Update hypertrace-kafka version to 0.6.4 (#87)

DibyojyotiS · web-flow · commit 630269c54567 · 2025-12-12T16:04:26.000+05:30
* Update hypertrace-kafka version to 0.6.4

* select at.yark.lz4:lz4-java:1.8.1 when org.lz4:lz4-java:1.8.1 redirects to it.

* spotless-apply xhanges
diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
@@ -3,7 +3,7 @@ protoc = "3.25.8"
 grpc = "1.75.0"
 hypertrace-framework = "0.1.91"
 hypertrace-grpcutils = "0.13.17"
-hypertrace-kafka = "0.6.3"
+hypertrace-kafka = "0.6.4"
 hypertrace-bom = "+"
 hypertrace-attributeservice = "0.14.35"
 hypertrace-gatewayservice = "0.3.9"
diff --git a/test-consumer/build.gradle.kts b/test-consumer/build.gradle.kts
@@ -82,3 +82,14 @@ tasks.register("verifyResolution") {
 tasks.check {
   dependsOn("verifyResolution")
 }
+
+// Handle lz4-java redirect capability conflict:
+// Sonatype added a redirect from org.lz4:lz4-java:1.8.1 -> at.yawk.lz4:lz4-java:1.8.1 to address CVE-2025-12183.
+// Both artifacts declare the same capability, causing a conflict when upgrading from Kafka's org.lz4:lz4-java:1.8.0.
+// This resolution strategy tells Gradle to automatically select the highest version when this conflict occurs.
+configurations.all {
+  resolutionStrategy.capabilitiesResolution.withCapability("org.lz4:lz4-java") {
+    select("at.yawk.lz4:lz4-java:1.8.1")
+    because("Both org.lz4 and at.yawk.lz4 provide lz4-java due to Sonatype redirect")
+  }
+}
