I have a use case where I use lock / excludeDependencies to exclude my internal dependencies from the lock file as I always explicitly specify the version for these packages.
I've noticed that even though they are excluded, when I bump their version in libraryDependencies. the hash on the lock file still changes. Can I ask if this behaviour is intentional?
Upon reading the plugin code, I notice that the hash is calculated using the libraryDependencies without any filtering from excludeDependencies. Should libraryDependencies be filtered through the exclusions before hash is calculated? It seems a bit weird for a dependencies that was excluded from locking to still affect the lock's hash.
If this seems reasonable to you, I am happy to make a pull request to tackle this.
sbt version: 1.5.2 sbt-lock version: 0.7.0
I have a use case where I use
lock / excludeDependencies
to exclude my internal dependencies from the lock file as I always explicitly specify the version for these packages.I've noticed that even though they are excluded, when I bump their version in
libraryDependencies
. the hash on the lock file still changes. Can I ask if this behaviour is intentional?Upon reading the plugin code, I notice that the hash is calculated using the
libraryDependencies
without any filtering fromexcludeDependencies
. ShouldlibraryDependencies
be filtered through the exclusions before hash is calculated? It seems a bit weird for a dependencies that was excluded from locking to still affect the lock's hash.If this seems reasonable to you, I am happy to make a pull request to tackle this.
Thank you for your time.