From 0a1d85f1e581b08f5b8e8578b81a201ab08be8af Mon Sep 17 00:00:00 2001 From: Marty Pradere Date: Fri, 30 Jan 2026 03:27:31 -0800 Subject: [PATCH 1/5] package updates --- gradle.properties | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/gradle.properties b/gradle.properties index 91a67a4280..0fc54b6c54 100644 --- a/gradle.properties +++ b/gradle.properties @@ -60,7 +60,7 @@ windowsProteomicsBinariesVersion=1.0 artifactoryPluginVersion=5.2.5 gradleNodePluginVersion=7.1.0 gradlePluginsVersion=7.3.0 -owaspDependencyCheckPluginVersion=12.1.9 +owaspDependencyCheckPluginVersion=12.2.0 # Versions of node and npm to use during the build. If set, these versions # will be downloaded and used. If not set, the existing local installations will be used @@ -97,22 +97,22 @@ antlrST4Version=4.3.4 #Unifying version used by DISCVR and Premium apacheDirectoryVersion=2.1.7 #Transitive dependency of Apache directory: 2.0.18 contains some regressions -apacheMinaVersion=2.2.4 +apacheMinaVersion=2.2.5 # Usually matches the version specified as a Spring Boot dependency (see springBootVersion below) -apacheTomcatVersion=11.0.15 +apacheTomcatVersion=11.0.18 # (mothership) -> json-path -> json-smart -> accessor-smart # (core) -> graalvm # tika -asmVersion=9.9 +asmVersion=9.9.1 # Apache Batik -- Batik version needs to be compatible with Apache FOP, but we need to pull in batik-codec separately batikVersion=1.19 # sync with Tika version (or later) -bouncycastlePgpVersion=1.82 -bouncycastleVersion=1.82 +bouncycastlePgpVersion=1.83 +bouncycastleVersion=1.83 cglibNodepVersion=2.2.3 @@ -140,7 +140,7 @@ commonsTextVersion=1.15.0 commonsValidatorVersion=1.10.1 commonsVfs2Version=2.10.0 -datadogVersion=1.56.3 +datadogVersion=1.58.2 dom4jVersion=2.1.4 @@ -158,8 +158,8 @@ fopVersion=2.11 googleApiVersion=2.47.0 googleAuthVersion=1.33.0 googleAutoValueAnnotationsVersion=1.10.4 -googleErrorProneAnnotationsVersion=2.45.0 -googleHttpClientVersion=2.0.2 +googleErrorProneAnnotationsVersion=2.46.0 +googleHttpClientVersion=2.1.0 googleOauthClientVersion=1.39.0 googleProtocolBufVersion=3.25.8 @@ -169,7 +169,7 @@ googleProtocolBufVersion=3.25.8 # "java.lang.NoSuchMethodError: 'void com.google.gson.internal.ConstructorConstructor.(java.util.Map)'" errors gsonVersion=2.8.9 -grpcVersion=1.77.0 +grpcVersion=1.78.0 guavaVersion=33.5.0-jre @@ -185,8 +185,8 @@ hamcrestVersion=2.2 # Note: if changing this, we might need to match with the picard version in the SequenceAnalysis module build.gradle htsjdkVersion=4.3.0 -httpclient5Version=5.5.1 -httpcore5Version=5.3.6 +httpclient5Version=5.6 +httpcore5Version=5.4 # Not used directly, but these are widely used transitive dependencies httpclientVersion=4.5.14 @@ -195,12 +195,12 @@ httpcoreVersion=4.4.16 intellijKotlinVersion=1.9.10 # Update the three Jackson dependency versions below in tandem, unless one gets a patch release out-of-sync with the others -jacksonVersion=2.20.1 -jacksonDatabindVersion=2.20.1 -jacksonJaxrsBaseVersion=2.20.1 +jacksonVersion=2.21.0 +jacksonDatabindVersion=2.21.0 +jacksonJaxrsBaseVersion=2.21.0 # Note the inconsistent version numbering for "annotations"... it no longer matches the above -jacksonAnnotationsVersion=2.20 +jacksonAnnotationsVersion=2.21 # The Jakarta Activation API version that Angus Activation implements. Keep in sync with angusActivationVersion (above). jakartaActivationApiVersion=2.1.4 @@ -217,7 +217,7 @@ jaxbOldVersion=2.3.3 # All other direct and indirect uses of JAXB use the current, jakarta-packaged versions jaxbApiVersion=4.0.4 -jaxbVersion=4.0.5 +jaxbVersion=4.0.6 jaxrpcVersion=1.1 @@ -233,9 +233,9 @@ jodaTimeVersion=2.14.0 # brought in transitively by Cloud, FileTransfer, SequenceAnalysis, etc. Need to resolve consistently jsr305Version=3.0.2 -orgJsonVersion=20250517 +orgJsonVersion=20251224 -jsoupVersion=1.21.2 +jsoupVersion=1.22.1 junitVersion=4.13.2 @@ -289,9 +289,9 @@ slf4jLog4jApiVersion=2.0.17 snappyJavaVersion=1.1.10.8 # Also, update apacheTomcatVersion above to match Spring Boot's Tomcat dependency version -springBootVersion=4.0.1 +springBootVersion=4.0.2 # This usually matches the Spring Framework version dictated by springBootVersion -springVersion=7.0.2 +springVersion=7.0.3 springAiVersion=1.1.2 sqliteJdbcVersion=3.51.1.0 From 6a17cfc4b05808e64c9e6b2ffa707db8ae92746c Mon Sep 17 00:00:00 2001 From: Marty Pradere Date: Fri, 30 Jan 2026 14:23:24 -0800 Subject: [PATCH 2/5] Backout json/jackson updates troubleshooting rstudio --- gradle.properties | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/gradle.properties b/gradle.properties index ed2c9692e7..5695a0ca33 100644 --- a/gradle.properties +++ b/gradle.properties @@ -195,9 +195,9 @@ httpcoreVersion=4.4.16 intellijKotlinVersion=1.9.10 # Update the three Jackson dependency versions below in tandem, unless one gets a patch release out-of-sync with the others -jacksonVersion=2.21.0 -jacksonDatabindVersion=2.21.0 -jacksonJaxrsBaseVersion=2.21.0 +jacksonVersion=2.20.1 +jacksonDatabindVersion=2.20.1 +jacksonJaxrsBaseVersion=2.20.1 # Note the inconsistent version numbering for "annotations"... it no longer matches the above jacksonAnnotationsVersion=2.21 @@ -233,7 +233,7 @@ jodaTimeVersion=2.14.0 # brought in transitively by Cloud, FileTransfer, SequenceAnalysis, etc. Need to resolve consistently jsr305Version=3.0.2 -orgJsonVersion=20251224 +orgJsonVersion=20250517 jsoupVersion=1.22.1 From 475f02e5bd67716614addcb567ebde1cd409900e Mon Sep 17 00:00:00 2001 From: Marty Pradere Date: Fri, 30 Jan 2026 16:04:37 -0800 Subject: [PATCH 3/5] Revert "Backout json/jackson updates troubleshooting rstudio" This reverts commit 6a17cfc4b05808e64c9e6b2ffa707db8ae92746c. --- gradle.properties | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/gradle.properties b/gradle.properties index 5695a0ca33..ed2c9692e7 100644 --- a/gradle.properties +++ b/gradle.properties @@ -195,9 +195,9 @@ httpcoreVersion=4.4.16 intellijKotlinVersion=1.9.10 # Update the three Jackson dependency versions below in tandem, unless one gets a patch release out-of-sync with the others -jacksonVersion=2.20.1 -jacksonDatabindVersion=2.20.1 -jacksonJaxrsBaseVersion=2.20.1 +jacksonVersion=2.21.0 +jacksonDatabindVersion=2.21.0 +jacksonJaxrsBaseVersion=2.21.0 # Note the inconsistent version numbering for "annotations"... it no longer