Skip to content

Bulk branch_10x dependency upgrades (loose backport)#4571

Merged
janhoy merged 1 commit into
apache:branch_10xfrom
janhoy:backport-deps-2026-06-28-to-10x
Jun 30, 2026
Merged

Bulk branch_10x dependency upgrades (loose backport)#4571
janhoy merged 1 commit into
apache:branch_10xfrom
janhoy:backport-deps-2026-06-28-to-10x

Conversation

@janhoy

@janhoy janhoy commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

Backport dependency upgrades from main (#4566) to branch_10x

Backports the relevant, non-UI dependency upgrades from the bulk upgrade #4566 (Renovate batch 2026-06-28) onto branch_10x, with regenerated Gradle lockfiles and license checksums.

Upgraded dependencies

  • apache-opennlp: 2.5.9 → 2.5.10
  • codehaus-woodstox (stax2-api): 4.2.2 → 4.3.0
  • commons-codec: 1.21.0 → 1.22.0
  • commons-io: 2.21.0 → 2.22.0
  • cuvs-java: 25.10.0 → 26.06.0
  • cuvs-lucene: 25.10.0 → 25.12.0
  • dropwizard-metrics: 4.2.38 → 4.2.39
  • fasterxml-jackson: 2.21.2 → 2.22.0
  • fasterxml-woodstox: 7.0.0 → 7.2.1
  • google-autovalue: 1.11.0 → 1.11.1
  • google-cloud-bom: 0.261.0 → 0.265.0
  • google-gson: 2.13.1 → 2.14.0
  • google-protobuf: 4.34.1 → 4.35.1
  • grpc: 1.80.0 → 1.82.0
  • hk2: 3.1.1 → 4.0.1
  • ibm-icu (icu4j): 77.1 → 78.3
  • immutables-valueannotations: 2.12.1 → 2.12.2
  • jakarta-ws-rs-api: 3.1.0 → 4.0.0
  • jaxb: 2.3.9 → 4.0.9
  • jayway-jsonpath: 2.9.0 → 3.0.0
  • jctools: 4.0.5 → 4.0.6
  • jna: 5.18.1 → 5.19.1
  • joda-time: 2.14.0 → 2.14.2
  • langchain4j-bom: 1.9.1 → 1.16.3
  • logchange: 1.19.13 → 1.19.15
  • netty-tcnative: 2.0.77.Final → 2.0.79.Final
  • nimbus-jose-jwt: 10.5 → 10.9.1
  • openapi-generator: 7.20.0 → 7.23.0
  • oshai-kotlin-logging: 8.0.01 → 8.0.4
  • ow2-asm: 9.8 → 9.10.1
  • swagger3: 2.2.22 → 2.2.52
  • testcontainers: 2.0.3 → 2.0.5
  • threeten-bp: 1.7.2 → 1.7.3

Also carries over the solr/api/build.gradle fix from #4566 (apply java-library before the swagger-gradle-plugin), which is required by the swagger3 2.2.52 bump.

Why not everything from #4566 was backported

#4566 was authored against main, which is several versions ahead of
branch_10x on the Compose/Kotlin UI toolchain. The following upgrades from
#4566 were intentionally left out, keeping branch_10x on its current, tested versions:

  • kotlin (2.2.0 here vs 2.4.0 on main), kotlinx-coroutines,
    kotlinx-datetime, kotlinx-atomicfu
  • compose (1.8.2 vs 1.11.1), decompose, mvikotlin,
    nlopez-compose (ktlint rules), and the grouped Admin UI libraries
  • ktor (3.2.2 vs 3.5.0)
  • squareup-okhttp3 (4.12.0 vs 5.4.0 — a major bump) and squareup-okio
  • androidx-adaptive / androidx-navigation3 — these keys don't even
    exist on branch_10x

On main these rode on top of a baseline that already had a newer toolchain
(e.g. ktlint 1.8.0, kotlinx-browser/serialization bumps) that is not part of
#4566 itself. Backporting the Kotlin/Compose bumps to branch_10x would mean a
multi-version leap of the entire UI stack plus pulling in those supporting
toolchain bumps just to keep the build consistent (kotlin 2.4.0 is incompatible
with the ktlint 1.7.1 on this branch). That's too large and risky a change for a
release branch, so the UI/Kotlin stack is frozen here and can be backported
separately if desired.

Build & verification

  • gradle/libs.versions.toml updated for the 33 upgrades above only.
  • All Gradle lockfiles regenerated via resolveAndLockAll --write-locks
    (the resolved graph on branch_10x differs from main — e.g. okhttp stays at
    4.12.0 with okhttp-jvm 5.2.x/5.3.x transitives, not 5.4.0).
  • Changelog entries verified for each upgraded dependency (de-duplicated to the
    final version per dependency).
  • ./gradlew check -x test passes, including validateJarChecksums.

@janhoy janhoy requested a review from dsmiley June 30, 2026 11:16
@janhoy janhoy changed the title branch_10x dependency upgrades Bulk branch_10x dependency upgrades (loose backport) Jun 30, 2026
@janhoy janhoy merged commit f2a0dec into apache:branch_10x Jun 30, 2026
5 of 7 checks passed
@janhoy janhoy deleted the backport-deps-2026-06-28-to-10x branch June 30, 2026 11:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant