From a15af1bae2d77746e699ac6ad13e7d884ee35264 Mon Sep 17 00:00:00 2001 From: eugene yokota Date: Wed, 24 Apr 2024 13:00:25 -0400 Subject: [PATCH 1/2] Rewrite the Ivy revisions section Ref https://github.com/sbt/website/pull/1203 --- .../guide/08-Library-Dependencies.md | 38 ++++++++----------- 1 file changed, 16 insertions(+), 22 deletions(-) diff --git a/src/reference/guide/08-Library-Dependencies.md b/src/reference/guide/08-Library-Dependencies.md index 0020e2c5..4e3dd143 100644 --- a/src/reference/guide/08-Library-Dependencies.md +++ b/src/reference/guide/08-Library-Dependencies.md @@ -153,32 +153,26 @@ to ensure binary compatibility. See [Cross Building][Cross-Build] for some more detail on this. -#### Ivy revisions +#### Dynamic versions (Discouraged) The `version` in `organization % moduleName % version` does not have to be a -single fixed version. Ivy can select the latest revision of a module -according to constraints you specify. Instead of a fixed revision like -`"1.6.1"`, you specify `"latest.integration"`, `"2.9.+"`, or `"[1.0,)"`. See the -[Ivy -revisions](https://ant.apache.org/ivy/history/2.3.0/ivyfile/dependency.html#revision) +single fixed version. +Cousier and Ivy can select the latest revision of a module according to constraints you specify. +Instead of a fixed revision like +`"1.6.1"`, you specify `"latest.integration"`, `"2.9.+"`, or `"[1.0,)"`. +These dynamic versions might work one day, but break the next, and make the build non-repeatable. + +A Maven version range such as `[1.3.0,)` can be used to specify a dependency, +and it can appear transitively in existing POM files. When a dependency manager +like Coursier finds a version range, it will go out to the Internet to find the latest version. +This could lead to surprising behavior where the effective version changes over time, +even when there is a specified version of the library within the version range. +Therefore, until sbt implements a lock file, we generally discourage the use of version ranges. + +See the [Coursier version handling](https://get-coursier.io/docs/other-version-handling) and +the [Ivy revisions](https://ant.apache.org/ivy/history/2.3.0/ivyfile/dependency.html#revision) documentation for details. - - -Occasionally a Maven "version range" is used to specify a dependency -(transitive or otherwise), such as `[1.3.0,)`. If a specific version -of the dependency is declared in the build, and it satisfies the -range, then sbt will use the specified version. Otherwise, Coursier could -go out to the Internet to find the latest version. This would result -to a surprising behavior where the effective version keeps changing -over time, even though there's a specified version of the library that -satisfies the range condition. - -Maven version ranges will be replaced with its lower bound if the -build so that when a satisfactory version is found in the dependency -graph it will be used. You can disable this behavior using the JVM -flag `-Dsbt.modversionrange=false`. - #### Resolvers Not all packages live on the same server; sbt uses the standard Maven2 From 55ef0a574d7047d87a768e3cec3f924306c052f8 Mon Sep 17 00:00:00 2001 From: eugene yokota Date: Wed, 24 Apr 2024 13:00:25 -0400 Subject: [PATCH 2/2] Edit Ref https://github.com/sbt/website/pull/1203 --- src/reference/guide/08-Library-Dependencies.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/reference/guide/08-Library-Dependencies.md b/src/reference/guide/08-Library-Dependencies.md index 4e3dd143..50e857f3 100644 --- a/src/reference/guide/08-Library-Dependencies.md +++ b/src/reference/guide/08-Library-Dependencies.md @@ -165,8 +165,8 @@ These dynamic versions might work one day, but break the next, and make the buil A Maven version range such as `[1.3.0,)` can be used to specify a dependency, and it can appear transitively in existing POM files. When a dependency manager like Coursier finds a version range, it will go out to the Internet to find the latest version. -This could lead to surprising behavior where the effective version changes over time, -even when there is a specified version of the library within the version range. +Transitive version ranges could lead to surprising behavior where the effective version changes over time, +even when there is a specific version of the library within the version range in `build.sbt`. Therefore, until sbt implements a lock file, we generally discourage the use of version ranges. See the [Coursier version handling](https://get-coursier.io/docs/other-version-handling) and