[bot] Merge 26.5 to develop (#1364)

github-actions[bot] · labkey-adam · labkey-klum · web-flow · commit 110c9409d4a8 · 2026-05-06T17:32:30.000-07:00
* Update Apache Mina & Spring to the latest versions (#1359) * Update PostgreSQL JDBC driver (#1360) * Upgrade to Spring AI 2.0.0-M5 (#1352) * Upgrade to Spring AI 2.0.0-M5 * Bump Spring Framework and Spring Boot as well --------- Co-authored-by: Adam Rauch <adam@labkey.com> Co-authored-by: Lum <klum@labkey.com> Co-authored-by: github-actions <teamcity@labkey.com>
diff --git a/build.gradle b/build.gradle
@@ -379,9 +379,6 @@ allprojects {
                     force "org.springframework:spring-messaging:${springVersion}"
                     force "org.springframework:spring-webflux:${springVersion}"
 
-                    // spring-ai dependency. Force to mitigate a CVE.
-                    force "io.modelcontextprotocol.sdk:mcp:${modelContextProtocolVersion}"
-
                     // Force consistency between pipeline's ActiveMQ and cloud's jClouds dependencies
                     force "javax.annotation:javax.annotation-api:${javaxAnnotationVersion}"
 
diff --git a/gradle.properties b/gradle.properties
@@ -93,8 +93,8 @@ antlrST4Version=4.3.4
 
 #Unifying version used by DISCVR and Premium
 apacheDirectoryVersion=2.1.7
-#Transitive dependency of Apache directory: 2.0.18 contains some regressions
-apacheMinaVersion=2.2.5
+#Transitive dependency of Apache directory
+apacheMinaVersion=2.2.7
 
 # Usually matches the version specified as a Spring Boot dependency (see springBootVersion below)
 apacheTomcatVersion=11.0.21
@@ -259,16 +259,15 @@ luceneVersion=10.4.0
 # Microsoft library for sending OAuth2-authenticated notification emails via the Microsoft Graph API
 microsoftGraphVersion=6.59.0
 
-# Spring-AI dependency that's showing a CVE
-modelContextProtocolVersion=1.1.2
-
 mssqlJdbcVersion=13.4.0.jre11
 
 # Netty - transitive dependency via azure-core-http-netty; force for CVE-2026-33871, CVE-2026-33870
 nettyVersion=4.2.12.Final
 # Reactor - transitive dependency via azure-core; force for version consistency across modules
 reactorCoreVersion=3.8.1
 
+mssqlJdbcVersion=13.2.1.jre11
+
 objenesisVersion=1.0
 
 opencsvVersion=2.3
@@ -283,7 +282,7 @@ poiVersion=5.5.1
 
 pollingWatchVersion=0.2.0
 
-postgresqlDriverVersion=42.7.10
+postgresqlDriverVersion=42.7.11
 
 quartzVersion=2.5.2
 
@@ -306,10 +305,10 @@ slf4jLog4jApiVersion=2.0.17
 snappyJavaVersion=1.1.10.8
 
 # Also, update apacheTomcatVersion above to match Spring Boot's Tomcat dependency version
-springBootVersion=4.0.5
+springBootVersion=4.0.6
 # This usually matches the Spring Framework version dictated by springBootVersion
-springVersion=7.0.6
-springAiVersion=2.0.0-M4
+springVersion=7.0.7
+springAiVersion=2.0.0-M5
 
 sqliteJdbcVersion=3.53.0.0
 
