Skip to content

Bump Dependencies #24960039926 #27677

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
jenkins-is-staging wants to merge 1 commit into
base: archive_IS-7.3
Choose a base branch
from
+1 −1
Open

Bump Dependencies #24960039926 #27677

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2803,7 +2803,7 @@
<identity.extension.utils>1.3.1</identity.extension.utils>
<authenticator.auth.otp.commons.version>1.1.1</authenticator.auth.otp.commons.version>

<identity.org.mgt.version>2.4.22</identity.org.mgt.version>
<identity.org.mgt.version>2.4.23</identity.org.mgt.version>
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot Apr 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Description: Verify that version 2.4.23 exists for org.wso2.carbon.identity.organization.management
# and check for any security advisories.

# Check if the version exists in the WSO2 Maven repository
echo "Checking if version 2.4.23 exists..."
curl -s -o /dev/null -w "%{http_code}" \
  "https://maven.wso2.org/nexus/content/groups/wso2-public/org/wso2/carbon/identity/organization/management/org.wso2.carbon.identity.organization.management.server.feature/2.4.23/" | \
  grep -q "200" && echo "Version 2.4.23 found" || echo "Version 2.4.23 not found"

# Check for security advisories using GitHub's GraphQL API
echo "Checking for security advisories..."
gh api graphql -f query='
{
  securityVulnerabilities(first: 10, ecosystem: MAVEN, package: "org.wso2.carbon.identity.organization.management:org.wso2.carbon.identity.organization.management.server.feature") {
    nodes {
      advisory {
        summary
        severity
        publishedAt
      }
      vulnerableVersionRange
      firstPatchedVersion {
        identifier
      }
    }
  }
}'

Repository: wso2/product-is

Length of output: 206

🏁 Script executed:

#!/bin/bash
# Check the correct artifact ID and verify if version 2.4.23 exists in other locations

# First, let's check what versions are available in the WSO2 repository
echo "Checking available versions in WSO2 Maven repository..."
curl -s "https://maven.wso2.org/nexus/content/groups/wso2-public/org/wso2/carbon/identity/organization/management/" 2>/dev/null | \
  grep -o "2\.4\.[0-9]*" | sort -V | tail -10

# Also check the Maven Central Repository
echo ""
echo "Checking Maven Central Repository..."
curl -s "https://repo1.maven.org/maven2/org/wso2/carbon/identity/organization/management/" 2>/dev/null | \
  grep -o "2\.4\.[0-9]*" | sort -V | tail -10

# Check if this is part of a staging repository
echo ""
echo "Checking WSO2 staging repository..."
curl -s "https://maven.wso2.org/nexus/content/repositories/staging/" -I 2>/dev/null | head -5

Repository: wso2/product-is

Length of output: 592

🏁 Script executed:

#!/bin/bash
# Examine the pom.xml around the changed line and look for context

# Show the line in context
echo "=== Context around line 2806 ==="
sed -n '2800,2815p' pom.xml

echo ""
echo "=== Checking for other org.wso2.carbon.identity version properties ==="
grep -n "identity\.org\.mgt\.version" pom.xml

echo ""
echo "=== Checking git history for this property ==="
git log --oneline -10 -- pom.xml | head -5

Repository: wso2/product-is

Length of output: 1444

Version 2.4.23 is not available in public Maven repositories and will cause build failures.

Version 2.4.23 of org.wso2.carbon.identity.organization.management could not be found in the WSO2 Maven repository, Maven Central, or other accessible repositories. This dependency will fail to resolve during the build. Either revert to version 2.4.22 or verify that this version has been published to the appropriate repository before proceeding.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@pom.xml` at line 2806, The pom property identity.org.mgt.version is set to
2.4.23 which is not available in public Maven repositories and will fail the
build; change the property value back to the last known good version (2.4.22) or
ensure the repository that hosts
org.wso2.carbon.identity.organization.management:2.4.23 is added to the
project's repositories so the dependency can be resolved, updating the
identity.org.mgt.version property accordingly.

<identity.org.mgt.core.version>1.5.2</identity.org.mgt.core.version>
<identity.organization.login.version>1.2.5</identity.organization.login.version>
<identity.oauth2.grant.organizationswitch.version>1.2.1</identity.oauth2.grant.organizationswitch.version>
Expand Down