Update dependencies in preparation for v7.1.3 #1778
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Updates the following Bazel dependency versions: - `.bazelversion`: 7.6.1 => 7.6.2 - Go: 1.25.1 => 1.25.3 - `bazel_skylib`: 1.8.1 => 1.8.2 - `golang.org/x/tools`: 0.37.0 => 0.38.0 - `protobuf`: v32.1 => v33.0 - Still missing protocolbuffers/protobuf#19679, so we keep patching. - `rules_cc`: 0.2.8 => 0.2.10 - `rules_go`: 0.57.0 => bazel-contrib/rules_go@74199c92 - This is a temporary workaround for bazel-contrib/rules_go#4480. - `rules_java`: 8.15.2 => 8.16.1 - Updates all legacy `WORKSPACE` files to invoke `bazel_features_deps` _before_ `rules_java_dependencies`, required since `rules_java` 8.16.0. - Adds `bazel_features` 1.37.0 to `rules_scala_dependencies` from `latest_deps.bzl` as an explicit dependency to enable the dependency setup macro reordering. - `rules_python`: 1.6.1 => 1.6.3 Updates the following Maven artifact versions, with `scripts/create_repository.py` having generated the changes to `third_party/repositories/scala_*.bzl`: - `com.google.api.grpc:proto-google-common-protos`: 2.61.1 => 2.62.0 - `com.google.guava:guava`: 33.4.8-jre => 33.5.0-jre - `com.google.protobuf:protobuf-java`: 4.32.1 => 4.33.0 - `com.thesamet.scalapb:scalapb-runtime_*`: 1.0.0-alpha.2 => 1.0.0-alpha.3 - `io.grpc:grpc-api`: 1.75.0 => 1.76.0 - `org.scala-lang.modules:scala-parser-combinators_*`: 1.1.2 => 2.4.0 - Adds logic to `scripts/create_repository.py` to keep the Scala 2.11 version of `scala-parser-combinators` at version 1.1.2 - `org.scala-sbt:compiler-interface`: 1.10.1 => 1.11.0 - `org.scala-sbt:util-interface`: 1.11.6 => 1.11.7 - `org.scalameta:scalafmt-*`: 3.9.9 => 3.10.1 - Updates `version` in all the `**.scalafmt*.conf` files to match. - `org.typelevel:kind-projector_*`: 0.13.3 => 0.13.4 --- This is in preparation for releasing v7.1.3, which will also contain the Scala 3.3.7 update from bazel-contrib#1777.
|
@WojciechMazur @simuons If you're OK with this pull request as-is, please feel free to merge it and push a new v7.1.3 tag publish a new release. It's a big change, but it's almost all mechanical, except for the change to |
WojciechMazur
approved these changes
Oct 20, 2025
Comment on lines
227
to
230
| "io_bazel_rules_scala_scala_library_2": { | ||
| "artifact": "org.scala-lang:scala-library:2.13.16", | ||
| "sha256": "1ebb2b6f9e4eb4022497c19b1e1e825019c08514f962aaac197145f88ed730f1", | ||
| "artifact": "org.scala-lang:scala-library:2.13.17", | ||
| "sha256": "b7822c4225243215f185925724a6edff92cf18777a136cc738276c4446fac76c", | ||
| }, |
There was a problem hiding this comment.
Side note:
This naming would become quite unfortunate soon with Scala 3.8 - we'd need to hava io_bazel_rules_scala_scala_library_2 (for backward source compatibility) which would provide org.scala-lang:scala-library:3.8.0 artifacts
Luckilly the io_bazel_rules_scala_scala_library_2 would still be unchanged...
There was a problem hiding this comment.
Going to have to lean on your expertise for that one. 😉 Plus, I wonder how the potential move to rules_jvm_external based toolchain dependency repos per #1775 might play into our plans here.
