Bulk dependency upgrade 2026-06-28#4566
Conversation
dsmiley
left a comment
There was a problem hiding this comment.
I think these machine generated version bump changelog entries is noise that nobody will care about.
Non-machine-generated upgrades (e.g. that take some care/effort), on the other hand, are more useful.
| @@ -0,0 +1,7 @@ | |||
| title: Update swagger3 | |||
There was a problem hiding this comment.
Renovate is weak in specifying version in pr title sometimes. Check toml file. These commit messages will be squashed anyway. Will probably make a squash commit message with one line per dep.
|
@janhoy this is very cool (and ignore my comment on another PR about renovatebot and grouping upgrades), because this is totally what I was asking for. One side effect of doing a bulk upgrade like this is that it might then be a good chance to recheck all our VEX statements. I assume you used some prompts and AI to drive this process? I could imagine a prompt that was "Please look at all the changes in pr 4566 and compare the dependency updates with our |
|
I used the prompt in #4311 |
# Conflicts: # solr/core/gradle.lockfile # solr/solrj-zookeeper/gradle.lockfile # solr/test-framework/gradle.lockfile
This is an interesiting policy discussion which we shouild have on dev@ . It is definitely noisy to say foo upgraded from 1.2.1 to 1.2.2. It's ultimately the call of RM, but would be nice to make his/her job as easy and scripted as possible. |
Backports the non-UI dependency upgrades from the bulk upgrade #4566: - apache-opennlp: 2.5.9 -> 2.5.10 - codehaus-woodstox (stax2-api): 4.2.2 -> 4.3.0 - commons-codec: 1.21.0 -> 1.22.0 - commons-io: 2.21.0 -> 2.22.0 - cuvs-java: 25.10.0 -> 26.06.0 - cuvs-lucene: 25.10.0 -> 25.12.0 - dropwizard-metrics: 4.2.38 -> 4.2.39 - fasterxml-jackson: 2.21.2 -> 2.22.0 - fasterxml-woodstox: 7.0.0 -> 7.2.1 - google-autovalue: 1.11.0 -> 1.11.1 - google-cloud-bom: 0.261.0 -> 0.265.0 - google-gson: 2.13.1 -> 2.14.0 - google-protobuf: 4.34.1 -> 4.35.1 - grpc: 1.80.0 -> 1.82.0 - hk2: 3.1.1 -> 4.0.1 - ibm-icu (icu4j): 77.1 -> 78.3 - immutables-valueannotations: 2.12.1 -> 2.12.2 - jakarta-ws-rs-api: 3.1.0 -> 4.0.0 - jaxb: 2.3.9 -> 4.0.9 - jayway-jsonpath: 2.9.0 -> 3.0.0 - jctools: 4.0.5 -> 4.0.6 - jna: 5.18.1 -> 5.19.1 - joda-time: 2.14.0 -> 2.14.2 - langchain4j-bom: 1.9.1 -> 1.16.3 - logchange: 1.19.13 -> 1.19.15 - netty-tcnative: 2.0.77.Final -> 2.0.79.Final - nimbus-jose-jwt: 10.5 -> 10.9.1 - openapi-generator: 7.20.0 -> 7.23.0 - oshai-kotlin-logging: 8.0.01 -> 8.0.4 - ow2-asm: 9.8 -> 9.10.1 - swagger3: 2.2.22 -> 2.2.52 - testcontainers: 2.0.3 -> 2.0.5 - threeten-bp: 1.7.2 -> 1.7.3
Dependency upgrades — main branch (2026-06-28)
This branch combines solrbot dependency upgrade PRs that had all CI checks passing on
mainas of 2026-06-28.Lockfiles were regenerated, license checksums updated, version-compatibility issues reviewed, and the full test suite verified locally (
./gradlew test— BUILD SUCCESSFUL, 0 failures across all 24 module test tasks).Notes
(
javax→jakarta), cuvs-java v26, json-path v3, jakarta.ws.rs-api v4, hk2 v4, icu4j v78,kotlin 2.4, okhttp v5.
resolvetask at apply-time(needs the Java
sourceSets), sosolr/api/build.gradlewas changed to applyjava-librarybefore the swagger Gradle plugin.
depends only on
metrics-core(no Jetty transitive), so nojetty-*:12.1.xis pulled onto theclasspath; Jetty remains 12.0.34.
skipped because their
(major)variants (Update dependency com.nvidia.cuvs:cuvs-java to v26 - autoclosed #4133, Update dependency com.jayway.jsonpath:json-path to v3 - autoclosed #4353) merged successfully.Successfully merged PRs
com.squareup.okhttp3:okhttp5.4.0org.apache.opennlp2.5.10io.grpc:grpc1.82.0net.java.dev.jna:jna5.19.1com.google.cloud:google-cloud-bom0.265.0io.dropwizard.metrics:metrics-core4.2.39org.immutables:value-annotations2.12.2org.jetbrains.kotlinx:kotlinx-coroutines1.11.0org.jetbrains.kotlinx:kotlinx-datetime0.8.0-0.6.x-compatorg.threeten:threetenbp1.7.3org.jetbrains.androidx.navigation3:navigation3-ui1.1.1io.github.oshai:kotlin-logging8.0.4com.fasterxml.jackson:jackson-bom2.22.0org.openapi.generator7.23.0io.nlopez.compose.rules:ktlint0.6.2org.glassfish.hk2:hk24.0.1com.google.protobuf:protobuf-java4.35.1org.testcontainers:testcontainers2.0.5org.jctools:jctools-core4.0.6joda-time:joda-time2.14.2com.jayway.jsonpath:json-path3.0.0org.codehaus.woodstox:stax2-api4.3.0commons-io:commons-io2.22.0commons-codec:commons-codec1.22.0com.squareup.okio:okio3.17.01.11.1, decompose3.5.0, mvikotlin4.4.0, …)io.netty:netty-tcnative2.0.79.Finaldev.logchange1.19.15com.nvidia.cuvs:cuvs-java(major)26.06.0org.jetbrains.kotlinx:atomicfu0.33.0dev.langchain4j:langchain4j-bom1.16.3com.nvidia.cuvs.lucene:cuvs-lucene25.12.0com.google.auto.value:auto-value-annotations1.11.1com.nimbusds:nimbus-jose-jwt10.9.1com.ibm.icu:icu4j(major)78.3org.ow2.asm9.10.1com.google.code.gson:gson2.14.0org.jetbrains.kotlin:kotlin2.4.0io.ktor:ktor-bom3.5.0org.glassfish.jaxb:jaxb-runtime(major)4.0.9jakarta.ws.rs:jakarta.ws.rs-api(major)4.0.0com.fasterxml.woodstox:woodstox-core7.2.1io.swagger.core.v3(swagger3)2.2.52