Skip to content

Bump dependencies, JUnit 5, Java 25, Beam 2.74.0#1039

Merged
labianchin merged 31 commits into
masterfrom
updates
Jun 22, 2026
Merged

Bump dependencies, JUnit 5, Java 25, Beam 2.74.0#1039
labianchin merged 31 commits into
masterfrom
updates

Conversation

@labianchin

@labianchin labianchin commented Apr 7, 2026

Copy link
Copy Markdown
Collaborator

Summary

Key upgrade: Apache Beam SDK 2.65.0 → 2.74.0. Beam 2.65.0 was deprecated on May 12, 2026. Beam 2.74.0 is the latest stable release (June 2, 2026), supported until June 2027.

Dependency updates

  • Apache Beam SDK: 2.65.0 → 2.74.0
  • Avro: 1.11.4 → 1.12.0
  • Jackson: 2.15.4 → 2.18.3
  • Guava: 33.1.0-jre → 33.5.0-jre
  • google-cloud-libraries-bom: 26.57.0 → 26.80.0
  • google-api-client: override to 2.9.0 (resolve bigdataoss conflict with libraries-bom)
  • Netty: 4.1.121.Final → 4.1.130.Final
  • SLF4J: 1.7.30 → 2.0.16
  • Error Prone: 2.10.0 → 2.31.0
  • Joda-Time: 2.10.14 → 2.14.0
  • PostgreSQL JDBC: 42.7.4 → 42.7.11 (fixes CVE-2025-49146)
  • MariaDB JDBC: 3.5.3 → 3.5.8
  • Cloud SQL socket factory: 1.18.0 → 1.25.0
  • google-api-services-cloudkms: v1-rev20240314 → v1-rev20260319
  • zstd-jni: 1.5.6-3 → 1.5.7-7
  • BouncyCastle: 1.78.1 → 1.84
  • Auto-Value: 1.9 → 1.11.1

Test framework

  • JUnit: 4.13.2 → JUnit Jupiter 5.14.4
  • Mockito: 5.17.0 → 5.23.0
  • H2: 2.3.232 → 2.4.240
  • Migrated all test classes from JUnit 4 (@org.junit.Test, Assert.*) to JUnit 5 (@org.junit.jupiter.api.Test, Assertions.*)
  • Fixed Avro 1.12.0 test breakage: primitive arrays now use PrimitivesArrays$IntArray instead of GenericData$Array

Maven plugin updates

  • maven-compiler-plugin → 3.15.0
  • maven-release-plugin → 3.3.1
  • maven-scm: 2.1.0 → 2.2.1
  • maven-site-plugin → 3.22.0
  • maven-jar-plugin → 3.5.0
  • maven-source-plugin → 3.4.0
  • maven-project-info-reports-plugin → 3.10.0
  • maven-surefire-plugin: 3.5.3 → 3.5.6
  • maven-enforcer-plugin: 3.5.0 → 3.6.3
  • maven-shade-plugin: 3.6.0 → 3.6.2
  • maven-javadoc-plugin: 3.11.2 → 3.12.0
  • maven-gpg-plugin: 3.2.7 → 3.2.8
  • maven-checkstyle-plugin → 3.6.0
  • build-helper-maven-plugin: 3.6.0 → 3.6.1
  • central-publishing-maven-plugin: 0.8.0 → 0.10.0
  • jacoco-maven-plugin: 0.8.13 → 0.8.14
  • Checkstyle: 10.23.0 → 10.26.1

Other

  • Support Java 25 build (explicit annotation processor paths for JEP 472)
  • CI: use Java 21 for e2e tests and deploy

Test plan

  • mvn verify passes locally
  • CI passes with Java 25

dependabot Bot and others added 17 commits April 7, 2026 16:31
Bumps [org.apache.maven.plugins:maven-enforcer-plugin](https://github.com/apache/maven-enforcer) from 3.5.0 to 3.6.2.
- [Release notes](https://github.com/apache/maven-enforcer/releases)
- [Commits](apache/maven-enforcer@enforcer-3.5.0...enforcer-3.6.2)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-enforcer-plugin
  dependency-version: 3.6.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [org.mockito:mockito-core](https://github.com/mockito/mockito) from 5.17.0 to 5.20.0.
- [Release notes](https://github.com/mockito/mockito/releases)
- [Commits](mockito/mockito@v5.17.0...v5.20.0)

