search

limpid-kzonix / data-engineering

Some random stuff with Kafka, KafkaConnect and Apache Flink
1 stars 0 forks source link

chore(deps): update dependency sbt/sbt to v1.10.5 #22

Open renovate[bot] opened 2 months ago

renovate[bot] commented 2 months ago

This PR contains the following updates:

Package Update Change
sbt/sbt patch 1.10.1 -> 1.10.5

Release Notes

sbt/sbt (sbt/sbt) ### [`v1.10.5`](https://redirect.github.com/sbt/sbt/compare/v1.10.4...v1.10.5) [Compare Source](https://redirect.github.com/sbt/sbt/compare/v1.10.4...v1.10.5) ### [`v1.10.4`](https://redirect.github.com/sbt/sbt/releases/tag/v1.10.4): 1.10.4 [Compare Source](https://redirect.github.com/sbt/sbt/compare/v1.10.3...v1.10.4) #### updates and bug fixes - fix: Fixes Jansi deprecation notice by switching to jline-terminal-jni by [@​Friendseeker](https://redirect.github.com/Friendseeker) in [https://github.com/sbt/sbt/pull/7811](https://redirect.github.com/sbt/sbt/pull/7811) - fix: Fixes GLIBC\_2.32 issue on sbtn by statically linking musl by [@​Friendseeker](https://redirect.github.com/Friendseeker) in [https://github.com/sbt/sbt/pull/7823](https://redirect.github.com/sbt/sbt/pull/7823) - fix: Throw exception when `sbt new` fails to find template by [@​Friendseeker](https://redirect.github.com/Friendseeker) in [https://github.com/sbt/sbt/pull/7835](https://redirect.github.com/sbt/sbt/pull/7835) - fix: Fixes `~` with `Global / onChangedBuildSource := ReloadOnSourceChanges` by [@​Friendseeker](https://redirect.github.com/Friendseeker) in [https://github.com/sbt/sbt/pull/7838](https://redirect.github.com/sbt/sbt/pull/7838) - fix: Fixes "Unrecognized option: --server" error on BSP server by [@​eed3si9n](https://redirect.github.com/eed3si9n) in [https://github.com/sbt/sbt/pull/7824](https://redirect.github.com/sbt/sbt/pull/7824) - fix: Fixes pipelined build while changing version frequently by [@​Friendseeker](https://redirect.github.com/Friendseeker) in [https://github.com/sbt/sbt/pull/7830](https://redirect.github.com/sbt/sbt/pull/7830) - fix: Change the default analysis format to older binary, and make Consistent Analysis opt-in by [@​Friendseeker](https://redirect.github.com/Friendseeker) in [https://github.com/sbt/sbt/pull/7807](https://redirect.github.com/sbt/sbt/pull/7807) #### behind the scene - ci: Bump supported JDK version to 21 in `DEVELOPING.md` by [@​Friendseeker](https://redirect.github.com/Friendseeker) in [https://github.com/sbt/sbt/pull/7784](https://redirect.github.com/sbt/sbt/pull/7784) - ci: Bump sbt to 1.10.3 by [@​Friendseeker](https://redirect.github.com/Friendseeker) in [https://github.com/sbt/sbt/pull/7802](https://redirect.github.com/sbt/sbt/pull/7802) - ci: Bump `TEST_SBT_VER` to 1.10.3 & remove unused CI variables by [@​Friendseeker](https://redirect.github.com/Friendseeker) in [https://github.com/sbt/sbt/pull/7825](https://redirect.github.com/sbt/sbt/pull/7825) - ci: Delete `.java-version` to not fix java version to 1.8 by [@​Friendseeker](https://redirect.github.com/Friendseeker) in [https://github.com/sbt/sbt/pull/7827](https://redirect.github.com/sbt/sbt/pull/7827) - deps: Bump Scala 2.13 to 2.13.15 by [@​Friendseeker](https://redirect.github.com/Friendseeker) in [https://github.com/sbt/sbt/pull/7798](https://redirect.github.com/sbt/sbt/pull/7798) - deps: Bump JLine to `3.27.1` by [@​Friendseeker](https://redirect.github.com/Friendseeker) in [https://github.com/sbt/sbt/pull/7829](https://redirect.github.com/sbt/sbt/pull/7829) - deps: Zinc 1.10.4 by [@​eed3si9n](https://redirect.github.com/eed3si9n) in [https://github.com/sbt/sbt/pull/7839](https://redirect.github.com/sbt/sbt/pull/7839) - refactor: Remove two unused methods that depends on Analysis Timestamp by [@​Friendseeker](https://redirect.github.com/Friendseeker) in [https://github.com/sbt/sbt/pull/7787](https://redirect.github.com/sbt/sbt/pull/7787) - refactor: Deprecate useJCenter key by [@​Philippus](https://redirect.github.com/Philippus) in [https://github.com/sbt/sbt/pull/7822](https://redirect.github.com/sbt/sbt/pull/7822) **Full Changelog**: https://github.com/sbt/sbt/compare/v1.10.3...v1.10.4 ### [`v1.10.3`](https://redirect.github.com/sbt/sbt/releases/tag/v1.10.3): 1.10.3 [Compare Source](https://redirect.github.com/sbt/sbt/compare/v1.10.2...v1.10.3) ##### Protobuf with potential Denial of Service (CVE-2024-7254) sbt 1.10.3 updates protobuf-java library to 3.25.5 to address CVE-2024-7254 / https://github.com/advisories/GHSA-735f-pc8j-v9w8, which states that while parsing unknown fields in the Protobuf Java library, a maliciously crafted message can cause a StackOverflow error. Given the nature of how Protobuf is used in Zinc as internal serialization, we think the impact of this issue is minimum. However, security software might still flag this to be an issue while using sbt or Zinc, so upgrade is advised. This issue was originally reported by [@​gabrieljones](https://redirect.github.com/gabrieljones) and was fixed by Jerry Tan ([@​Friendseeker](https://redirect.github.com/Friendseeker)) in [zinc#1443](https://redirect.github.com/zinc/sbt/issues/1443). [@​adpi2](https://redirect.github.com/adpi2) at Scala Center has also configured dependency graph submission to get security alerts in [zinc#1448](https://redirect.github.com/zinc/sbt/issues/1448). sbt/sbt was configured by [@​Friendseeker](https://redirect.github.com/Friendseeker) in [https://github.com/sbt/sbt/pull/7746](https://redirect.github.com/sbt/sbt/pull/7746). ##### Reverting the invalidation of circular-dependent sources sbt 1.10.3 reverts the initial invalidation of circular-dependent Scala source pairs. There had been a series of incremental compiler bugs such as "Invalid superClass" and "value b is not a member of A" that would go away after `clean`. The root cause of these bugs were identified by [@​smarter](https://redirect.github.com/smarter) ([https://github.com/sbt/zinc/issues/598#issuecomment-449028234](https://redirect.github.com/sbt/zinc/issues/598#issuecomment-449028234)) and [@​Friendseeker](https://redirect.github.com/Friendseeker) to be partial compilation of circular-dependent sources where two sources `A.scala` and `B.scala` use some constructs from each other. sbt 1.10.0 fixed this issue via [https://github.com/sbt/zinc/pull/1284](https://redirect.github.com/sbt/zinc/pull/1284) by invalidating the circular-dependent pairs together. In other words, if `A.scala` was changed, it would immediately invalidate `B.scala`. It turns out, that people have been writing circular-dependent code, and this has resulted in multiple reports of Zinc's over-compilation ([zinc#1420](https://redirect.github.com/sbt/zinc/issues/1420), [zinc#1461](https://redirect.github.com/sbt/zinc/issues/1461)). Given that the invalidation seems to affect the users more frequently than the original bug, we're going to revert the fix for now. We