**Problem**
Some tests are failing.
**Solution**
* Port EvictionErrorSpec to lm-coursier
* Port EvictionWarningSpec to lm-coursier
* Port InclExclSpec to lm-coursier
* Port ZincComponentCompilerSpec to lm-coursier
* Apparently we still need lmIvy
* Add Test configuration to evictionWarningOptions
* Add Test configuration to default evictionWarningOptions
* Deduplicate eviction errors based on callers.
* Update eviction error test for semantic versioning.
* Group evictions by configuration and update test.
Co-authored-by: Zainab Ali <zainab.ali.london@gmail.com>
When a dependency declares a version range (e.g. Ivy [1.3.1,2.3] or comma-separated "1.3.1,2.3" as used by Coursier), and the resolver picks a version inside that range, sbt was still reporting an eviction warning. The chosen version satisfies the range, so it should not be reported as an eviction.
Example (from #6244): oauth2-oidc-sdk and nimbus-jose-jwt both depend on net.minidev:json-smart with range [1.3.1,2.3]. Resolution selects 2.3, which is within the range. Before this fix, sbt reported an eviction for json-smart even though 2.3 satisfies [1.3.1,2.3].
**Consuming BOMs**
- You can declare a BOM with `.pomOnly()` and versionless deps with `"*"`:
- `libraryDependencies += ("com.fasterxml.jackson" % "jackson-bom" % "2.21.0").pomOnly()`
- `libraryDependencies += "com.fasterxml.jackson.core" % "jackson-core" % "*"`
- BOMs are passed to Coursier via `Resolve.addBom()`; version `"*"` is resolved from the BOM.
**makePom**
- POM-only dependencies are emitted under `<dependencyManagement><dependencies>...</dependencies></dependencyManagement>` with `<type>pom</type>` and `<scope>import</scope>`.
- Dependencies with version `"*"` are emitted without a `<version>` element so Maven uses the BOM-managed version.
**Ivy / publishLocal emulation**
- When publishing to Ivy (e.g. `publishLocal`), BOM-resolved versions (deps that had `"*"`) are written into the published `ivy.xml` as forced dependencies (`force="true"`), so consumers that depend on this module get those versions.
## Problem
When using `publishSigned` (via sbt-pgp), sbt creates checksum files (e.g., `.pom.asc.sha1`) for PGP signature files (`.asc`). This violates Maven norms, where checksums should only be generated for raw artifacts like JARs and POMs, not for signatures.
## Solution
Modified the checksum generation logic in `ChecksumFriendlyURLResolver.put` (in `lm-ivy/src/main/scala/sbt/internal/librarymanagement/ConvertResolver.scala`) to skip generating checksums for artifacts whose names end with `.asc`.
When publishing to a repository fails with an HTTP error (e.g., 403, 409), the server often includes helpful error details in the response body. Previously, sbt only showed the HTTP status code without the response body.
This reimplements the upload method.
Fixes#7423
**Problem**
When project A's dependencies changed and A was compiled in one command, project B (depending on A) would not invalidate its update cache in a subsequent command. This caused stale classpaths.
The root cause was that `depsUpdated` only checked `!stats.cached`, which only detected fresh resolves within the same command. When a dependency was served from cache (even if resolved fresh in a previous command), `cached` was marked `true`, causing incorrect cache reuse.
Debug scenario from issue:
sbt:aaa> clean
sbt:aaa> a/compile
sbt:aaa> show itTests/depsUpdated
[info] * false <-- BUG: should be true
**Solution**
Added `stamp: String` field to `UpdateStats` that records when the update was resolved. This stamp persists across commands and enables accurate cross-command comparison:
- If any dependency's stamp > our cached stamp, we re-resolve
- Falls back to `!cached` check for backwards compatibility with old caches
- Using `String` type allows future transition from timestamps to content hashes
Post-process the delivered Ivy XML file to apply dependency overrides.
This is necessary because Ivy's deliver() method doesn't automatically
apply DependencyDescriptorMediators when writing the XML.
The fix:
- Adds applyOverridesToDeliveredIvy() method in IvyActions
- Reads the delivered Ivy XML and transforms dependency elements
- Updates rev attributes for dependencies that have overrides
- Ensures consistency between Maven POM and Ivy XML publishing
Added unit tests to verify:
- Overrides are correctly applied to matching dependencies
- All other attributes are preserved
- Non-matching dependencies remain unchanged
eugene yokota
kenji yoshida
PandaMan
bitloi
E.G
Dairus
MkDev11
calm
Josh Soref
Matthew de Detrich
Adrien Piquerez