Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Lock dependencies with sbt-dependency-lock #129

Open
colindean opened this issue Sep 19, 2022 · 0 comments · May be fixed by #153
Open

Lock dependencies with sbt-dependency-lock #129

colindean opened this issue Sep 19, 2022 · 0 comments · May be fixed by #153
Labels
enhancement New feature or request hacktoberfest Good issues for Hacktoberfest

Comments

@colindean
Copy link
Collaborator

Is your feature request related to a problem? Please describe.

As a maintainer, I want to be able to validate my dependencies are what they were when I pulled them in.

Describe the solution you'd like

https://github.com/stringbean/sbt-dependency-lock

Describe alternatives you've considered

I've searched for other plugins that do this and ☝️ seems to be the currently maintained one.

@colindean colindean added the enhancement New feature or request label Sep 19, 2022
@colindean colindean added the hacktoberfest Good issues for Hacktoberfest label Oct 3, 2022
colindean added a commit that referenced this issue Apr 3, 2023
Caveats of this:

1. [Crossbuilds may not be supported][crossbuilds], impacting #84.
2. The hash used is SHA1, which is deprecated including by [NIST][nist].
   Some work is in draft PRs for introducing a new version of the
   lockfile that may enable SHA256 or other hash algorithms.

Fixes #129

[crossbuilds]: stringbean/sbt-dependency-lock#13
[nist]: https://www.nist.gov/news-events/news/2022/12/nist-retires-sha-1-cryptographic-algorithm
@colindean colindean linked a pull request Apr 3, 2023 that will close this issue
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request hacktoberfest Good issues for Hacktoberfest
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant