Skip to content

COMP-1422 Upgrade third-party dependencies to latest stable versions#998

Open
cristianrcv wants to merge 3 commits intomasterfrom
feat/COMP-1422-upgrade-dependencies
Open

COMP-1422 Upgrade third-party dependencies to latest stable versions#998
cristianrcv wants to merge 3 commits intomasterfrom
feat/COMP-1422-upgrade-dependencies

Conversation

@cristianrcv
Copy link
Contributor

@cristianrcv cristianrcv commented Mar 19, 2026
edited
Loading

Summary

Bumps all third-party dependencies to their latest stable releases. Micronaut framework and Seqera internal libraries are intentionally left unchanged.

Dependency Old New Notes
byte-buddy 1.14.17 1.17.5
caffeine 3.1.8 3.2.0
commons-compress 1.27.1 1.28.0
commons-lang3 3.18.0 3.20.0
failsafe 3.1.0 3.3.2
gson 2.10.1 2.13.1
guava 33.3.1-jre 33.4.8-jre
jakarta-persistence-api 3.0.0 3.2.0
jedis 5.1.3 6.0.0 major bump
jib (plugin) 3.4.5 3.5.3
logback 1.5.20 1.5.32
netty-tcnative 2.0.0.Final 2.0.71.Final
resilience4j 0.17.0 2.3.0 major bump
slf4j 2.0.16 2.0.17
snakeyaml 2.2 2.4
spock 2.3-groovy-4.0 2.4-groovy-4.0

Unchanged (already at latest stable): foojay, jaxb-api, kubernetes-client, luaj, moshi, netty-bom, objenesis, postgresql, spillway

Notable major version bumps

  • jedis 5 → 6: New major release; ./gradlew assemble passes cleanly with no source changes required.
  • resilience4j 0.17 → 2.3: Large version jump; build compiles and assembles without errors.

Test plan

  • ./gradlew assemble passes locally
  • ./gradlew test passes in CI
  • Smoke test Redis rate-limiting paths (resilience4j)
  • Smoke test registry proxy paths (jedis)

🤖 Generated with Claude Code

@cristianrcv cristianrcv force-pushed the feat/COMP-1422-upgrade-dependencies branch from 8feb30a to d6a46ef Compare March 19, 2026 15:58
@cristianrcv cristianrcv marked this pull request as draft March 19, 2026 16:32
Base automatically changed from feat/COMP-1422-update-gradle-version to feat/COMP-1422-create-toml-version-file March 19, 2026 17:11
@cristianrcv cristianrcv marked this pull request as ready for review March 19, 2026 17:44
Base automatically changed from feat/COMP-1422-create-toml-version-file to master March 20, 2026 08:09
cristianrcv and others added 3 commits March 20, 2026 09:12
@cristianrcv @claude
Upgrade third-party dependencies to latest stable versions
1d5575e 
| Dependency              | Old              | New              |
|-------------------------|------------------|------------------|
| byte-buddy              | 1.14.17          | 1.17.5           |
| caffeine                | 3.1.8            | 3.2.0            |
| commons-compress        | 1.27.1           | 1.28.0           |
| commons-lang3           | 3.18.0           | 3.20.0           |
| failsafe                | 3.1.0            | 3.3.2            |
| gson                    | 2.10.1           | 2.13.1           |
| guava                   | 33.3.1-jre       | 33.4.8-jre       |
| jakarta-persistence-api | 3.0.0            | 3.2.0            |
| jedis                   | 5.1.3            | 6.0.0            |
| jib (plugin)            | 3.4.5            | 3.5.3            |
| logback                 | 1.5.20           | 1.5.32           |
| netty-tcnative          | 2.0.0.Final      | 2.0.71.Final     |
| resilience4j            | 0.17.0           | 2.3.0            |
| slf4j                   | 2.0.16           | 2.0.17           |
| snakeyaml               | 2.2              | 2.4              |
| spock                   | 2.3-groovy-4.0   | 2.4-groovy-4.0   |

Unchanged (already latest or no newer stable release):
foojay, jaxb-api, kubernetes-client, luaj, moshi, netty-bom,
objenesis, postgresql, spillway

Micronaut framework and Seqera internal libraries are intentionally excluded.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@cristianrcv @claude
Revert failsafe 3.3.2 → 3.1.0: binary incompatibility with lib-retry
09d3b7a 
failsafe 3.3.x introduced a binary-incompatible change to
RetryPolicyBuilder.handleIf(Predicate) that causes a NoSuchMethodError
at runtime because the Seqera lib-retry JAR was compiled against 3.1.0:

  NoSuchMethodError: 'Object dev.failsafe.RetryPolicyBuilder.handleIf(Predicate)'

Pin failsafe back to 3.1.0 until lib-retry is updated to target 3.3.x.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@cristianrcv @claude
Revert jedis 6.0.0 → 5.1.3 and jakarta-persistence-api 3.2.0 → 3.1.0
bb4583e 
Both upgrades introduced binary incompatibilities with pre-compiled
Seqera internal libraries and the Micronaut Data layer respectively.

jedis 6.0.0 — same pattern as failsafe:
  All Seqera internal JARs (lib-jedis-pool, jedis-lock,
  lib-cache-tiered-redis, lib-data-store-*-redis, …) were compiled
  against jedis 5.1.4. Forcing 6.0.0 caused silent auth-cache failures
  that broke every test going through the registry proxy.

jakarta-persistence-api 3.2.0 — Micronaut Data compiled against 3.1.0:
  JPA 3.2 added new abstract methods to core interfaces. Micronaut Data
  JDBC (compiled against 3.1.0) throws AbstractMethodError at runtime,
  breaking DB-backed token creation and therefore all registry proxy
  tests that depend on it. The Micronaut BOM manages this at 3.1.0;
  our explicit 3.2.0 was overriding that constraint.

Both are pinned to the versions the pre-compiled JARs expect until the
upstream libraries are updated to support the newer major versions.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@cristianrcv cristianrcv force-pushed the feat/COMP-1422-upgrade-dependencies branch from 4411d5b to bb4583e Compare March 20, 2026 08:13
@munishchouhan
Copy link
Member

munishchouhan commented Mar 20, 2026

succesfully tested builds and security scan locally
Screenshot 2026-03-20 at 15 28 01

Screenshot 2026-03-20 at 15 28 19

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@munishchouhan munishchouhan munishchouhan approved these changes

@jonmarti jonmarti jonmarti approved these changes

@pditommaso pditommaso Awaiting requested review from pditommaso

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@cristianrcv @munishchouhan @jonmarti