---
updated-dependencies:
- dependency-name: org.mockito:mockito-core
  dependency-version: 5.20.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [org.apache.maven.plugins:maven-compiler-plugin](https://github.com/apache/maven-compiler-plugin) from 3.13.0 to 3.14.1.
- [Release notes](https://github.com/apache/maven-compiler-plugin/releases)
- [Commits](apache/maven-compiler-plugin@maven-compiler-plugin-3.13.0...maven-compiler-plugin-3.14.1)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-compiler-plugin
  dependency-version: 3.14.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [org.apache.maven.plugins:maven-javadoc-plugin](https://github.com/apache/maven-javadoc-plugin) from 3.11.2 to 3.12.0.
- [Release notes](https://github.com/apache/maven-javadoc-plugin/releases)
- [Commits](apache/maven-javadoc-plugin@maven-javadoc-plugin-3.11.2...maven-javadoc-plugin-3.12.0)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-javadoc-plugin
  dependency-version: 3.12.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [org.apache.maven.plugins:maven-gpg-plugin](https://github.com/apache/maven-gpg-plugin) from 3.2.7 to 3.2.8.
- [Release notes](https://github.com/apache/maven-gpg-plugin/releases)
- [Commits](apache/maven-gpg-plugin@maven-gpg-plugin-3.2.7...maven-gpg-plugin-3.2.8)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-gpg-plugin
  dependency-version: 3.2.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [org.codehaus.mojo:build-helper-maven-plugin](https://github.com/mojohaus/build-helper-maven-plugin) from 3.6.0 to 3.6.1.
- [Release notes](https://github.com/mojohaus/build-helper-maven-plugin/releases)
- [Commits](mojohaus/build-helper-maven-plugin@3.6.0...3.6.1)

---
updated-dependencies:
- dependency-name: org.codehaus.mojo:build-helper-maven-plugin
  dependency-version: 3.6.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [org.apache.maven.plugins:maven-project-info-reports-plugin](https://github.com/apache/maven-project-info-reports-plugin) from 3.8.0 to 3.9.0.
- [Release notes](https://github.com/apache/maven-project-info-reports-plugin/releases)
- [Commits](apache/maven-project-info-reports-plugin@maven-project-info-reports-plugin-3.8.0...maven-project-info-reports-plugin-3.9.0)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-project-info-reports-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Beam 2.65.0 reaches end-of-support in May 2026. Beam 2.72.0 is the
latest stable release, supported until March 2027.

Updated dependency versions to match Beam 2.72.0:
- errorprone: 2.10.0 -> 2.31.0
- joda-time: 2.10.14 -> 2.14.0
- netty: 4.1.121.Final -> 4.1.124.Final
- slf4j: 1.7.30 -> 2.0.16
- google-cloud-libraries-bom: 26.57.0 -> 26.76.0

Added dependency management overrides to resolve version convergence
between Beam BOM and libraries-bom:
- jackson-dataformat-xml 2.18.2 (from google-cloud-storage)
- google-cloud-bigtable 2.73.1 and proto stubs (from beam-io-gcp)
- j2objc-annotations 3.1 (from libraries-bom)
- failureaccess 1.0.3 (from transitives)
Aligns with the version provided by google-cloud-libraries-bom 26.76.0,
removing the separate jackson-dataformat-xml override.
Aligns with the version provided by google-cloud-libraries-bom 26.76.0.
1.25.0 is the highest version compatible with the current
libraries-bom 26.76.0 without introducing dependency conflicts.
Versions >= 1.25.1 require a newer google-api-client than what
the BOM provides.
@codecov

codecov Bot commented Apr 7, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 91.92%. Comparing base (05add13) to head (671c5be).
⚠️ Report is 2 commits behind head on master.

Additional details and impacted files
@@            Coverage Diff            @@
##             master    #1039   +/-   ##
=========================================
  Coverage     91.92%   91.92%           
  Complexity      283      283           
=========================================
  Files            27       27           
  Lines          1015     1015           
  Branches         86       86           
=========================================
  Hits            933      933           
  Misses           54       54           
  Partials         28       28           
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

The previous URL for avro-tools 1.11.3 is no longer available on
dlcdn.apache.org, causing CI failures.
@labianchin labianchin marked this pull request as ready for review April 7, 2026 15:39
labianchin and others added 6 commits May 4, 2026 12:00
Also bump google-cloud libraries-bom from 26.76.0 to 26.79.0 (the
version that Beam 2.73 expects) and remove the now-stale
google-cloud-bigtable 2.73.1 overrides — libraries-bom 26.79.0 plus
the Beam BOM converge cleanly without them.

