webjars-play pulling in wrong version of webjar

[almoehi]

I have a dependency to jquery in my sbt file like this:

"org.webjars" % "jquery" % "2.1.4"

however, when resolving dependencies, sbt always pulls in the latest available jquery version which currently is "3.0.0-alpha1". Am I missing something ?

I'm using play 2.3.9 and latest webjars-play:

"org.webjars" %% "webjars-play" % "2.3.0-3"

[jamesward]

I'm not seeing that behavior. Do you have another dependency that has a transitive dependency on a newer jQuery version? Can you run activator evicted to see why the specified version was evicted?

[almoehi]

Yeah, I never had this issue too that's why I'm so confused. I didn't even touch my build.sbt files for months but a few days ago I saw sbt suddenly pulling it in.

I do have a couple of other webjars, but I didn't change the versions. I checked all the ivy files which contain a dependency to jquery - none of them requires 3.0.0-beta1.

I updated my build files to make sure I have the latest versions ob webjars-play, play 2.3.9 etc.

Is activator evicted the same as sbt show update?

[jamesward]

This could be something that has a version range dependency.

sbt evicted should work but I think you might need sbt 0.13.8 (update your project/build.properties file).

[almoehi]

ok - got it. Do I understand this correctly: all the listed webjars require 3.0.0-alpha1 ? I didn't touch the version dependencies of the listed webjars for the past couple of months - how come, that all of a sudden a "beta" version gets pulled in ?

The issue is, that the newer jquery version breaks essential parts of the frontend, otherwise I wouldn't care that much :-)

[warn]  * org.webjars:jquery:(2.1.4, 2.1.1, 1.9.1, 1.8.3, 2.0.3-1, 1.11.1) -> 3.0.0-alpha1 (caller: org.webjars:fullcalendar:2.1.0-beta2, org.webjars:flot:0.8.3-1, org.webjars:jquery-validation:1.13.1, org.webjars:uniform:2.1.2, org.webjars:jquery-knob:1.2.2, org.webjars:bootstrap-application-wizard:3768da3142-1, org.webjars:datatables:1.10.2-1, org.webjars:jquery.sparkline:2.1.2, org.webjars:bootstrap:3.3.5, org.webjars:jquery-resize-plugin:1.1, org.webjars:jquery.inputmask:3.1.0, org.webjars:jquery-form:3.28.0-2013.02.06-1, org.webjars:jquery-ui:1.11.2, org.webjars:typeaheadjs:0.10.5, org.webjars:morrisjs:0.5.0, org.webjars:jQuery-slimScroll:1.3.3, org.webjars:jquery-placeholder:2.0.7)

[jamesward]

It looks like jquery-validation is the culprit: https://github.com/webjars/jquery-validation/blob/master/pom.xml#L36-L40

It has a version range that is open to all newer versions. The easiest way to deal with this is to exclude the jquery dependency from being a transitive in that one, like:

"org.webjars" % "jquery-validation" % "1.13.1" exclude("org.webjars", "jquery")

There might be other culprits but hopefully not. I've tried to avoid version ranges because of this kind of issue. But this one snuck through.

Let me know if that helps.

[almoehi]

excellent, that seemed to work :+1: thank you so much!