Copilot commented on code in PR #13721:
URL: https://github.com/apache/skywalking/pull/13721#discussion_r2875593576
##########
oap-server-bom/pom.xml:
##########
@@ -49,7 +49,7 @@
<kubernetes.version>6.7.1</kubernetes.version>
<hikaricp.version>3.1.0</hikaricp.version>
<zipkin.version>2.24.1</zipkin.version>
- <jackson.version>2.16.0</jackson.version>
+ <jackson.version>2.18.5</jackson.version>
<jackson-databind.version>2.16.0</jackson-databind.version>
Review Comment:
`jackson.version` was bumped to 2.18.5 (used by
`jackson-core`/`jackson-annotations`), but `jackson-databind.version` remains
at 2.16.0. Mixing Jackson minor versions can cause runtime/compatibility issues
because `jackson-databind` is expected to align with `core`/`annotations`.
Consider bumping `jackson-databind.version` to the same version (or
consolidating to a single Jackson version property).
```suggestion
<jackson-databind.version>2.18.5</jackson-databind.version>
```
##########
docs/en/changes/changes.md:
##########
@@ -134,6 +134,7 @@
(up to 200 on-demand threads) because HTTP handlers block on long storage/DB
queries.
* Add the spring-ai components and the GenAI layer.
* Bump up netty to 4.2.10.Final.
+* Bump up log4j to 2.25.3 and jackson to 2.18.5.
Review Comment:
This changelog entry says "bump up ... jackson to 2.18.5", but in the BOM
only `jackson-core`/`jackson-annotations` are tied to `jackson.version` while
`jackson-databind` is still pinned to 2.16.0. Please either bump
`jackson-databind` too or clarify the entry to avoid overstating the Jackson
upgrade.
```suggestion
* Bump up log4j to 2.25.3 and jackson-core/jackson-annotations to 2.18.5.
```
##########
dist-material/release-docs/LICENSE:
##########
@@ -217,8 +217,8 @@ The text of each license is the standard Apache 2.0 license.
https://mvnrepository.com/artifact/com.alibaba.nacos/nacos-encryption-plugin/2.3.2
Apache-2.0
https://mvnrepository.com/artifact/com.ctrip.framework.apollo/apollo-client/1.8.0
Apache-2.0
https://mvnrepository.com/artifact/com.ctrip.framework.apollo/apollo-core/1.8.0
Apache-2.0
-
https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-annotations/2.16.0
Apache-2.0
-
https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-core/2.16.0
Apache-2.0
+
https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-annotations/2.18.5
Apache-2.0
+
https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-core/2.18.5
Apache-2.0
https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-databind/2.16.0
Apache-2.0
Review Comment:
The LICENSE list updates `jackson-annotations`/`jackson-core` to 2.18.5 but
keeps `jackson-databind` at 2.16.0. Please ensure the LICENSE list matches the
actual dependency versions included in the distribution (and align
`jackson-databind` with the Jackson core/annotations version if the intent is a
full Jackson bump).
```suggestion
https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-databind/2.18.5
Apache-2.0
```
##########
dist-material/release-docs/LICENSE:
##########
@@ -347,15 +347,15 @@ The text of each license is the standard Apache 2.0
license.
https://mvnrepository.com/artifact/org.apache.curator/curator-framework/4.3.0
Apache-2.0
https://mvnrepository.com/artifact/org.apache.curator/curator-recipes/4.3.0
Apache-2.0
https://mvnrepository.com/artifact/org.apache.curator/curator-x-discovery/4.3.0
Apache-2.0
- https://mvnrepository.com/artifact/org.apache.groovy/groovy/5.0.3
Apache-2.0
+ https://mvnrepository.com/artifact/org.apache.groovy/groovy/4.0.15
Apache-2.0
Review Comment:
The LICENSE list changes Groovy to `4.0.15`, but the BOM still declares
`<groovy.version>5.0.3</groovy.version>` for `org.apache.groovy:groovy`. Please
align the LICENSE entry and the managed dependency version (and double-check
which Groovy version is actually shipped) to keep release compliance
documentation accurate.
```suggestion
https://mvnrepository.com/artifact/org.apache.groovy/groovy/5.0.3
Apache-2.0
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
