Dependency upgrade along with transitive dependencies - scala

I have quite a big Play/Akka project on Scala 2.11 with literally dozens of dependencies, for which we need to migrate to all new stack: newest Play, Akka, Scala etc.
But along the upgrade way, our team constantly facing unexpected issues after certain lib update that another lib has transitive dependency on it, which was evicted and suddenly starting to crash in runtime somewhere in internals. E.g. play-pac4j has transitive dependency on Play, which we forgot to upgrade properly after Play upgrade from 2.5 to 2.7.
Question: is there any sbt plugin, which can say in advance which dependencies I need to change to which version version, if I want to update dependency group % name from version-x to version-y?
I'm aware of sbt-dependency-graph plugin and we are using, but I want some automation. Meaning: sbt-dependency-graph has whatDependsOn command, but I don't want to manually verify which version is compatible with transitive dependency i want to go to.
Thank you.

Related

Gradle + Scala Plugin + Zinc 1.3.5 leaks Protobuf 3.7 to the compiler classpath

While debugging compilation errors of the generated Protobuf code after upgrading a Scala project to Gradle 6 & Zinc 1.3.5 I found that the compiler classpath contains two versions of the protobuf jar - the one I need (3.9.x) and 3.7. The latter is a dependency of the Zinc.
What is the correct way to run Zinc Scala build in Gradle without leaking its own dependencies to the classpath?
This was resolved with sbt/zinc PR 799 that was merged and included in the 1.4.0 release of Zinc.
With this MR they started shading the protobuf dependency (see this commit).
Unfortunately, it's not currently possible to use this version of Zinc with Gradle as Gradle issue #15491 was never resolved (note the issue title mentions Zinc 1.4.3 but applies for all versions of Zinc after the 1.3.x series).
It doesn't look like there's any plans to address #15491 but it looks like the issue will get solved as a side-effect of PR 18001 which is actively being developed with the intention of adding Scala 3 support to Gradle (and also involves cleaning up various long standing issues classpath related issues).

How to fix compatibility warning of Akka with ReactiveMongo 0.20.3

I have upgraded to reactive mongo 0.17.1 to 0.20.3. and after that I facing these warnings.
[WARN] [03/17/2020 12:20:43.782] [main]
[ManifestInfo(akka://reactivemongo)] Detected possible incompatible
versions on the classpath. Please note that a given Akka version MUST
be the same across all modules of Akka that you are using, e.g. if you
use [2.5.25] all other modules that are released together MUST be of
the same version. Make sure you're using a compatible set of
libraries. Possibly conflicting versions [2.5.25, 2.5.11] in libraries
[akka-protobuf:2.5.25, akka-actor:2.5.25, akka-slf4j:2.5.11,
akka-stream:2.5.25]
The reason for the error is that it is not safe to mix different patch versions of Akka modules, they all need to be of the same version (you can read more about this in the docs here.
Most often you can just add explicit dependencies in your build for the transitive ones to force them to be of the Akka version you want (2.5.25 in this case).

