Update tracked third-party dependency versions#1434
Merged
Conversation
Bump the dependency versions tracked in the Core Infrastructure upgrade doc to their latest releases: apacheDirectory 2.1.8, apacheMina 2.2.9, azureIdentity 1.18.4, commonmark 0.29.0, commonsLogging 1.4.0, datadog 1.63.2, googleErrorProneAnnotations 2.50.0, googleHttpClient 2.1.1, grpc 1.82.1, httpcore5 5.4.3, jaxb 4.0.9, lucene 10.5.0, postgresqlDriver 42.7.12, and sqliteJdbc 3.53.2.0. Scope limited to doc-tracked dependencies; forced-for-consistency transitives and caveated upgrades (httpclient5/RStudio, xmlbeans/Issue 505, protobuf/TargetedMS) are excluded.
Contributor
|
Looks like the (newly added) Spring AI pgvector-store dependency brings in the previous version of the PG JDBC driver, causing a dependency conflict. Probably easiest to force the version in the root build.grade. |
…ore conflict The professional module's new spring-ai-pgvector-store dependency transitively brings in org.postgresql:postgresql at Spring AI's managed version (42.7.11), which diverged from the bumped postgresqlDriverVersion (42.7.12) and tripped the VerifyDependencies discrepancy check. Force the driver to our tracked version in the root resolutionStrategy so future bumps stay aligned automatically.
labkey-adam
approved these changes
Jul 3, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Rationale
Routine upkeep of the third-party dependency versions catalogued in the Core Infrastructure "Upgrade Dependencies" doc, keeping us current for security and bug fixes. Scope is limited to doc-tracked dependencies with clean, low-risk upgrades; forced-for-consistency transitives and caveated upgrades were deliberately excluded and left for separate, individually-tested changes.
Related Pull Requests
Changes
gradle.properties: apacheDirectory 2.1.7→2.1.8, apacheMina 2.2.7→2.2.9, azureIdentity 1.18.3→1.18.4, commonmark 0.28.0→0.29.0, commonsLogging 1.3.6→1.4.0, datadog 1.62.0→1.63.2, googleErrorProneAnnotations 2.49.0→2.50.0, googleHttpClient 2.1.0→2.1.1, grpc 1.81.0→1.82.1, httpcore5 5.4.2→5.4.3, jaxb 4.0.8→4.0.9, lucene 10.4.0→10.5.0, postgresqlDriver 42.7.11→42.7.12, sqliteJdbc 3.53.1.0→3.53.2.0.