fix(sdk): upgrade deps for JDK 25 compatibility #332
Conversation
Summary of ChangesHello @dmihalcik-virtru, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request focuses on modernizing the project's build environment by upgrading several key dependencies to ensure compatibility with JDK 25, while explicitly maintaining backward compatibility with Java 11. The changes address specific limitations in older dependency versions, such as Kotlin's JDK 25 version format handling and ByteBuddy's Java version support, thereby enhancing the project's stability and future-proofing against newer Java releases. Highlights
🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console. Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request effectively upgrades dependencies for JDK 25 compatibility. The changes are well-described and address the root causes. My review focuses on improving the maintainability of the POM files by suggesting the use of properties for dependency and plugin versions. This practice centralizes version management, reduces redundancy, and simplifies future updates, making the project easier to maintain in the long run.
pom.xml
Outdated
| <groupId>org.junit</groupId> | ||
| <artifactId>junit-bom</artifactId> | ||
| <version>5.10.1</version> | ||
| <version>5.10.2</version> |
There was a problem hiding this comment.
For better maintainability, consider defining the version of the JUnit BOM as a property (e.g., <junit-bom.version>) in the <properties> section and referencing it here.
| <version>5.10.2</version> | |
| <version>${junit-bom.version}</version> |
pom.xml
Outdated
| <groupId>org.jetbrains.kotlin</groupId> | ||
| <artifactId>kotlin-stdlib</artifactId> | ||
| <version>2.1.20</version> | ||
| <version>2.3.0</version> |
There was a problem hiding this comment.
To centralize dependency management and ensure version consistency across modules, it's best practice to define the Kotlin version as a property in the root pom.xml. Please define a <kotlin.version> property in the <properties> section of this file and use it here. The redundant kotlin.version property in sdk/pom.xml should then be removed.
| <version>2.3.0</version> | |
| <version>${kotlin.version}</version> |
pom.xml
Outdated
| <plugin> | ||
| <artifactId>maven-compiler-plugin</artifactId> | ||
| <version>3.8.0</version> | ||
| <version>3.13.0</version> |
There was a problem hiding this comment.
For better maintainability, consider defining the version of this plugin as a property (e.g., <maven-compiler-plugin.version>) in the <properties> section and referencing it here.
| <version>3.13.0</version> | |
| <version>${maven-compiler-plugin.version}</version> |
pom.xml
Outdated
| <plugin> | ||
| <artifactId>maven-surefire-plugin</artifactId> | ||
| <version>3.0.0</version> | ||
| <version>3.5.0</version> |
There was a problem hiding this comment.
For better maintainability, consider defining the version of this plugin as a property (e.g., <maven-surefire-plugin.version>) in the <properties> section and referencing it here.
| <version>3.5.0</version> | |
| <version>${maven-surefire-plugin.version}</version> |
sdk/pom.xml
Outdated
| <jazzer.baseurl> | ||
| https://github.com/CodeIntelligenceTesting/jazzer/releases/download/v${jazzer.version}</jazzer.baseurl> | ||
| <kotlin.version>2.1.0</kotlin.version> | ||
| <kotlin.version>2.3.0</kotlin.version> |
There was a problem hiding this comment.
This kotlin.version property should be defined in the parent pom.xml and inherited by this module to ensure version consistency across the project. Please remove this property definition from the sdk module's POM after defining it in the root POM.
| <dependency> | ||
| <groupId>org.mockito</groupId> | ||
| <artifactId>mockito-core</artifactId> | ||
| <version>5.2.0</version> | ||
| <version>5.11.0</version> | ||
| <scope>test</scope> | ||
| </dependency> | ||
| <dependency> | ||
| <groupId>org.mockito</groupId> | ||
| <artifactId>mockito-junit-jupiter</artifactId> | ||
| <version>5.2.0</version> | ||
| <scope>test</scope> | ||
| </dependency> | ||
| <!-- Mockito Inline Dependency for mocking final classes --> | ||
| <dependency> | ||
| <groupId>org.mockito</groupId> | ||
| <artifactId>mockito-inline</artifactId> | ||
| <version>5.2.0</version> | ||
| <version>5.11.0</version> | ||
| <scope>test</scope> | ||
| </dependency> |
There was a problem hiding this comment.
To improve maintainability and ensure consistent versions for Mockito artifacts, it's a good practice to define a mockito.version property in the parent pom.xml's <properties> section and use it for all Mockito dependencies. This also makes future upgrades easier.
| <dependency> | |
| <groupId>org.mockito</groupId> | |
| <artifactId>mockito-core</artifactId> | |
| <version>5.2.0</version> | |
| <version>5.11.0</version> | |
| <scope>test</scope> | |
| </dependency> | |
| <dependency> | |
| <groupId>org.mockito</groupId> | |
| <artifactId>mockito-junit-jupiter</artifactId> | |
| <version>5.2.0</version> | |
| <scope>test</scope> | |
| </dependency> | |
| <!-- Mockito Inline Dependency for mocking final classes --> | |
| <dependency> | |
| <groupId>org.mockito</groupId> | |
| <artifactId>mockito-inline</artifactId> | |
| <version>5.2.0</version> | |
| <version>5.11.0</version> | |
| <scope>test</scope> | |
| </dependency> | |
| <dependency> | |
| <groupId>org.mockito</groupId> | |
| <artifactId>mockito-core</artifactId> | |
| <version>${mockito.version}</version> | |
| <scope>test</scope> | |
| </dependency> | |
| <dependency> | |
| <groupId>org.mockito</groupId> | |
| <artifactId>mockito-junit-jupiter</artifactId> | |
| <version>${mockito.version}</version> | |
| <scope>test</scope> | |
| </dependency> |
sdk/pom.xml
Outdated
| <groupId>org.jetbrains.dokka</groupId> | ||
| <artifactId>dokka-maven-plugin</artifactId> | ||
| <version>2.0.0</version> | ||
| <version>2.1.0</version> |
There was a problem hiding this comment.
