MLE-24529 - Upgrades Java and Spring versions (based on Copilot's suggestion) #225
Conversation
There was a problem hiding this comment.
Copilot wasn't able to review any files in this pull request.
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
|
Copyright Validation Results ⏭️ Skipped (Excluded) Files
✅ All files have valid copyright headers! |
BillFarber
changed the title
| if (details.requested.group == 'org.apache.commons' && details.requested.name == 'commons-lang3') { | ||
| details.useVersion '3.18.0' | ||
| } | ||
| if (details.requested.group == 'org.springframework') { |
There was a problem hiding this comment.
The problem with this is the reader has no idea what's bringing in Spring. We only have one problem - which is that marklogic-junit5 is bring in Spring 5. So it's better to make that problem explicit by modifying the marklogic-junit5 dependency until it's been bumped up to use Spring 6.
| // (https://www.cve.org/CVERecord?id=CVE-2025-48924), without also | ||
| // upgrading ml-app-deployer to 6.0.0, which we are not ready to do yet. | ||
| force 'org.apache.commons:commons-lang3:3.18.0' | ||
| eachDependency { DependencyResolveDetails details -> |
There was a problem hiding this comment.
You can hopefully get rid of these once you've upgraded to Kafka 4. Per the comment on the commons-lang3 one - that was due to an older version of ml-app-deployer, so it's likely that that "force" can be removed. Note as well, we never want to have these "useVersion" blocks in here without a corresponding details.because to document why we're forcing a version.
NOTE - This PR is an either/or with PR #226. I'll wait to see comments to decide which one to use.
Upgrades Java to version 17 and Spring to version 6.
This change upgrades the Java source and target compatibility to version 17, and enforces Spring 6 dependencies to address potential CVEs.