mbland
added a commit
to mbland/rules_scala
that referenced
this pull request
Oct 27, 2025
Returns `module_ctx.extension_metadata(reproducible = True)` from module extensions and checks in `MODULE.bazel.lock` files. Adds `--lockfile_mode=error` to the top level `.bazelrc`, and adds `--lockfile_mode=update` where necessary to ensure tests don't break. Also: - Bumps `rules_go` to 0.58.2, which resolves bazel-contrib/rules_go#4480, and removes the temporary `git_override`. - Bumps Go to 1.25.3 in `WORKSPACE` (missed in bazel-contrib#1778). - Updates the `.bazelversion` files in nested repos to match the top-level `.bazelversion` file (missed in bazel-contrib#1778). - Removes unnecessary `scala_deps.scala()` tags from the `dt_patches/test_dt_patches{,_user_srcjar}` and `test/compiler_sources_integrity` modules. This makes the resulting `MODULE.bazel.lock` files for the latter two modules much smaller. - Removes `bazel shutdown` commands to speed up several tests, notably `dt_patches/dt_patch_test.sh` and `test/shell/test_examples.sh`. Running ```txt $ git diff --stat HEAD^ ':!:**.bazelversion' ':!:**MODULE.bazel.lock' .bazelci/presubmit.yml | 5 +++++ .bazelrc | 5 +++++ .bcr/presubmit.yml | 4 ++++ .gitignore | 5 ++--- MODULE.bazel | 13 ++----------- WORKSPACE | 8 ++++---- dt_patches/dt_patch_test.sh | 5 ++++- dt_patches/test_dt_patches/.bazelrc | 3 +++ dt_patches/test_dt_patches/MODULE.bazel | 1 - dt_patches/test_dt_patches_user_srcjar/.bazelrc | 3 +++ dt_patches/test_dt_patches_user_srcjar/MODULE.bazel | 1 - dt_patches/test_dt_patches_user_srcjar/extensions.bzl | 4 +++- scala/extensions/config.bzl | 1 + scala/extensions/deps.bzl | 22 ++++++++++++++++++---- scala/extensions/protoc.bzl | 3 +++ scala/private/extensions/dev_deps.bzl | 1 + test/compiler_sources_integrity/.bazelrc | 4 ++++ test/compiler_sources_integrity/MODULE.bazel | 1 - test/shell/test_examples.sh | 6 +++++- test_version.sh | 4 +++- 20 files changed, 70 insertions(+), 29 deletions(-) ``` --- At @jayconrod's suggestion, it seems worth revisiting the `MODULE.bazel.lock` mechanism. The format appears to have stabilized (especially in newer Bazels), and it seems explicitly marking extensions as reproducible helps shrink lock files dramatically. While I've yet to notice (or measure) performance benefits, the stability and security benefits appear worth the effort. Before marking `scala_deps` as reproducible, the `MODULE.bazel.lock` file was 30892 lines long. This dramatic effect on our own lock file suggests that this change will potentially help consumers maintain smaller lock files as well. The only time any of the extensions are nonreproducible is when a `scala_deps.compiler_srcjar` tag contains no `label`, `sha256`, or `integrity` attribute. This should prove so limited a case as to be nonexistent in practice. Even so, the extension makes sure to indicate that it's _not_ reproducible in that case. Diffing `dt_patches/test_dt_patches{,_user_srcjar}/MODULE.bazel.lock` shows what happens when a `compiler_srcjar` tag lacks those attributes. Finally, `--lockfile_mode=error` is useful to detect lock file updates when building with the default `.bazelversion`. However, running tests with newer versions of Bazel in this mode will break. The `.bazelrc` line introducing the `--lockfile_mode` flag has a comment suggesting that users comment it out when testing other Bazel versions.
mbland
added a commit
to mbland/rules_scala
that referenced
this pull request
Oct 27, 2025
Returns `module_ctx.extension_metadata(reproducible = True)` from module extensions and checks in `MODULE.bazel.lock` files. Adds `--lockfile_mode=error` to the top level `.bazelrc`, and adds `--lockfile_mode=update` where necessary to ensure tests don't break. Also: - Bumps `rules_go` to 0.58.2, which resolves bazel-contrib/rules_go#4480, and removes the temporary `git_override`. - Bumps Go to 1.25.3 in `WORKSPACE` (missed in bazel-contrib#1778). - Updates the `.bazelversion` files in nested repos to match the top-level `.bazelversion` file (missed in bazel-contrib#1778). - Removes unnecessary `scala_deps.scala()` tags from the `dt_patches/test_dt_patches{,_user_srcjar}` and `test/compiler_sources_integrity` modules. This makes the resulting `MODULE.bazel.lock` files for the latter two modules much smaller. - Removes `bazel shutdown` commands to speed up several tests, notably `dt_patches/dt_patch_test.sh` and `test/shell/test_examples.sh`. The following `git diff --stat` output reveals the most substantial changes in this commit: ```txt $ git diff --stat HEAD^ ':!:**.bazelversion' ':!:**MODULE.bazel.lock' .bazelci/presubmit.yml | 5 +++++ .bazelrc | 5 +++++ .bcr/presubmit.yml | 4 ++++ .gitignore | 5 ++--- MODULE.bazel | 13 ++----------- WORKSPACE | 8 ++++---- dt_patches/dt_patch_test.sh | 5 ++++- dt_patches/test_dt_patches/.bazelrc | 3 +++ dt_patches/test_dt_patches/MODULE.bazel | 1 - dt_patches/test_dt_patches_user_srcjar/.bazelrc | 3 +++ dt_patches/test_dt_patches_user_srcjar/MODULE.bazel | 1 - dt_patches/test_dt_patches_user_srcjar/extensions.bzl | 4 +++- scala/extensions/config.bzl | 1 + scala/extensions/deps.bzl | 22 ++++++++++++++++++---- scala/extensions/protoc.bzl | 3 +++ scala/private/extensions/dev_deps.bzl | 1 + test/compiler_sources_integrity/.bazelrc | 4 ++++ test/compiler_sources_integrity/MODULE.bazel | 1 - test/shell/test_examples.sh | 6 +++++- test_version.sh | 4 +++- 20 files changed, 70 insertions(+), 29 deletions(-) ``` --- At @jayconrod's suggestion, it seems worth revisiting the `MODULE.bazel.lock` mechanism. The format appears to have stabilized (especially in newer Bazels), and it seems explicitly marking extensions as reproducible helps shrink lock files dramatically. While I've yet to notice (or measure) performance benefits, the stability and security benefits appear worth the effort. Before marking `scala_deps` as reproducible, the `MODULE.bazel.lock` file was 30892 lines long. This dramatic effect on our own lock file suggests that this change will potentially help consumers maintain smaller lock files as well. The only time any of the extensions are nonreproducible is when a `scala_deps.compiler_srcjar` tag contains no `label`, `sha256`, or `integrity` attribute. This should prove so limited a case as to be nonexistent in practice. Even so, the extension makes sure to indicate that it's _not_ reproducible in that case. Diffing `dt_patches/test_dt_patches{,_user_srcjar}/MODULE.bazel.lock` shows what happens when a `compiler_srcjar` tag lacks those attributes. Finally, `--lockfile_mode=error` is useful to detect lock file updates when building with the default `.bazelversion`. However, running tests with newer versions of Bazel in this mode will break. The `.bazelrc` line introducing the `--lockfile_mode` flag has a comment suggesting that users comment it out when testing other Bazel versions.
mbland
added a commit
to mbland/rules_scala
that referenced
this pull request
Oct 27, 2025
Updates `rules_go` to 0.58.2 per bazel-contrib/rules_go#4480, and removes the temporary `git_override`. Updates Go to 1.25.3 in `WORKSPACE` and updates the `.bazelversion` files in nested repos to match the top-level `.bazelversion` file Also bumps the module version in `MODULE.bazel` to 7.1.4 in advance of the next release. --- The `WORKSPACE` and `.bazelversion` updates should've been in bazel-contrib#1778, but I missed including them. These changes only could've affected local testing, but I've confirmed all tests still pass in both Bzlmod and legacy `WORKSPACE` modes. Bumped the `MODULE.bazel` version number to indicate that changes from this point will be part of the next release.
mbland
added a commit
to mbland/rules_scala
that referenced
this pull request
Oct 27, 2025
Updates `rules_go` to 0.58.2 per bazel-contrib/rules_go#4480, and removes the temporary `git_override`. Updates Go to 1.25.3 in `WORKSPACE`. Also bumps the module version in `MODULE.bazel` to 7.1.4 in advance of the next release. --- The Go version update in `WORKSPACE` should've been in bazel-contrib#1778, but I missed including it. `rules_go` is a dev dep only required for linting, so the impact of this oversight was minimal, but still worth correcting. Bumped the `MODULE.bazel` version number to indicate that changes from this point will be part of the next release.
mbland
added a commit
to mbland/rules_scala
that referenced
this pull request
Oct 27, 2025
Replaces all nested `.bazelversion` files with symbolic links to the
top-level `.bazelversion` file. Removes `scripts/sync-bazelversion.sh`.
Also removes `dt_patches/compiler_sources/.bazel{rc,version}` since
they're not required by any tests.
---
I missed updating the `.bazelversion` files in bazel-contrib#1778 because I forgot to
run `scripts/sync-bazelversion.sh`. I'd added this script previously to
avoid creating symlinks that might break Windows users that don't have
symlinks enabled. At the same time, `.bazelversion` doesn't have an
`import ../.bazelversion` directive like `.bazelrc` does.
However, it seems Windows has supported symlinks for a while, and users
shouldn't have any trouble enabling them on their workstations. We also
already use them for `protobuf.patch` files throughout the nested repos.