might bring this back with an opt-out flag later on. The revert was contributed by by Li Haoyi ([@​lihaoyi](https://redirect.github.com/lihaoyi)) in [https://github.com/sbt/zinc/pull/1462](https://redirect.github.com/sbt/zinc/pull/1462). ##### Improvement: ParallelGzipOutputStream sbt 1.10.0 via [https://github.com/sbt/zinc/pull/1326](https://redirect.github.com/sbt/zinc/pull/1326) added a new consistent (repeatable) formats for Analysis storage. As a minor optimization, the pull request also included an implementation of `ParallelGzipOutputStream`, which would reduce the generate file size by 20%, but with little time penalty. Unfortunately, however, we have observed in CI that that the `scala.concurrent.Future`-based implementation gets stuck in a deadlock. [@​Ichoran](https://redirect.github.com/Ichoran) and [@​Friendseeker](https://redirect.github.com/Friendseeker) have contributed an alternative implementation that uses Java threads directly, which fixes the issue in [https://github.com/sbt/zinc/pull/1466](https://redirect.github.com/sbt/zinc/pull/1466). ##### bug fixes and updates - deps: Updates metabuild Scala version to 2.12.20 by [@​SethTisue](https://redirect.github.com/SethTisue) in [#​7636](https://redirect.github.com/sbt/sbt/pull/7636) - fix: Fixes "illegal reflective access operation" error on JDK 11 by updating JLine to 3.27.0 by [@​Friendseeker](https://redirect.github.com/Friendseeker) in [#​7695](https://redirect.github.com/sbt/sbt/pull/7695) - fix: Fixes transitive invalidation interfering with cycle stopping condition by [@​Friendseeker](https://redirect.github.com/Friendseeker) in [zinc#1397](https://redirect.github.com/sbt/zinc/pull/1397) - fix: Fixes dependency resolution of sbt plugins by excluding custom extra attributes from POM dependencies by [@​adpi2](https://redirect.github.com/adpi2) in [lm#451](https://redirect.github.com/sbt/librarymanagement/pull/451) - fix: Fixes directory permission issue under a multi-user environment by [@​eed3si9n](https://redirect.github.com/eed3si9n) in [ipcsocket#43](https://redirect.github.com/sbt/ipcsocket/pull/43) - deps: Updates `sbt init` template deps by [@​xuwei-k](https://redirect.github.com/xuwei-k) in [#​7730](https://redirect.github.com/sbt/sbt/pull/7730) - Updates sbt runner to default to sbtn for sbt 2.x by [@​eed3si9n](https://redirect.github.com/eed3si9n) in [#​7775](https://redirect.github.com/sbt/sbt/pull/7775) ##### behind the scene - ci: Bump CI to JDK 21 by [@​Friendseeker](https://redirect.github.com/Friendseeker) in [https://github.com/sbt/sbt/pull/7760](https://redirect.github.com/sbt/sbt/pull/7760) - refactor: Remove deprecated `System.runFinalization` by [@​Friendseeker](https://redirect.github.com/Friendseeker) in [https://github.com/sbt/sbt/pull/7732](https://redirect.github.com/sbt/sbt/pull/7732) - refactor: Remove deprecated `Thread.getId` by [@​Friendseeker](https://redirect.github.com/Friendseeker) in [https://github.com/sbt/sbt/pull/7733](https://redirect.github.com/sbt/sbt/pull/7733) - refactor: Regenerate Contraband files by [@​Friendseeker](https://redirect.github.com/Friendseeker) in [https://github.com/sbt/sbt/pull/7764](https://redirect.github.com/sbt/sbt/pull/7764) - deps: Bump IO, ipc-socket, and launcher by [@​eed3si9n](https://redirect.github.com/eed3si9n) in [https://github.com/sbt/sbt/pull/7776](https://redirect.github.com/sbt/sbt/pull/7776) - deps: Zinc 1.10.3 by [@​eed3si9n](https://redirect.github.com/eed3si9n) in [https://github.com/sbt/sbt/pull/7781](https://redirect.github.com/sbt/sbt/pull/7781) - deps: lm 1.10.2 by [@​eed3si9n](https://redirect.github.com/eed3si9n) in [https://github.com/sbt/sbt/pull/7782](https://redirect.github.com/sbt/sbt/pull/7782) - ci: Set a default timeout for ci by [@​nathanlao](https://redirect.github.com/nathanlao) in [https://github.com/sbt/sbt/pull/7766](https://redirect.github.com/sbt/sbt/pull/7766) - ci: Removes `vscode-sbt-scala` from build.sbt by [@​Friendseeker](https://redirect.github.com/Friendseeker) in [https://github.com/sbt/sbt/pull/7728](https://redirect.github.com/sbt/sbt/pull/7728) - ci: Adds dependabot setting for develop branch by [@​xuwei-k](https://redirect.github.com/xuwei-k) in [https://github.com/sbt/sbt/pull/7701](https://redirect.github.com/sbt/sbt/pull/7701) **Full Changelog**: https://github.com/sbt/sbt/compare/v1.10.2...v1.10.3 ### [`v1.10.2`](https://redirect.github.com/sbt/sbt/releases/tag/v1.10.2): 1.10.2 [Compare Source](https://redirect.github.com/sbt/sbt/compare/v1.10.1...v1.10.2) #### Changes with compatibility implications - Uses `_sbt2_3` suffix for sbt 2.x by [@​eed3si9n](https://redirect.github.com/eed3si9n) in [https://github.com/sbt/sbt/pull/7671](https://redirect.github.com/sbt/sbt/pull/7671) #### Updates and bug fixes - Fixes the attribute key name from `serverIdleTimeOut` to `serverIdleTimeout` to match the variable name by [@​lervag](https://redirect.github.com/lervag) in [https://github.com/sbt/sbt/pull/7651](https://redirect.github.com/sbt/sbt/pull/7651) - Fixes incremental Scala-Java mixed compilation that produces JAR directly by [@​adpi2](https://redirect.github.com/adpi2) in [https://github.com/sbt/zinc/pull/1377](https://redirect.github.com/sbt/zinc/pull/1377) - Fixes over-compilation when using a class directory as a library by [@​adpi2](https://redirect.github.com/adpi2) in [https://github.com/sbt/zinc/pull/1382](https://redirect.github.com/sbt/zinc/pull/1382) - Perf: Copy bytes directly instead of using `scala.reflect.io.Streamable` by [@​rochala](https://redirect.github.com/rochala) in [https://github.com/sbt/zinc/pull/1395](https://redirect.github.com/sbt/zinc/pull/1395) - Includes all sources and resources in source jar by [@​jroper](https://redirect.github.com/jroper) in [https://github.com/sbt/sbt/pull/7630](https://redirect.github.com/sbt/sbt/pull/7630) - Fixes the handling of `Optional` inter-project dependency in BSP by [@​adpi2](https://redirect.github.com/adpi2) in [https://github.com/sbt/sbt/pull/7568](https://redirect.github.com/sbt/sbt/pull/7568) - Trims spaces around k and v to tolerate extra whitespace in `build.properties` by [@​invadergir](https://redirect.github.com/invadergir) in [https://github.com/sbt/sbt/pull/7585](https://redirect.github.com/sbt/sbt/pull/7585) - Fixes legacy repositories like `scala-tools-releases` in `repositories` file blocking sbt from launching by [@​eed3si9n](https://redirect.github.com/eed3si9n) in [https://github.com/sbt/launcher/pull/104](https://redirect.github.com/sbt/launcher/pull/104) - Fixes stale BSP diagnostics by [@​SlowBrainDude](https://redirect.github.com/SlowBrainDude) in [https://github.com/sbt/sbt/pull/7610](https://redirect.github.com/sbt/sbt/pull/7610) - Fixes scripted support for sbt 2.x by [@​eed3si9n](https://redirect.github.com/eed3si9n) in [https://github.com/sbt/sbt/pull/7672](https://redirect.github.com/sbt/sbt/pull/7672) - Avoids using `ThreadDeath` for future JDK compatibility by [@​xuwei-k](https://redirect.github.com/xuwei-k) in [https://github.com/sbt/sbt/pull/7652](https://redirect.github.com/sbt/sbt/pull/7652) - Avoids using `ZipError` for future JDK compatibility by [@​eed3si9n](https://redirect.github.com/eed3si9n) in [https://github.com/sbt/zinc/pull/1393](https://redirect.github.com/sbt/zinc/pull/1393) #### Behind the scenes - Update to Zinc 1.10.2 by [@​eed3si9n](https://redirect.github.com/eed3si9n) in [https://github.com/sbt/sbt/pull/7674](https://redirect.github.com/sbt/sbt/pull/7674) - Update to lm 1.10.1 by [@​eed3si9n](https://redirect.github.com/eed3si9n) in [https://github.com/sbt/sbt/pull/7597](https://redirect.github.com/sbt/sbt/pull/7597) - Update to Launcher 1.4.3 by [@​eed3si9n](https://redirect.github.com/eed3si9n) in [https://github.com/sbt/sbt/pull/7598](https://redirect.github.com/sbt/sbt/pull/7598) - Update to the common Scala 2.12 version for the sbtn subproject by [@​SlowBrainDude](https://redirect.github.com/SlowBrainDude) in [https://github.com/sbt/sbt/pull/7605](https://redirect.github.com/sbt/sbt/pull/7605) - Note in dev docs on supported build time JDK version dependency by [@​SlowBrainDude](https://redirect.github.com/SlowBrainDude) in [https://github.com/sbt/sbt/pull/7606](https://redirect.github.com/sbt/sbt/pull/7606) - CI: Zinc default branch is 1.10.x by [@​adpi2](https://redirect.github.com/adpi2) in [https://github.com/sbt/sbt/pull/7654](https://redirect.github.com/sbt/sbt/pull/7654) - Upgrade sbt plugins to avoid deprecated repo.scala-sbt.org by [@​mkurz](https://redirect.github.com/mkurz) in [https://github.com/sbt/sbt/pull/7555](https://redirect.github.com/sbt/sbt/pull/7555) - Update Scala 3 doc test by [@​eed3si9n](https://redirect.github.com/eed3si9n) in [https://github.com/sbt/sbt/pull/7619](https://redirect.github.com/sbt/sbt/pull/7619) - Bump scalacenter/sbt-dependency-submission from 2 to 3 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/sbt/sbt/pull/7565](https://redirect.github.com/sbt/sbt/pull/7565) - Fixes `dependency-management/force-update-period` test (backport of [#​7538](https://redirect.github.com/sbt/sbt/issues/7538)) by [@​adpi2](https://redirect.github.com/adpi2) in [https://github.com/sbt/sbt/pull/7567](https://redirect.github.com/sbt/sbt/pull/7567) - Fixes BuildServerTest by [@​adpi2](https://redirect.github.com/adpi2) in [https://github.com/sbt/sbt/pull/7638](https://redirect.github.com/sbt/sbt/pull/7638) #### New contributors - [@​invadergir](https://redirect.github.com/invadergir) made their first contribution in [https://github.com/sbt/sbt/pull/7585](https://redirect.github.com/sbt/sbt/pull/7585) - [@​rochala](https://redirect.github.com/rochala) made their first contribution in [https://github.com/sbt/zinc/pull/1395](https://redirect.github.com/sbt/zinc/pull/1395) - [@​SlowBrainDude](https://redirect.github.com/SlowBrainDude) made their first contribution in [https://github.com/sbt/sbt/pull/7606](https://redirect.github.com/sbt/sbt/pull/7606) - [@​lervag](https://redirect.github.com/lervag) made their first contribution in [https://github.com/sbt/sbt/pull/7651](https://redirect.github.com/sbt/sbt/pull/7651) **Full Changelog**: https://github.com/sbt/sbt/compare/v1.10.0...v1.10.2

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR was generated by Mend Renovate. View the repository job log.