Re: [PR] Update bouncy castle [cloudstack]

Wed, 20 May 2026 03:37:23 -0700 


Copilot commented on code in PR #12794:
URL: https://github.com/apache/cloudstack/pull/12794#discussion_r3273212721


##########
pom.xml:
##########
@@ -191,6 +191,7 @@
         <cs.ini.version>0.5.4</cs.ini.version>
         <cs.caffeine.version>3.1.7</cs.caffeine.version>
         <cs.protobuf.version>3.25.5</cs.protobuf.version>
+        <cs.minio.version>8.6.0</cs.minio.version>
     </properties>

Review Comment:
   This PR is described as a BouncyCastle update, but it also introduces a new 
MinIO version property. Please update the PR title/description to explicitly 
mention the MinIO/OkHttp dependency changes, or split them into a separate PR 
to keep the security-library upgrade focused.



##########
plugins/storage/object/minio/pom.xml:
##########
@@ -46,12 +46,24 @@
         <dependency>
             <groupId>io.minio</groupId>
             <artifactId>minio</artifactId>
-            <version>8.5.2</version>
+            <version>${cs.minio.version}</version>
         </dependency>
         <dependency>
             <groupId>io.minio</groupId>
             <artifactId>minio-admin</artifactId>
-            <version>8.5.2</version>
+            <version>${cs.minio.version}</version>
+        </dependency>
+        <!-- Pin okhttp3 to the version required by minio 8.6.0+, overriding 
the older
+             version transitively pulled by influxdb-java -->
+        <dependency>
+            <groupId>com.squareup.okhttp3</groupId>
+            <artifactId>okhttp</artifactId>
+            <version>5.1.0</version>
+        </dependency>
+        <dependency>
+            <groupId>com.squareup.okhttp3</groupId>
+            <artifactId>logging-interceptor</artifactId>
+            <version>5.1.0</version>
         </dependency>

Review Comment:
   OkHttp is being pinned with a hard-coded version here. To reduce the risk of 
version drift/conflicts across modules (and to match the existing pattern of 
centralizing dependency versions), please move the OkHttp version to a root 
property/dependencyManagement entry (e.g., cs.okhttp.version) and reference it 
from here (and any other module that needs it).



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to