Understanding eclipse maven dependency hierarchy

I want to understand the dependencies for a multi-module maven project and for that referred to eclipse dependency hierarchy.
I did understand fairly, however some of the things I am not able to understand at all.
Below is the screen shot.
The things which I didn't understand are:
--> managed from 1.0.2 [Compile}
--> managed from 1.0.2 (omitted for conflict with 1.0.0) [Compile]
I did search online but I got information in traces. Can anyone help me understand what they mean in easy to understand?
Thanks.
Maven builds a flat classpath from the dependency tree each for compiling ([compile]), for testing, and for running.
In a flat classpath, unlike OSGi, a dependency can only exist in one version. In your cropped screenshot, there is on the second level among other things:
kafka-streams 1.0.2 and
kafka-clients 1.0.0.
kafka-streams 1.0.2 requires kafka-clients 1.0.2 which conflicts to kafka-clients 1.0.0. Therefore kafka-streams 1.0.2 is omitted for conflicts with 1.0.0 even if the version 1.0.2 is required here ("managed from 1.0.2").
More detailed:The classpath which is used to compile or run a plain Java application is flat: all required libraries are globally specified as an ordered list. It is not possible to use a library of a specific version for one package and for another package the same library in a different version.In Maven dependencies builds a tree: each dependency might have its own dependencies. Maven maps the tree of dependencies to the classpath, an ordered list of libraries. If in the Maven dependencies tree the same library exists in different versions, it is not possible to create a flat classpath. This is a conflict.This conflict is resolved by picking one version and omitting all other versions. At the place where the picked version is used instead of the required version, (managed from <required but not picked version>) and (omitted for conflict with <picked version to use instead>) is displayed.In addition, Maven can create different classpaths to compile, to test or to run a Java application via so-called scopes. The [compile] scope is the default scope for using a library in all tasks: compiling, testing and running.
Make sure that the versions specified in the pom.xml file are compatible with each other (which is not yet the case in your screenshot): you have to upgrade kafka-clients from 1.0.0 to 1.0.2 (or downgrade the other libraries).

Sbt 0.12.4+ required on project import

I'm currently reading the Play for Scala: Covers Play 2 book by Peter Hilton (publisher: Manning) , and trying to stick to the versions they've outlined in the book (Play version 2.1.1).
I downloaded the new IntelliJ IDEA 14 CE app and installed it. I'm currently importing the project, and it's failing because it wants a version of sbt that is 0.12.4 or greater.
This issue occurred in 13 the other day, but I haven't had time to resolve it, so please, no recommendations to go back to 13 :)
Here is the meat of the issue:
When I type sbt --version on the CLI, it prints sbt launcher version 0.13.6. I have a "greater" version, but it appears that IDEA doesn't recognize this.
In an effort to specify my own SBT launcher JAR, I pointed my custom launcher (in IDEAs global settings) to the one in /usr/local/Cellar/sbt/0.13.6/libexec/sbt-launch.jar, but the build also failed with the same error.
As you may have guessed at this point, I have used Homebrew to install and manage Scala and sbt. When I first started working with Scala back in February, I remember having to make a few small tweaks in my settings to get IDEA to find Scala, but my version of IDEA 14 is totally fresh -- I did not import any previous settings. I downloaded the Scala and sbt plugins and they appear to be properly configured after a cursory look and creation of a new test project.
Here is what I'm failing to understand:
First, and most obvious, why would an sbt version that meets the supposed requirement (0.12.4+) fail with version 0.13.*?
Second, is the bundled sbt with IDEA also greater than this version? Is there possibly an sbt flag somewhere in my system that's pointing it to an earlier version? A side note, I have a few versions of sbt in my "Cellar", but all are greater than 0.13.
Many thanks for your help!
I had a look at the code samples from Manning's website, and the project/build.properties files for each project specify sbt.version=0.12.2. My guess is that the Intellij Scala plugin only supports SBT 0.12.4, and cannot import you project which is configured to use an older version (hence why it recommends that you "update your project definition").
You should try using sbt.version=0.12.4 in the project/build.properties file.
Generally speaking, keep in mind that when an SBT version is specified in project/build.properties, the SBT launcher downloads the specified version and uses it to build the project. In your case, that means that the SBT 0.13.6 launcher will download SBT 0.12.2 and use that version to build the project.

How to find unused sbt dependencies?

My build.sbt has a lot of dependencies now. How do I know which dependencies are actually being used?
Maven seems to have dependency:analyse http://maven.apache.org/plugins/maven-dependency-plugin/
Is there something similar for sbt?
There is the sbt-explicit-dependencies plugin, which has been developed recently. It has direct commands in the SBT console to:
Enforce explicit direct declaration of dependencies, thus disallowing transitive dependencies.
Detect and remove unneeded dependencies.
you can use sbt-dependency-graph plugin. it shows dependencies in different graphical representations. also you can try to use tattletale, but it's not integrated with sbt. it'll require you to copy managed dependencies (retrieveManaged := true). this tool not only shows dependency graph, but analyzes class usage and can display unused dependencies (including transitive)