So it's time to use symlinks for `.bazelversion` files as well, to
ensure these files don't fall out of sync again.
mbland
added a commit
that referenced
this pull request
Oct 27, 2025
Updates `rules_go` to 0.58.2 per bazel-contrib/rules_go#4480, and removes the temporary `git_override`. Updates Go to 1.25.3 in `WORKSPACE`. Also bumps the module version in `MODULE.bazel` to 7.1.4 in advance of the next release. --- The Go version update in `WORKSPACE` should've been in #1778, but I missed including it. `rules_go` is a dev dep only required for linting, so the impact of this oversight was minimal, but still worth correcting. Bumped the `MODULE.bazel` version number to indicate that changes from this point will be part of the next release.
mbland
added a commit
to mbland/rules_scala
that referenced
this pull request
Oct 27, 2025
Replaces all nested `.bazelversion` files with symbolic links to the
top-level `.bazelversion` file. Removes `scripts/sync-bazelversion.sh`.
Also removes `dt_patches/compiler_sources/.bazel{rc,version}` since
they're not required by any tests.
---
I missed updating the `.bazelversion` files in bazel-contrib#1778 because I forgot to
run `scripts/sync-bazelversion.sh`. I'd added this script previously to
avoid creating symlinks that might break Windows users that don't have
symlinks enabled. At the same time, `.bazelversion` doesn't have an
`import ../.bazelversion` directive like `.bazelrc` does.
However, it seems Windows has supported symlinks for a while, and users
shouldn't have any trouble enabling them on their workstations. We also
already use them for `protobuf.patch` files throughout the nested repos.
So it's time to use symlinks for `.bazelversion` files as well, to
ensure these files don't fall out of sync again.
mbland
added a commit
to mbland/rules_scala
that referenced
this pull request
Oct 27, 2025
Replaces all nested `.bazelversion` files with symbolic links to the
top-level `.bazelversion` file. Removes `scripts/sync-bazelversion.sh`.
Also removes `dt_patches/compiler_sources/.bazel{rc,version}` since
they're not required by any tests.
---
I missed updating the `.bazelversion` files in bazel-contrib#1778 because I forgot to
run `scripts/sync-bazelversion.sh`. I'd added this script previously to
avoid creating symlinks that might break Windows users that don't have
symlinks enabled. At the same time, `.bazelversion` doesn't have an
`import ../.bazelversion` directive like `.bazelrc` does.
However, it seems Windows has supported symlinks for a while, and users
shouldn't have any trouble enabling them on their workstations. We also
already use them for `protobuf.patch` files throughout the nested repos.
So it's time to use symlinks for `.bazelversion` files as well, to
ensure these files don't fall out of sync again.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Updates the following Bazel dependency versions:
.bazelversion: 7.6.1 => 7.6.2bazel_skylib: 1.8.1 => 1.8.2golang.org/x/tools: 0.37.0 => 0.38.0protobuf: v32.1 => v33.0//:protocfrom language runtimes protocolbuffers/protobuf#19679, so we keep patching.rules_cc: 0.2.8 => 0.2.10rules_go: 0.57.0 => bazel-contrib/rules_go@74199c92Factsfromlast_greenBazel does not have a.clear()method rules_go#4480.rules_java: 8.15.2 => 8.16.1WORKSPACEfiles to invokebazel_features_depsbeforerules_java_dependencies, required sincerules_java8.16.0.bazel_features1.37.0 torules_scala_dependenciesfromlatest_deps.bzlas an explicit dependency to enable the dependency setup macro reordering.rules_python: 1.6.1 => 1.6.3Updates the following Maven artifact versions, with
scripts/create_repository.pyhaving generated the changes tothird_party/repositories/scala_*.bzl:com.google.api.grpc:proto-google-common-protos: 2.61.1 => 2.62.0com.google.guava:guava: 33.4.8-jre => 33.5.0-jrecom.google.protobuf:protobuf-java: 4.32.1 => 4.33.0com.thesamet.scalapb:scalapb-runtime_*: 1.0.0-alpha.2 =>1.0.0-alpha.3
io.grpc:grpc-api: 1.75.0 => 1.76.0org.scala-lang.modules:scala-parser-combinators_*: 1.1.2 => 2.4.0scripts/create_repository.pyto keep the Scala 2.11 version ofscala-parser-combinatorsat version 1.1.2org.scala-sbt:compiler-interface: 1.10.1 => 1.11.0org.scala-sbt:util-interface: 1.11.6 => 1.11.7org.scalameta:scalafmt-*: 3.9.9 => 3.10.1versionin all the**.scalafmt*.conffiles to match.org.typelevel:kind-projector_*: 0.13.3 => 0.13.4Motivation
This is in preparation for releasing v7.1.3, which will also contain the Scala 3.3.7 update from #1777.