I try to write a simple sbt plugin which is using jsch. Due to the security reasons (ecdsa) my requirement is to use jsch in 0.1.53. I have declared the dependency in my build.sbt file:
libraryDependencies += "com.jcraft" % "jsch" % "0.1.53"
Unfortunately org.scala-sbt:ivy 2.3.0 introduces dependency on 0.1.46. SBT says that there was an eviction of the older version though in the runtime when using my plugin I can see that it's still running against 0.1.46 jsch.
[info] com.jcraft:jsch
[info] - 0.1.46
[info] status: release
[info] publicationDate: Thu Feb 02 13:39:27 CET 2012
[info] resolver: sbt-chain
[info] artifactResolver: sbt-chain
[info] evicted: true
[info] evictedData: latest-revision
[info] homepage: http://www.jcraft.com/jsch/
[info] isDefault: false
[info] configurations: default, compile, runtime, default(compile), master
[info] licenses: (Revised BSD,Some(http://www.jcraft.com/jsch/LICENSE.txt))
[info] callers: org.scala-sbt:ivy:0.13.11
[info] - 0.1.53
[info] status: release
[info] publicationDate: Fri Jun 05 17:32:00 CEST 2015
[info] resolver: sbt-chain
[info] artifactResolver: sbt-chain
[info] evicted: false
[info] homepage: http://www.jcraft.com/jsch/
[info] isDefault: false
[info] configurations: default, compile, runtime, default(compile), master
[info] licenses: (Revised BSD,Some(http://www.jcraft.com/jsch/LICENSE.txt))
[info] callers: com.evojam:sbt-ssh:0.1.1-SNAPSHOT (scalaVersion=2.10, sbtVersion=0.13), org.scala-sbt:ivy:0.13.11
I use sbt in version 0.13.11.
I have added my plugin to the test project. When running my sbt task I get clear log message: [info] Local version string: SSH-2.0-JSCH-0.1.46 and an error about unsupported algorithm which leads me to the conclusion that my version of jsch has been overridden somehow.
The question is how to deal with library eviction when writing sbt plugin?
