Skip to content

MLE-24504 Bumping all dependencies #1826

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 30, 2025
Merged

MLE-24504 Bumping all dependencies #1826

merged 1 commit into from
Sep 30, 2025

Conversation

rjrudin
Copy link
Contributor

@rjrudin rjrudin commented Sep 30, 2025

Should make Black Duck happy as well.

Not touching the Jakarta APIs yet, going to take care of that in a follow up PR as that needs more testing.

@Copilot Copilot AI review requested due to automatic review settings September 30, 2025 14:59
@github-actions GitHub Actions
Copy link

github-actions bot commented Sep 30, 2025
edited
Loading

Copyright Validation Results
Total: 8 | Passed: 0 | Failed: 0 | Skipped: 8 | at: 2025-09-30 15:32:48 UTC | commit: 65fd987

⏭️ Skipped (Excluded) Files

  • .copyrightconfig
  • CONTRIBUTING.md
  • examples/build.gradle
  • gradle.properties
  • marklogic-client-api-functionaltests/build.gradle
  • marklogic-client-api/build.gradle
  • ml-development-tools/build.gradle
  • test-app/build.gradle

✅ All files have valid copyright headers!

Copilot
Copilot AI reviewed Sep 30, 2025
View reviewed changes
Copy link

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR updates all dependencies across the project to their latest versions to address security concerns and keep Black Duck scanning happy. The changes focus on dependency version bumps without touching Jakarta APIs.

  • Updated multiple libraries including okhttp, logback, commons-lang3, and various testing dependencies
  • Centralized okhttp version management by introducing a version property
  • Updated copyright notice and Java version requirements in documentation

Reviewed Changes

Copilot reviewed 8 out of 8 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
test-app/build.gradle Updated ml-gradle plugin, undertow, logback, and okhttp dependencies
ml-development-tools/build.gradle Standardized okhttp version using property
marklogic-client-api/build.gradle Updated multiple dependencies and copyright notice
marklogic-client-api-functionaltests/build.gradle Updated commons-io, okhttp, commons-lang3, and other test dependencies
gradle.properties Added centralized okhttp version property
examples/build.gradle Updated okhttp, gson, opencsv, and commons-lang3 dependencies
CONTRIBUTING.md Simplified Java version requirements to Java 17 only
.copyrightconfig Added test resources exclusion pattern

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

examples/build.gradle Outdated
api 'org.jdom:jdom2:2.0.6.1'
api 'org.dom4j:dom4j:2.1.4'
api 'com.google.code.gson:gson:2.10.1'
api 'com.google.code.gson:gson:2.10.4'
Copy link
Preview

Copilot AI Sep 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The gson version (2.10.4) in examples/build.gradle differs from the version (2.13.2) in marklogic-client-api/build.gradle. Consider using a centralized version property like okhttpVersion to maintain consistency across modules.

Suggested change
api 'com.google.code.gson:gson:2.10.4'
api "com.google.code.gson:gson:${gsonVersion}"

Copilot uses AI. Check for mistakes.

examples/build.gradle Outdated
api "com.fasterxml.jackson.core:jackson-databind:${jacksonVersion}"

api 'org.jdom:jdom2:2.0.6.1'
api 'org.dom4j:dom4j:2.1.4'
Copy link
Preview

Copilot AI Sep 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The dom4j version (2.1.4) in examples/build.gradle differs from the version (2.2.0) in marklogic-client-api/build.gradle. Consider using a centralized version property to maintain consistency across modules.

Copilot uses AI. Check for mistakes.

BillFarber
BillFarber previously approved these changes Sep 30, 2025
View reviewed changes
@rjrudin
MLE-24504 Bumping all dependencies
65fd987 
Should make Black Duck happy as well.

Not touching the Jakarta APIs yet, going to take care of that in a follow up PR as that needs more testing.
@rjrudin rjrudin force-pushed the feature/bump-dependencies branch from 550ffd0 to 65fd987 Compare September 30, 2025 15:32
@rjrudin rjrudin merged commit 5eaa965 into develop Sep 30, 2025
2 of 3 checks passed
@rjrudin rjrudin deleted the feature/bump-dependencies branch September 30, 2025 15:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@BillFarber BillFarber BillFarber left review comments

@anu3990 anu3990 Awaiting requested review from anu3990 anu3990 is a code owner

@stevebio stevebio Awaiting requested review from stevebio stevebio is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@rjrudin @BillFarber