Skip to content

MLE-24717 Bumping Spark and langchain and others #570

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 31, 2025
Merged

MLE-24717 Bumping Spark and langchain and others #570

merged 1 commit into from
Oct 31, 2025

Conversation

@rjrudin
Copy link
Contributor

@rjrudin rjrudin commented Oct 31, 2025

No description provided.

@rjrudin rjrudin requested a review from BillFarber as a code owner October 31, 2025 18:56
Copilot AI review requested due to automatic review settings October 31, 2025 18:56
@rjrudin rjrudin requested a review from stevebio as a code owner October 31, 2025 18:56
@github-actions
Copy link

github-actions bot commented Oct 31, 2025

Copyright Validation Results
Total: 2 | Passed: 0 | Failed: 0 | Skipped: 2 | at: 2025-10-31 18:56:46 UTC | commit: 5317f95

⏭️ Skipped (Excluded) Files

  • gradle.properties
  • marklogic-spark-connector/build.gradle

✅ All files have valid copyright headers!

Copilot AI reviewed Oct 31, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR updates several library versions to their latest versions, addressing CVE vulnerabilities and aligning with newer Spark dependencies. The changes include upgrading Spark from 4.1.0-preview2 to 4.1.0-preview3, langchain from 1.5.0 to 1.8.0, and several other dependencies.

  • Updates Spark version to 4.1.0-preview3 and langchain to 1.8.0
  • Introduces a centralized Jackson version property (2.20.0) to ensure consistency across dependencies
  • Removes specific CVE mitigation code that is no longer needed with the newer versions

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File Description
marklogic-spark-connector/build.gradle Updates dependency versions and removes obsolete CVE mitigation configurations
gradle.properties Defines new version properties including Spark 4.1.0-preview3, langchain 1.8.0, and centralized Jackson version

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

marklogic-spark-connector/build.gradle
// Not needed, as the modules in this group that this dependency depends on are all provided by Spark.
exclude group: "com.fasterxml.jackson.core"
}
implementation "com.fasterxml.jackson.dataformat:jackson-dataformat-xml:${jacksonVersion}"
Copy link

Copilot AI Oct 31, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The exclude group statements for 'com.fasterxml.jackson.core' were removed, but they may still be needed to prevent version conflicts. Consider adding back the exclude statements to ensure Spark's Jackson versions take precedence.

Suggested change
implementation "com.fasterxml.jackson.dataformat:jackson-dataformat-xml:${jacksonVersion}"
implementation("com.fasterxml.jackson.dataformat:jackson-dataformat-xml:${jacksonVersion}") {
exclude group: "com.fasterxml.jackson.core"
}

Copilot uses AI. Check for mistakes.
@sonarqube-progress-marklogic
Copy link

sonarqube-progress-marklogic bot commented Oct 31, 2025

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarQube

@rjrudin rjrudin merged commit bf8d26b into develop Oct 31, 2025
6 checks passed
@rjrudin rjrudin deleted the feature/bumps-2 branch November 4, 2025 22:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@BillFarber BillFarber Awaiting requested review from BillFarber BillFarber is a code owner

@stevebio stevebio Awaiting requested review from stevebio stevebio is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rjrudin