matches the above jacksonAnnotationsVersion=2.21 @@ -233,7 +233,7 @@ jodaTimeVersion=2.14.0 # brought in transitively by Cloud, FileTransfer, SequenceAnalysis, etc. Need to resolve consistently jsr305Version=3.0.2 -orgJsonVersion=20250517 +orgJsonVersion=20251224 jsoupVersion=1.22.1 From acec28d71dfed7fd8eb6dc3164eba8f2c0b63b4c Mon Sep 17 00:00:00 2001 From: Marty Pradere Date: Fri, 30 Jan 2026 16:47:29 -0800 Subject: [PATCH 4/5] roll back httpclient version --- gradle.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gradle.properties b/gradle.properties index ed2c9692e7..7a8a2013c1 100644 --- a/gradle.properties +++ b/gradle.properties @@ -185,7 +185,7 @@ hamcrestVersion=2.2 # Note: if changing this, we might need to match with the picard version in the SequenceAnalysis module build.gradle htsjdkVersion=4.3.0 -httpclient5Version=5.6 +httpclient5Version=5.5.1 httpcore5Version=5.4 # Not used directly, but these are widely used transitive dependencies From d18daafd281ac5ba0e0bb7f620f6a553c7874153 Mon Sep 17 00:00:00 2001 From: Marty Pradere Date: Sun, 1 Feb 2026 19:42:58 -0800 Subject: [PATCH 5/5] more bumps --- gradle.properties | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/gradle.properties b/gradle.properties index 7a8a2013c1..d4393ba9ae 100644 --- a/gradle.properties +++ b/gradle.properties @@ -90,7 +90,7 @@ angusMailVersion=2.0.5 annotationsVersion=15.0 -antVersion=1.10.13 +antVersion=1.10.15 antlrST4Version=4.3.4 @@ -116,9 +116,9 @@ bouncycastleVersion=1.83 cglibNodepVersion=2.2.3 -checkerQualVersion=3.31.0 +checkerQualVersion=3.53.0 -commonmarkVersion=0.27.0 +commonmarkVersion=0.27.1 # the beanutils version is not the default version brought from commons-validator and/or commons-digester # in the :server:api module but is required for some of our code to compile @@ -142,7 +142,7 @@ commonsVfs2Version=2.10.0 datadogVersion=1.58.2 -dom4jVersion=2.1.4 +dom4jVersion=2.2.0 ehcacheCoreVersion=2.6.8 eigenbasePropertiesVersion=1.1.6 @@ -156,7 +156,7 @@ fopVersion=2.11 # Force latest for consistency googleApiVersion=2.47.0 -googleAuthVersion=1.33.0 +googleAuthVersion=1.40.0 googleAutoValueAnnotationsVersion=1.10.4 googleErrorProneAnnotationsVersion=2.46.0 googleHttpClientVersion=2.1.0 @@ -185,7 +185,7 @@ hamcrestVersion=2.2 # Note: if changing this, we might need to match with the picard version in the SequenceAnalysis module build.gradle htsjdkVersion=4.3.0 -httpclient5Version=5.5.1 +httpclient5Version=5.5.2 httpcore5Version=5.4 # Not used directly, but these are widely used transitive dependencies @@ -266,7 +266,7 @@ poiVersion=5.4.0 pollingWatchVersion=0.2.0 # Newer versions of the driver have a perf degradation that's important for us. https://github.com/pgjdbc/pgjdbc/issues/3505 -postgresqlDriverVersion=42.7.8 +postgresqlDriverVersion=42.7.9 quartzVersion=2.5.2 @@ -299,7 +299,7 @@ sqliteJdbcVersion=3.51.1.0 # NLP and SAML bring stax2-api in as a transitive dependency but with very different versions. We force the later version. stax2ApiVersion=4.2.2 -thumbnailatorVersion=0.4.20 +thumbnailatorVersion=0.4.21 # used for tika-core in API and tika-parsers in search tikaVersion=3.2.3