Open
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
Updates Maven-managed dependencies across the multi-module build to address security findings (library upgrades, dependency overrides/exclusions), and adjusts Spark-based test infrastructure to run against newer Spark versions with updated logging behavior.
Changes:
- Bump key dependency versions (e.g., Tomcat, Jackson, Joda-Time, Spark, Netty) and add/adjust dependencyManagement entries for security remediation.
- Replace/adjust logging dependencies (e.g., log4j1 → reload4j; add slf4j-api; Spark test cluster logging jar handling).
- Remove now-obsolete
maven-enforcer-plugin“banned joda-time dependency” overrides/execution.
Reviewed changes
Copilot reviewed 20 out of 20 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| singer-parent/component-kitap/src/test/resources/TALEND-INF/dependencies.txt | Updates test dependency list to use reload4j + slf4j-api instead of log4j1. |
| singer-parent/component-kitap/pom.xml | Excludes org.lz4:lz4-java from Spark and adds at.yawk.lz4:lz4-java for tests. |
| sample-parent/sample-beam/pom.xml | Removes module-level disabling of an enforcer execution that no longer exists. |
| reporting/pom.xml | Removes module-level disabling of an enforcer execution that no longer exists. |
| pom.xml | Central version bumps + new dependencyManagement entries (commons-text, plexus-utils, zookeeper/protobuf/lz4) and removal of the joda-time ban enforcement. |
| images/component-server-image/pom.xml | Removes module-level disabling of an enforcer execution that no longer exists. |
| documentation/pom.xml | Relies on dependencyManagement for commons-text version; removes module-level enforcer disable. |
| component-tools/pom.xml | Removes module-level disabling of an enforcer execution that no longer exists. |
| component-studio/pom.xml | Removes module-level disabling of an enforcer execution that no longer exists. |
| component-server-parent/component-server/pom.xml | Relies on dependencyManagement for commons-text version. |
| component-runtime-testing/pom.xml | Adjusts managed dependencies for testing modules (notably plexus-utils version handling). |
| component-runtime-testing/component-runtime-testing-spark/src/test/java/org/talend/sdk/component/runtime/testing/spark/SparkClusterRuleTest.java | Updates Spark test cluster version to 3.5.7. |
| component-runtime-testing/component-runtime-testing-spark/src/main/java/org/talend/sdk/component/runtime/testing/spark/internal/BaseSpark.java | Updates Spark cluster startup/bind behavior and adds custom logging-jar resolution & conflict cleanup. |
| component-runtime-testing/component-runtime-testing-spark/pom.xml | Adds exclusions and pins/adjusts Spark-test logging dependencies. |
| component-runtime-testing/component-runtime-junit/pom.xml | Adds exclusions for plexus-utils and removes module-level enforcer disable. |
| component-runtime-testing/component-runtime-http-junit/pom.xml | Updates the module-scoped Netty version override. |
| component-runtime-testing/component-runtime-beam-junit/pom.xml | Adds exclusions for plexus-utils and removes module-level enforcer disable. |
| component-runtime-beam/src/it/serialization-over-cluster/src/test/java/org/talend/sdk/component/beam/it/SerializationOverClusterIT.java | Updates Spark version default used in the IT to 3.5.7. |
| component-runtime-beam/src/it/serialization-over-cluster/pom.xml | Updates Spark version system property for the IT to 3.5.7. |
| component-runtime-beam/pom.xml | Adds module-level dependencyManagement pin for classgraph and removes module-level enforcer disable. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
...g-spark/src/main/java/org/talend/sdk/component/runtime/testing/spark/internal/BaseSpark.java
Show resolved
Hide resolved
...g-spark/src/main/java/org/talend/sdk/component/runtime/testing/spark/internal/BaseSpark.java
Outdated
Show resolved
Hide resolved
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
https://qlik-dev.atlassian.net/browse/QTDI-2708