Co-Authored-By: Claude <noreply@anthropic.com>
Routine update for the BouncyCastle crypto provider; pulls in fixes
across 1.79, 1.80, 1.81, 1.82, 1.83, and 1.84 releases (April 2026).

Co-Authored-By: Claude <noreply@anthropic.com>
Update to the latest 10.x release (last line that supports JDK 8/11
toolchains; 11.x requires JDK 17 to run the plugin).

Co-Authored-By: Claude <noreply@anthropic.com>
Co-Authored-By: Claude <noreply@anthropic.com>
Co-Authored-By: Claude <noreply@anthropic.com>
labianchin and others added 3 commits May 4, 2026 12:16
JDK 23 (JEP 472) disabled implicit annotation processing, so AutoValue
silently stopped generating AutoValue_* classes on JDK 25. Declare the
processor explicitly via maven-compiler-plugin's annotationProcessorPaths
so javac runs it again, and bump auto-value 1.9 -> 1.11.0 for JDK 23+
compiler-internals support. Bump maven.compiler.release 8 -> 11 to drop
the obsolete-source-8 warnings; matches the enforcer's existing [11,)
floor.

Co-Authored-By: Claude <noreply@anthropic.com>
@labianchin labianchin changed the title Bump dependencies: Beam 2.72.0, Jackson, Guava, and more Bump dependencies: Beam 2.73.0, Jackson, Guava, and more May 13, 2026
@labianchin labianchin changed the title Bump dependencies: Beam 2.73.0, Jackson, Guava, and more Bump dependencies: Beam 2.73.0, Java 25, and more May 13, 2026
Replace junit:junit 4.13.2 dependency management with JUnit 5 BOM
(junit-bom 5.11.4) and add mockito-junit-jupiter for extension support.
Replace JUnit 4 annotations and assertions with JUnit 5 equivalents:
- @BeforeClass/@afterclass -> @BeforeAll/@afterall
- @ignore -> @disabled
- @test(expected=...) -> assertThrows()
- Assert -> Assertions (with swapped message parameter order)
- org.junit.* imports -> org.junit.jupiter.api.*
@labianchin labianchin changed the title Bump dependencies: Beam 2.73.0, Java 25, and more Bump dependencies, JUnit 5, Java 25, Beam 2.73.0 May 13, 2026
Beam 2.73.0 will be deprecated in April 2027; 2.74.0 (released June 2,
2026) brings security fixes and new features with support until June
2027.

Dependency changes:
- avro: 1.11.5 → 1.12.0 (Beam's new baseline)
- netty: 4.1.124.Final → 4.1.130.Final
- jackson: 2.18.2 → 2.18.3 (resolve google-cloud-storage conflict)
- google-cloud-libraries-bom: 26.79.0 → 26.80.0
- google-api-client{,-gson}: override to 2.9.0 (resolve bigdataoss
  conflict with libraries-bom 26.80.0)

Fix Avro 1.12.0 test breakage: primitive arrays now use
PrimitivesArrays$IntArray instead of GenericData$Array, so casts in
tests use List<?> instead.
Dependencies:
- auto-value: 1.11.0 → 1.11.1
- junit-jupiter: 5.11.4 → 5.14.4
- postgresql: 42.7.8 → 42.7.11
- mockito: 5.20.0 → 5.23.0
- h2: 2.3.232 → 2.4.240

Maven plugins:
- maven-compiler-plugin: 3.14.1 → 3.15.0
- maven-release-plugin: 3.1.1 → 3.3.1
- maven-scm: 2.1.0 → 2.2.1
- maven-site-plugin: 3.21.0 → 3.22.0
- maven-jar-plugin: 3.4.2 → 3.5.0
- maven-source-plugin: 3.3.1 → 3.4.0
- maven-project-info-reports-plugin: 3.9.0 → 3.10.0
- maven-surefire-plugin: 3.5.5 → 3.5.6
- maven-enforcer-plugin: 3.6.2 → 3.6.3
- central-publishing-maven-plugin: 0.8.0 → 0.10.0
- jacoco-maven-plugin: 0.8.13 → 0.8.14
@labianchin labianchin changed the title Bump dependencies, JUnit 5, Java 25, Beam 2.73.0 Bump dependencies, JUnit 5, Java 25, Beam 2.74.0 Jun 5, 2026
@labianchin labianchin merged commit 671c5be into master Jun 22, 2026
9 checks passed
@labianchin labianchin deleted the updates branch June 22, 2026 10:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant