Regression in 0.6.1 when using private artifact repository

[pronovic]

I use a private artifact repository (Artifactory), which requires authentication. Credentials are configured like usual in ~/.sbt/1.0/credentials.sbt:

credentials += Credentials(Path.userHome / ".sbt" / "credentials")

Then, ~/.sbt/credentials contains the actual credentials:

realm=Artifactory Realm
host=my.jfrog.io
user=myusername
password=mypassword

Version 0.6.0 of the plugin works with this configuration - dependency updates are found as expected. When I upgrade to 0.6.1, it no longer works - no dependency updates are found.

Running with -debug shows one significant difference, which is that dependencies are downloaded anonymously in 0.6.1:

[debug] Downloading https://my.jfrog.io/artifactory/maven-releases-sbt/com/typesafe/akka/akka-testkit_2.12/ anonymously

Where in 0.6.0 they are downloaded as my authenticated user:

[debug] Downloading https://my.jfrog.io/artifactory/maven-releases-sbt/com/typesafe/akka/akka-testkit_2.12/ as myuser

It seems like maybe the download is failing because it's not authenticated, and then the analysis silently fails and says that there are no updates available.

We've looked at the differences between 0.6.0 and 0.6.1, and it seems like this might be related to PR #276, since that seems to adjust the way repository credentials are managed.

[pronovic]

I should also note that I have tested this in repositories using SBT 1.4.6 and also 1.6.1.

[ckipp01]

Also noting that the same thing seems to be happening with Sonatype OSS when self hosted.

[rtimush]

Should be fixed in 0.6.2, thank you for reporting!

[pronovic]

@rtimush I can confirm that 0.6.2 fixes the regression I observed in 0.6.1. Thanks for the help!