Closed renovate[bot] closed 3 weeks ago
Because you closed this PR without merging, Renovate will ignore this update (1.10.5
). You will get a PR once a newer version is released. To ignore this dependency forever, add it to the ignoreDeps
array of your Renovate config.
If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.
This PR contains the following updates:
1.10.2
->1.10.5
Release Notes
sbt/sbt (sbt/sbt)
### [`v1.10.5`](https://redirect.github.com/sbt/sbt/compare/v1.10.4...v1.10.5) [Compare Source](https://redirect.github.com/sbt/sbt/compare/v1.10.4...v1.10.5) ### [`v1.10.4`](https://redirect.github.com/sbt/sbt/releases/tag/v1.10.4): 1.10.4 [Compare Source](https://redirect.github.com/sbt/sbt/compare/v1.10.3...v1.10.4) #### updates and bug fixes - fix: Fixes Jansi deprecation notice by switching to jline-terminal-jni by [@Friendseeker](https://redirect.github.com/Friendseeker) in [https://github.com/sbt/sbt/pull/7811](https://redirect.github.com/sbt/sbt/pull/7811) - fix: Fixes GLIBC\_2.32 issue on sbtn by statically linking musl by [@Friendseeker](https://redirect.github.com/Friendseeker) in [https://github.com/sbt/sbt/pull/7823](https://redirect.github.com/sbt/sbt/pull/7823) - fix: Throw exception when `sbt new` fails to find template by [@Friendseeker](https://redirect.github.com/Friendseeker) in [https://github.com/sbt/sbt/pull/7835](https://redirect.github.com/sbt/sbt/pull/7835) - fix: Fixes `~` with `Global / onChangedBuildSource := ReloadOnSourceChanges` by [@Friendseeker](https://redirect.github.com/Friendseeker) in [https://github.com/sbt/sbt/pull/7838](https://redirect.github.com/sbt/sbt/pull/7838) - fix: Fixes "Unrecognized option: --server" error on BSP server by [@eed3si9n](https://redirect.github.com/eed3si9n) in [https://github.com/sbt/sbt/pull/7824](https://redirect.github.com/sbt/sbt/pull/7824) - fix: Fixes pipelined build while changing version frequently by [@Friendseeker](https://redirect.github.com/Friendseeker) in [https://github.com/sbt/sbt/pull/7830](https://redirect.github.com/sbt/sbt/pull/7830) - fix: Change the default analysis format to older binary, and make Consistent Analysis opt-in by [@Friendseeker](https://redirect.github.com/Friendseeker) in [https://github.com/sbt/sbt/pull/7807](https://redirect.github.com/sbt/sbt/pull/7807) #### behind the scene - ci: Bump supported JDK version to 21 in `DEVELOPING.md` by [@Friendseeker](https://redirect.github.com/Friendseeker) in [https://github.com/sbt/sbt/pull/7784](https://redirect.github.com/sbt/sbt/pull/7784) - ci: Bump sbt to 1.10.3 by [@Friendseeker](https://redirect.github.com/Friendseeker) in [https://github.com/sbt/sbt/pull/7802](https://redirect.github.com/sbt/sbt/pull/7802) - ci: Bump `TEST_SBT_VER` to 1.10.3 & remove unused CI variables by [@Friendseeker](https://redirect.github.com/Friendseeker) in [https://github.com/sbt/sbt/pull/7825](https://redirect.github.com/sbt/sbt/pull/7825) - ci: Delete `.java-version` to not fix java version to 1.8 by [@Friendseeker](https://redirect.github.com/Friendseeker) in [https://github.com/sbt/sbt/pull/7827](https://redirect.github.com/sbt/sbt/pull/7827) - deps: Bump Scala 2.13 to 2.13.15 by [@Friendseeker](https://redirect.github.com/Friendseeker) in [https://github.com/sbt/sbt/pull/7798](https://redirect.github.com/sbt/sbt/pull/7798) - deps: Bump JLine to `3.27.1` by [@Friendseeker](https://redirect.github.com/Friendseeker) in [https://github.com/sbt/sbt/pull/7829](https://redirect.github.com/sbt/sbt/pull/7829) - deps: Zinc 1.10.4 by [@eed3si9n](https://redirect.github.com/eed3si9n) in [https://github.com/sbt/sbt/pull/7839](https://redirect.github.com/sbt/sbt/pull/7839) - refactor: Remove two unused methods that depends on Analysis Timestamp by [@Friendseeker](https://redirect.github.com/Friendseeker) in [https://github.com/sbt/sbt/pull/7787](https://redirect.github.com/sbt/sbt/pull/7787) - refactor: Deprecate useJCenter key by [@Philippus](https://redirect.github.com/Philippus) in [https://github.com/sbt/sbt/pull/7822](https://redirect.github.com/sbt/sbt/pull/7822) **Full Changelog**: https://github.com/sbt/sbt/compare/v1.10.3...v1.10.4 ### [`v1.10.3`](https://redirect.github.com/sbt/sbt/releases/tag/v1.10.3): 1.10.3 [Compare Source](https://redirect.github.com/sbt/sbt/compare/v1.10.2...v1.10.3) ##### Protobuf with potential Denial of Service (CVE-2024-7254) sbt 1.10.3 updates protobuf-java library to 3.25.5 to address CVE-2024-7254 / https://github.com/advisories/GHSA-735f-pc8j-v9w8, which states that while parsing unknown fields in the Protobuf Java library, a maliciously crafted message can cause a StackOverflow error. Given the nature of how Protobuf is used in Zinc as internal serialization, we think the impact of this issue is minimum. However, security software might still flag this to be an issue while using sbt or Zinc, so upgrade is advised. This issue was originally reported by [@gabrieljones](https://redirect.github.com/gabrieljones) and was fixed by Jerry Tan ([@Friendseeker](https://redirect.github.com/Friendseeker)) in [zinc#1443](https://redirect.github.com/zinc/sbt/issues/1443). [@adpi2](https://redirect.github.com/adpi2) at Scala Center has also configured dependency graph submission to get security alerts in [zinc#1448](https://redirect.github.com/zinc/sbt/issues/1448). sbt/sbt was configured by [@Friendseeker](https://redirect.github.com/Friendseeker) in [https://github.com/sbt/sbt/pull/7746](https://redirect.github.com/sbt/sbt/pull/7746). ##### Reverting the invalidation of circular-dependent sources sbt 1.10.3 reverts the initial invalidation of circular-dependent Scala source pairs. There had been a series of incremental compiler bugs such as "Invalid superClass" and "value b is not a member of A" that would go away after `clean`. The root cause of these bugs were identified by [@smarter](https://redirect.github.com/smarter) ([https://github.com/sbt/zinc/issues/598#issuecomment-449028234](https://redirect.github.com/sbt/zinc/issues/598#issuecomment-449028234)) and [@Friendseeker](https://redirect.github.com/Friendseeker) to be partial compilation of circular-dependent sources where two sources `A.scala` and `B.scala` use some constructs from each other. sbt 1.10.0 fixed this issue via [https://github.com/sbt/zinc/pull/1284](https://redirect.github.com/sbt/zinc/pull/1284) by invalidating the circular-dependent pairs together. In other words, if `A.scala` was changed, it would immediately invalidate `B.scala`. It turns out, that people have been writing circular-dependent code, and this has resulted in multiple reports of Zinc's over-compilation ([zinc#1420](https://redirect.github.com/sbt/zinc/issues/1420), [zinc#1461](https://redirect.github.com/sbt/zinc/issues/1461)). Given that the invalidation seems to affect the users more frequently than the original bug, we're going to revert the fix for now. We might bring this back with an opt-out flag later on. The revert was contributed by by Li Haoyi ([@lihaoyi](https://redirect.github.com/lihaoyi)) in [https://github.com/sbt/zinc/pull/1462](https://redirect.github.com/sbt/zinc/pull/1462). ##### Improvement: ParallelGzipOutputStream sbt 1.10.0 via [https://github.com/sbt/zinc/pull/1326](https://redirect.github.com/sbt/zinc/pull/1326) added a new consistent (repeatable) formats for Analysis storage. As a minor optimization, the pull request also included an implementation of `ParallelGzipOutputStream`, which would reduce the generate file size by 20%, but with little time penalty. Unfortunately, however, we have observed in CI that that the `scala.concurrent.Future`-based implementation gets stuck in a deadlock. [@Ichoran](https://redirect.github.com/Ichoran) and [@Friendseeker](https://redirect.github.com/Friendseeker) have contributed an alternative implementation that uses Java threads directly, which fixes the issue in [https://github.com/sbt/zinc/pull/1466](https://redirect.github.com/sbt/zinc/pull/1466). ##### bug fixes and updates - deps: Updates metabuild Scala version to 2.12.20 by [@SethTisue](https://redirect.github.com/SethTisue) in [#7636](https://redirect.github.com/sbt/sbt/pull/7636) - fix: Fixes "illegal reflective access operation" error on JDK 11 by updating JLine to 3.27.0 by [@Friendseeker](https://redirect.github.com/Friendseeker) in [#7695](https://redirect.github.com/sbt/sbt/pull/7695) - fix: Fixes transitive invalidation interfering with cycle stopping condition by [@Friendseeker](https://redirect.github.com/Friendseeker) in [zinc#1397](https://redirect.github.com/sbt/zinc/pull/1397) - fix: Fixes dependency resolution of sbt plugins by excluding custom extra attributes from POM dependencies by [@adpi2](https://redirect.github.com/adpi2) in [lm#451](https://redirect.github.com/sbt/librarymanagement/pull/451) - fix: Fixes directory permission issue under a multi-user environment by [@eed3si9n](https://redirect.github.com/eed3si9n) in [ipcsocket#43](https://redirect.github.com/sbt/ipcsocket/pull/43) - deps: Updates `sbt init` template deps by [@xuwei-k](https://redirect.github.com/xuwei-k) in [#7730](https://redirect.github.com/sbt/sbt/pull/7730) - Updates sbt runner to default to sbtn for sbt 2.x by [@eed3si9n](https://redirect.github.com/eed3si9n) in [#7775](https://redirect.github.com/sbt/sbt/pull/7775) ##### behind the scene - ci: Bump CI to JDK 21 by [@Friendseeker](https://redirect.github.com/Friendseeker) in [https://github.com/sbt/sbt/pull/7760](https://redirect.github.com/sbt/sbt/pull/7760) - refactor: Remove deprecated `System.runFinalization` by [@Friendseeker](https://redirect.github.com/Friendseeker) in [https://github.com/sbt/sbt/pull/7732](https://redirect.github.com/sbt/sbt/pull/7732) - refactor: Remove deprecated `Thread.getId` by [@Friendseeker](https://redirect.github.com/Friendseeker) in [https://github.com/sbt/sbt/pull/7733](https://redirect.github.com/sbt/sbt/pull/7733) - refactor: Regenerate Contraband files by [@Friendseeker](https://redirect.github.com/Friendseeker) in [https://github.com/sbt/sbt/pull/7764](https://redirect.github.com/sbt/sbt/pull/7764) - deps: Bump IO, ipc-socket, and launcher by [@eed3si9n](https://redirect.github.com/eed3si9n) in [https://github.com/sbt/sbt/pull/7776](https://redirect.github.com/sbt/sbt/pull/7776) - deps: Zinc 1.10.3 by [@eed3si9n](https://redirect.github.com/eed3si9n) in [https://github.com/sbt/sbt/pull/7781](https://redirect.github.com/sbt/sbt/pull/7781) - deps: lm 1.10.2 by [@eed3si9n](https://redirect.github.com/eed3si9n) in [https://github.com/sbt/sbt/pull/7782](https://redirect.github.com/sbt/sbt/pull/7782) - ci: Set a default timeout for ci by [@nathanlao](https://redirect.github.com/nathanlao) in [https://github.com/sbt/sbt/pull/7766](https://redirect.github.com/sbt/sbt/pull/7766) - ci: Removes `vscode-sbt-scala` from build.sbt by [@Friendseeker](https://redirect.github.com/Friendseeker) in [https://github.com/sbt/sbt/pull/7728](https://redirect.github.com/sbt/sbt/pull/7728) - ci: Adds dependabot setting for develop branch by [@xuwei-k](https://redirect.github.com/xuwei-k) in [https://github.com/sbt/sbt/pull/7701](https://redirect.github.com/sbt/sbt/pull/7701) **Full Changelog**: https://github.com/sbt/sbt/compare/v1.10.2...v1.10.3Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.