Skip to content

Update tracked third-party dependency versions#1434

Merged
labkey-martyp merged 2 commits into
release26.7-SNAPSHOTfrom
26.7_fb_dep_updates_06_2026
Jul 3, 2026
Merged

Update tracked third-party dependency versions#1434
labkey-martyp merged 2 commits into
release26.7-SNAPSHOTfrom
26.7_fb_dep_updates_06_2026

Conversation

@labkey-martyp

Copy link
Copy Markdown
Contributor

Rationale

Routine upkeep of the third-party dependency versions catalogued in the Core Infrastructure "Upgrade Dependencies" doc, keeping us current for security and bug fixes. Scope is limited to doc-tracked dependencies with clean, low-risk upgrades; forced-for-consistency transitives and caveated upgrades were deliberately excluded and left for separate, individually-tested changes.

Related Pull Requests

Changes

  • Bump 14 doc-tracked dependency versions in gradle.properties: apacheDirectory 2.1.7→2.1.8, apacheMina 2.2.7→2.2.9, azureIdentity 1.18.3→1.18.4, commonmark 0.28.0→0.29.0, commonsLogging 1.3.6→1.4.0, datadog 1.62.0→1.63.2, googleErrorProneAnnotations 2.49.0→2.50.0, googleHttpClient 2.1.0→2.1.1, grpc 1.81.0→1.82.1, httpcore5 5.4.2→5.4.3, jaxb 4.0.8→4.0.9, lucene 10.4.0→10.5.0, postgresqlDriver 42.7.11→42.7.12, sqliteJdbc 3.53.1.0→3.53.2.0.

Bump the dependency versions tracked in the Core Infrastructure upgrade doc to their latest releases: apacheDirectory 2.1.8, apacheMina 2.2.9, azureIdentity 1.18.4, commonmark 0.29.0, commonsLogging 1.4.0, datadog 1.63.2, googleErrorProneAnnotations 2.50.0, googleHttpClient 2.1.1, grpc 1.82.1, httpcore5 5.4.3, jaxb 4.0.9, lucene 10.5.0, postgresqlDriver 42.7.12, and sqliteJdbc 3.53.2.0.

Scope limited to doc-tracked dependencies; forced-for-consistency transitives and caveated upgrades (httpclient5/RStudio, xmlbeans/Issue 505, protobuf/TargetedMS) are excluded.
@labkey-adam

Copy link
Copy Markdown
Contributor

Looks like the (newly added) Spring AI pgvector-store dependency brings in the previous version of the PG JDBC driver, causing a dependency conflict. Probably easiest to force the version in the root build.grade.

…ore conflict

The professional module's new spring-ai-pgvector-store dependency transitively brings in org.postgresql:postgresql at Spring AI's managed version (42.7.11), which diverged from the bumped postgresqlDriverVersion (42.7.12) and tripped the VerifyDependencies discrepancy check. Force the driver to our tracked version in the root resolutionStrategy so future bumps stay aligned automatically.
@labkey-martyp labkey-martyp merged commit 68602de into release26.7-SNAPSHOT Jul 3, 2026
7 of 8 checks passed
@labkey-martyp labkey-martyp deleted the 26.7_fb_dep_updates_06_2026 branch July 3, 2026 19:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants