/compile
sbt:aaa> show itTests/depsUpdated
[info] * false <-- BUG: should be true
**Solution**
Added `stamp: String` field to `UpdateStats` that records when the update was resolved. This stamp persists across commands and enables accurate cross-command comparison:
- If any dependency's stamp > our cached stamp, we re-resolve
- Falls back to `!cached` check for backwards compatibility with old caches
- Using `String` type allows future transition from timestamps to content hashes
Eviction warnings and errors were not reported for Test dependencies because
`EvictionError` only checked the Compile configuration.
This fix runs the eviction check for both Compile and Test configurations
separately, with distinct error messages:
- Compile: `found version conflict(s) in library dependencies`
- Test: `found version conflict(s) in Test dependencies`
**Problem**
There's a disconnect between what is perceived to be the current
Scala version, and what sbt uses internally, and thus what it
chooses to be the default scalaVersion.
**Solution**
This displays a warning if scalaVersion setting is missing.
**Problem**
There's a disconnect between what is perceived to be the current
Scala version, and what sbt uses internally, and thus what it
chooses to be the default scalaVersion.
**Solution**
This displays a warning if scalaVersion setting is missing.
**Problem**
sbt 2.x uses crossTarget by default, but it contains Scala version
even when crossPaths is false.
**Solution**
This replaces it with the letter "u" for unspecified.
bitloi
eugene yokota
bitloi
NeedmeFordev
calm
MkDev11
byteforge
Pegasus
MkDev11
Match
Dairus
Saber
azdrojowa123
xuwei-k
calm329