For better maintainability, consider defining the version of this plugin as a property (e.g., <dokka-maven-plugin.version>) in the <properties> section (preferably in the parent POM) and referencing it here.
| <version>2.1.0</version> | |
| <version>${dokka-maven-plugin.version}</version> |
dmihalcik-virtru
changed the title
|
It sounds like support for kotlin 2.3.x is coming to codeql in a few weeks: github/codeql#20661 |
Upgrade critical build dependencies to versions that support JDK 25 while maintaining Java 11 as the minimum target version (maven.compiler.release=11). Root cause: Kotlin 2.1.0 does not support JDK 25's version format, and ByteBuddy 1.14.12 (used by Mockito) only supports Java up to version 23. Changes made: Root POM (pom.xml): - ByteBuddy: 1.14.12 → 1.17.0 (adds Java 25 class file support) - Kotlin stdlib: 2.1.20 → 2.3.0 (adds JDK 25 support) - maven-compiler-plugin: 3.8.0 → 3.13.0 (stable JDK 25 support) - maven-surefire-plugin: 3.0.0 → 3.5.0 (updated test runner) - JUnit BOM: 5.10.1 → 5.10.2 (resolves dependency conflicts) SDK Module (sdk/pom.xml): - kotlin.version: 2.1.0 → 2.3.0 (adds JDK 25 support) - mockito-core: 5.2.0 → 5.11.0 (compatible with ByteBuddy 1.17.x) - mockito-junit-jupiter: 5.2.0 → 5.11.0 - mockito-inline: removed (functionality merged into mockito-core in 5.x) - dokka-maven-plugin: 2.0.0 → 2.1.0 (adds JDK 25 support) Verification: - Build: SUCCESS (all 4 modules built in 01:13 min) - Tests: PASSED (113 tests run, 0 failures, 0 errors, 2 skipped) - Maintains Java 11 backward compatibility - Kotlin compilation works without JavaVersion.parse errors - All Mockito-dependent tests pass with ByteBuddy 1.17.0 Breaking changes: None. The mockito-inline dependency removal does not affect functionality as its features are now part of mockito-core.
Implement Gemini Code Assist suggestions to improve maintainability
by centralizing dependency and plugin version management.
Changes:
Root POM (pom.xml):
- Added properties section with version management:
- kotlin.version: 2.3.0
- junit-bom.version: 5.10.2
- mockito.version: 5.11.0
- maven-compiler-plugin.version: 3.13.0
- maven-surefire-plugin.version: 3.5.0
- dokka-maven-plugin.version: 2.1.0
- Updated all hardcoded versions to use ${property.name} syntax
SDK Module (sdk/pom.xml):
- Removed duplicate kotlin.version property (now inherited from parent)
- Updated mockito-core to use ${mockito.version}
- Updated mockito-junit-jupiter to use ${mockito.version}
- Updated dokka-maven-plugin to use ${dokka-maven-plugin.version}
Benefits:
- Single source of truth for dependency versions
- Easier future version updates
- Ensures version consistency across modules
- Follows Maven best practices
Verification:
- Build: SUCCESS (all 4 modules)
- Tests: PASSED
- All version properties resolve correctly
Addresses all medium-priority suggestions from Gemini Code Assist PR review.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Update CodeQL action from unpinned @V3 to pinned version 4.31.10 (commit SHA: cdefb33c0f6224e58673d9004f47f7cb3e328b89). Changes: - github/codeql-action/init: v3 → v4.31.10 (pinned) - github/codeql-action/autobuild: v3 → v4.31.10 (pinned) - github/codeql-action/analyze: v3 → v4.31.10 (pinned) Benefits: - Security: Pinning to SHA ensures immutable action version - Latest features: CodeQL bundle updated to 2.23.9 - Transparency: Version tag in comments for readability Released: January 12, 2026 Changelog: https://github.com/github/codeql-action/blob/main/CHANGELOG.md Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
dmihalcik-virtru
force-pushed
the
feature/upgrade-jdk
branch
from
f6dcf09 to
bfbd308
Compare
|
X-Test Results✅ js-main |
I'm running 25 locally so I had claude sonnet do this upgrade for me in a background tab. It kinda seems random about the version updates, but they don't seem too problematic. LMK if you want me to manually check to make sure they are the latest or the most recent patch of their minor version.
Upgrade critical build dependencies to versions that support JDK 25 while maintaining Java 11 as the minimum target version (maven.compiler.release=11).
Root cause: Kotlin 2.1.0 does not support JDK 25's version format, and ByteBuddy 1.14.12 (used by Mockito) only supports Java up to version 23.
Changes made:
Root POM (pom.xml):
SDK Module (sdk/pom.xml):
Verification:
Breaking changes: None. The mockito-inline dependency removal does not affect functionality as its features are now part of mockito-core.