Skip to content

Commit

Permalink
chore: overrides dependencies
Browse files Browse the repository at this point in the history 
Motivation:
Threads scan show infected dependencies.
Our direct dependencies don't have newer version (for now)

Modifications:
 * override dependency both in plugins.sbt and build.sbt (as this project is
    its own plugin)

Result:
Should still work (mostly compatible version)
Should avoid threats
  • Loading branch information
@Isammoc @slandelle
Isammoc authored and slandelle committed Dec 13, 2023
1 parent 22a190a commit 35762ed
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 2 deletions.
7 changes: 7 additions & 0 deletions build.sbt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,3 +44,10 @@ lazy val root = (project in file("."))
addSbtPlugin("com.github.sbt" % "sbt-dynver" % "5.0.1"),
libraryDependencies += "org.scalatest" %% "scalatest" % "3.2.17" % Test
)

ThisBuild / dependencyOverrides ++= Seq(
"org.eclipse.jgit" % "org.eclipse.jgit" % "6.8.0.202311291450-r", // sbt-scalafix
"ch.qos.logback" % "logback-core" % "1.4.7", // sbt-sonatype
"com.google.guava" % "guava" % "23.0", // sbt-sonatype
"org.apache.httpcomponents" % "httpclient" % "4.5.14" // sbt-sonatype
)
12 changes: 10 additions & 2 deletions project/plugins.sbt
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,9 @@
// ------------------ //
// -- DEPENDENCIES -- //
// ------------------ //
addSbtPlugin("org.scalameta" % "sbt-scalafmt" % "2.5.2")
addSbtPlugin("ch.epfl.scala" % "sbt-scalafix" % "0.11.1")
addSbtPlugin("org.scalameta" % "sbt-scalafmt" % "2.5.2")
addSbtPlugin("ch.epfl.scala" % "sbt-scalafix" % "0.11.1")

addSbtPlugin("com.github.sbt" % "sbt-release" % "1.1.0")
addSbtPlugin("com.github.sbt" % "sbt-pgp" % "2.2.1")
addSbtPlugin("de.heikoseeberger" % "sbt-header" % "5.10.0")
Expand All @@ -12,3 +13,10 @@ addSbtPlugin("com.github.sbt" % "sbt-dynver" % "5.0.1")
// This project is its own plugin :)
Compile / unmanagedSourceDirectories += baseDirectory.value.getParentFile / "src" / "main" / "scala"
Compile / unmanagedResourceDirectories += baseDirectory.value.getParentFile / "src" / "main" / "resources"

dependencyOverrides ++= Seq(
"org.eclipse.jgit" % "org.eclipse.jgit" % "6.8.0.202311291450-r", // sbt-scalafix
"ch.qos.logback" % "logback-core" % "1.4.7", // sbt-sonatype
"com.google.guava" % "guava" % "23.0", // sbt-sonatype
"org.apache.httpcomponents" % "httpclient" % "4.5.14" // sbt-sonatype
)

0 comments on commit 35762ed

Please sign in to comment.