As with https://github.com/sbt/librarymanagement/pull/386, which dealt
with Eviction *errors*, this fixes the way Eviction *warnings* report
the list of evicted versions - removing duplicate versions - and does a
refactor so that both `EvictionError` & `EvictionWarning` are using the
same logic to generate the revision string.
The logic for the revisions string is moved to the new field
`EvictionPair.evictedRevs`.
Without this fix, we see Eviction warnings like this:
```
* org.scala-lang.modules:scala-java8-compat_2.13:1.0.2 is selected over {1.0.0, 1.0.0}
```
Problem
In sbt 1, platform cross building is implemented using in the user-land
using `%%%` operator, which clevery handles both Scala cross building
and appending platform suffix like sjs1.
However, in general symbolic `%%%` is confusing, and hard to explain.
Solution
In sbt 2, we should subsume the idea of platform cross building,
so `%%` can act as the current `%%%` operator.
This adds a new field called `platformOpt` to `ModuleID`, which
by default will be set to `None`.
`ScalaModuleInfo` will also add a new field called `platform`,
which can be set to `None`, `Some(sjs1)` etc.
As part of module transformation (like adding `_2.13`), the library
management engine can transform `ModuleID` to `sjs1` etc.
`("com.github.scopt" %% "scopt" % "4.1.0").platform(jvm)` will
explicitly use the JVM version of dependency (equivalent to today's `%%`).
Problem
-------
Current impl is relaxed about comparing non-release Scala 2.x versions.
Solutution
----------
Use scalaApiVersion to compare two Scala 2 versions.
Ref https://github.com/sbt/sbt/issues/6912
Problem
-------
There's apparently a security issue with OkHttp 3.x,
which I am not really sure how applicable it is to our usage
of OkHttp but it is there.
Solution
--------
Since most of OkHttp-specic usage within LM is for Apache Ivy
downloading, I am going to drop this.
Since `sbt.librarymanagement.Http.http` is a public API,
I am substituting this with Apache HTTP backed implementation.
Rather than seeing an error like this, with the evicted version numbers
being repeated many times:
```
[error] * org.scala-lang.modules:scala-java8-compat_2.13:1.0.0 (early-semver) is selected over {0.9.0, 0.9.0, 0.9.0, 0.9.0, 0.9.1, 0.9.1, 0.9.1}
```
...I'd much rather see an error like this:
```
[error] * org.scala-lang.modules:scala-java8-compat_2.13:1.0.0 (early-semver) is selected over {0.9.0, 0.9.1}
```
Fixes https://github.com/sbt/sbt/issues/6578
Problem
-------
The regex currently expects two segments like2.x or 3.x,
but Scala 3 uses _3 as the cross suffix, and it's not caught.
Solution
--------
Change the regex.
Ref #377
Apply the dotted-prerelease tag to SemComparator
"A pre-release version MAY be denoted by appending a hyphen and a series of dot separated identifiers immediately following the patch version."
What is the problem?
sbt/sbt#6496 identifies a bug in the logic which assesses whether
different versions of the same transitive dependency are binary
compatible. If one of the transitive dependencies included a version
with a full-stop literal, it would be parsed incorrectly and an error
would be thrown to the user falsely saying that the dependencies are
binary incompatible.
What is the solution?
This PR fixes the regex used by the parser to include full-stop literals.
Is there anything else to be done?
It is worth us checking the rest of the codebase in case this bug might
exist in other parsers. The tests are super helpful for figuring out
which strings might break the current logic.
Adrien Piquerez
Eugene Yokota
Roberto Tyley
Matthew de Detrich
Kunal
Matthew de Detrich
xuwei-k
Adriaan Moors
Nicolas Rinaudo
Arman Bilge
Rui Gonçalves
Peter Janssen
Roberto Tyley
Matthias Kurz
Amina Adewusi