Skip to content

MLE-23024 Excluding Jetty and more dependency bumps #478

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 24, 2025
Merged

MLE-23024 Excluding Jetty and more dependency bumps #478

merged 1 commit into from
Sep 24, 2025

Conversation

rjrudin
Copy link
Contributor

@rjrudin rjrudin commented Sep 24, 2025

No description provided.

@Copilot Copilot AI review requested due to automatic review settings September 24, 2025 16:07
@github-actions GitHub Actions
Copy link

github-actions bot commented Sep 24, 2025
edited
Loading

Copyright Validation Results
Total: 4 | Passed: 1 | Failed: 0 | Skipped: 3 | at: 2025-09-24 16:23:36 UTC | commit: a4617bc

⏭️ Skipped (Excluded) Files

  • build.gradle
  • examples/getting-started/build.gradle
  • flux-cli/build.gradle

✅ Valid Files

  • flux-cli/src/main/java/com/marklogic/flux/impl/SparkUtil.java

✅ All files have valid copyright headers!

Copilot
Copilot AI reviewed Sep 24, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR excludes Jetty dependencies to address medium-severity CVEs and updates several dependency versions. The changes disable the Spark UI to prevent Jetty from being used since there's no current use case for the UI in Flux applications.

  • Disabled Spark UI to avoid Jetty dependency usage
  • Updated test dependencies (json-unit-assertj and xmlunit-core) to newer patch versions
  • Upgraded ml-gradle plugin from version 5.0.0 to 6.0.1

Reviewed Changes

Copilot reviewed 3 out of 4 changed files in this pull request and generated 2 comments.

File Description
flux-cli/src/main/java/com/marklogic/flux/impl/SparkUtil.java Added configuration to disable Spark UI with explanatory comment
flux-cli/build.gradle Updated json-unit-assertj and xmlunit-core test dependencies to newer versions
examples/getting-started/build.gradle Upgraded ml-gradle plugin version

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

flux-cli/src/main/java/com/marklogic/flux/impl/SparkUtil.java Outdated
sparkConf.set("spark.sql.session.timeZone", "UTC");

// To avoid the need for Jetty on the classpath, which brings in a number of medium CVEs (as Spark 4 is using
// Jetty 9), the Spark UI is explicitly disabled. Curiously, this doesn't seem to be required - i.e. when
Copy link

Copilot AI Sep 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There's an extra space in 'Spark UI is' - should be 'Spark UI is' with only one space.

Suggested change
// Jetty 9), the Spark UI is explicitly disabled. Curiously, this doesn't seem to be required - i.e. when
// Jetty 9), the Spark UI is explicitly disabled. Curiously, this doesn't seem to be required - i.e. when

Copilot uses AI. Check for mistakes.

flux-cli/src/main/java/com/marklogic/flux/impl/SparkUtil.java Outdated

// To avoid the need for Jetty on the classpath, which brings in a number of medium CVEs (as Spark 4 is using
// Jetty 9), the Spark UI is explicitly disabled. Curiously, this doesn't seem to be required - i.e. when
// excluding org.eclipse.jetty libaries from the classpath, no failures occur. But this is being done to
Copy link

Copilot AI Sep 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Typo in 'libaries' - should be 'libraries'.

Suggested change
// excluding org.eclipse.jetty libaries from the classpath, no failures occur. But this is being done to
// excluding org.eclipse.jetty libraries from the classpath, no failures occur. But this is being done to

Copilot uses AI. Check for mistakes.

@rjrudin rjrudin merged commit b064dc1 into develop Sep 24, 2025
2 of 3 checks passed
@rjrudin rjrudin deleted the feature/more-bumps branch September 24, 2025 16:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@BillFarber BillFarber BillFarber approved these changes

@anu3990 anu3990 Awaiting requested review from anu3990 anu3990 is a code owner

@stevebio stevebio Awaiting requested review from stevebio stevebio is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rjrudin @BillFarber