Include transitive dependencies #72
Comments
|
It is rather easy to implement, but I intentionally decided to display dependencies for direct dependencies only. I agree, this may be useful to be able to find patch updates that may fix vulnerabilities, probably with a separate task (or an argument to the existing task). |
|
If you've a pointer for me about how to retrieve the full, resolved list of dependencies I'll be happy to give it a crack. |
|
I'd say one of |
|
Plugin also does not show dependencies of subprojects. lazy val commonModule = project.in(file("common"))
.settings(
libraryDependencies ++= Seq(
"io.circe" %% "circe-generic" % "0.7.0"
)
)
lazy val root = project.in(file("."))
.dependsOn(commonModule)
Running Should I submit a separate issue? |
|
Adding |
|
Preliminary implementation is on the https://github.com/rtimush/sbt-updates/tree/transitive-updates branch and available as 0.3.5-2+ga326a8e |
|
@rtimush that branch is no longer available, so I am not sure if this feature was eventually merged or abandoned |
It'd be nice to be able to see updates for all a project's dependencies, rather than just those explicitly mentioned in the
libraryDependenciessetting. This could be achieved via a setting or a separate taskIn particular, if a library pulled in by one of your project's dependencies has a vulnerability it's great to be able to work out if there's a patch-upgrade available that would fix it. That's fairly tedious to do by hand, this plugin would make that very easy if it were possible.
I understand it's much more complicated than the current behaviour, perhaps combining this plugin with sbt-dependency-graph would be the easiest way to achieve it.
I'm interested to hear your thoughts on whether you think this would be a useful addition or if you feel it would be better as a separate tool.
The text was updated successfully, but these errors were encountered: