Skip to content

fix(deps): update dependency org.apache.ant:ant to v1.10.17 #1051

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
elastic-renovate-prod wants to merge 1 commit into
base: main
Choose a base branch
from
+1 βˆ’1
Open

fix(deps): update dependency org.apache.ant:ant to v1.10.17 #1051

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion gradle/libs.versions.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,7 @@ licenseReportPlugin = "com.github.jk1.dependency-license-report:com.github.jk1.d
muzzleCheckPlugin = { group = "io.opentelemetry.instrumentation.muzzle-check", name = "io.opentelemetry.instrumentation.muzzle-check.gradle.plugin", version.ref = "opentelemetryJavaagentAlpha" }
muzzleGenerationPlugin = { group = "io.opentelemetry.instrumentation.muzzle-generation", name = "io.opentelemetry.instrumentation.muzzle-generation.gradle.plugin", version.ref = "opentelemetryJavaagentAlpha" }
# Ant should be kept in sync with the version used in the shadow plugin
ant = "org.apache.ant:ant:1.10.16"
ant = "org.apache.ant:ant:1.10.17"
Copy link
Copy Markdown

@coderabbitai coderabbitai bot Apr 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | πŸ”΄ Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify shadow plugin 9.4.1's Ant dependency version

# Check shadow plugin's declared Ant dependency
curl -s https://repo1.maven.org/maven2/com/gradleup/shadow/shadow-gradle-plugin/9.4.1/shadow-gradle-plugin-9.4.1.pom | grep -A 2 "org.apache.ant"

Repository: elastic/elastic-otel-java

Length of output: 176

🌐 Web query:

What version of Apache Ant does Gradle Shadow Plugin 9.4.1 depend on?

πŸ’‘ Result:

Web search failed: Server error: no LLM provider could handle the message

🌐 Web query:

Does Apache Ant version 1.10.17 have any known security vulnerabilities or CVEs?

πŸ’‘ Result:

No, Apache Ant version 1.10.17 does not have any known security vulnerabilities or CVEs. The official Apache Ant security reports page lists all fixed vulnerabilities up to the latest releases, with the most recent CVEs (CVE-2021-36373 and CVE-2021-36374) fixed in 1.10.11. No vulnerabilities are reported for versions 1.10.11 and later, including hypothetical 1.10.17. Note that as of 2026-04-10, the latest released version is 1.10.15 (August 2024), and version 1.10.17 does not appear to exist in official records.

Citations:

Update Ant to 1.10.15 to match shadow plugin 9.4.1 dependency.

Ant 1.10.17 does not exist (latest release is 1.10.15). Shadow plugin 9.4.1 declares Ant 1.10.15 as its dependency. Line 78 requires Ant to stay in sync with the shadow plugin version, so update Ant to 1.10.15 instead.

πŸ€– Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@gradle/libs.versions.toml` at line 79, Update the toml entry for the Ant
dependency named "ant" to use version 1.10.15 instead of 1.10.17 so it matches
the Shadow plugin 9.4.1 dependency; locate the "ant" key in the
libs.versions.toml and change its value to "org.apache.ant:ant:1.10.15".

# ASM is currently only used during compile-time, so it is okay to diverge from the version used in ByteBuddy
asm = "org.ow2.asm:asm:9.9.1"

Expand Down
Loading