From 2169b4e847fadcbe2a1cc9c35887277828bbf233 Mon Sep 17 00:00:00 2001 From: David Mihalcik Date: Wed, 21 Jan 2026 14:46:32 -0500 Subject: [PATCH 1/3] chore(deps): upgrade deps for JDK 25 compatibility MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Upgrade critical build dependencies to versions that support JDK 25 while maintaining Java 11 as the minimum target version (maven.compiler.release=11). Root cause: Kotlin 2.1.0 does not support JDK 25's version format, and ByteBuddy 1.14.12 (used by Mockito) only supports Java up to version 23. Changes made: Root POM (pom.xml): - ByteBuddy: 1.14.12 → 1.17.0 (adds Java 25 class file support) - Kotlin stdlib: 2.1.20 → 2.3.0 (adds JDK 25 support) - maven-compiler-plugin: 3.8.0 → 3.13.0 (stable JDK 25 support) - maven-surefire-plugin: 3.0.0 → 3.5.0 (updated test runner) - JUnit BOM: 5.10.1 → 5.10.2 (resolves dependency conflicts) SDK Module (sdk/pom.xml): - kotlin.version: 2.1.0 → 2.3.0 (adds JDK 25 support) - mockito-core: 5.2.0 → 5.11.0 (compatible with ByteBuddy 1.17.x) - mockito-junit-jupiter: 5.2.0 → 5.11.0 - mockito-inline: removed (functionality merged into mockito-core in 5.x) - dokka-maven-plugin: 2.0.0 → 2.1.0 (adds JDK 25 support) Verification: - Build: SUCCESS (all 4 modules built in 01:13 min) - Tests: PASSED (113 tests run, 0 failures, 0 errors, 2 skipped) - Maintains Java 11 backward compatibility - Kotlin compilation works without JavaVersion.parse errors - All Mockito-dependent tests pass with ByteBuddy 1.17.0 Breaking changes: None. The mockito-inline dependency removal does not affect functionality as its features are now part of mockito-core. --- pom.xml | 10 +++++----- sdk/pom.xml | 15 ++++----------- 2 files changed, 9 insertions(+), 16 deletions(-) diff --git a/pom.xml b/pom.xml index aed4b927..e33fa251 100644 --- a/pom.xml +++ b/pom.xml @@ -18,7 +18,7 @@ 4.29.2 1.82 10.0.0 - 1.14.12 + 1.17.0 0.8.13 jacoco @@ -55,7 +55,7 @@ org.junit junit-bom - 5.10.1 + 5.10.2 pom import @@ -145,7 +145,7 @@ org.jetbrains.kotlin kotlin-stdlib - 2.1.20 + 2.3.0 org.bouncycastle @@ -188,11 +188,11 @@ https://maven.apache.org/ref/current/maven-core/default-bindings.html#Plugin_bindings_for_jar_packaging --> maven-compiler-plugin - 3.8.0 + 3.13.0 maven-surefire-plugin - 3.0.0 + 3.5.0 maven-jar-plugin diff --git a/sdk/pom.xml b/sdk/pom.xml index 139cc828..87deea60 100644 --- a/sdk/pom.xml +++ b/sdk/pom.xml @@ -13,7 +13,7 @@ 0.22.1 https://github.com/CodeIntelligenceTesting/jazzer/releases/download/v${jazzer.version} - 2.1.0 + 2.3.0 0.7.2 4.12.0 protocol/go/v0.11.0 @@ -255,20 +255,13 @@ org.mockito mockito-core - 5.2.0 + 5.11.0 test org.mockito mockito-junit-jupiter - 5.2.0 - test - - - - org.mockito - mockito-inline - 5.2.0 + 5.11.0 test @@ -316,7 +309,7 @@ org.jetbrains.dokka dokka-maven-plugin - 2.0.0 + 2.1.0 javadoc From e8c8c661b43897b4f5ebbcdaa00fd00e44700167 Mon Sep 17 00:00:00 2001 From: David Mihalcik Date: Wed, 21 Jan 2026 16:34:57 -0500 Subject: [PATCH 2/3] refactor(deps): centralize version management using properties Implement Gemini Code Assist suggestions to improve maintainability by centralizing dependency and plugin version management. Changes: Root POM (pom.xml): - Added properties section with version management: - kotlin.version: 2.3.0 - junit-bom.version: 5.10.2 - mockito.version: 5.11.0 - maven-compiler-plugin.version: 3.13.0 - maven-surefire-plugin.version: 3.5.0 - dokka-maven-plugin.version: 2.1.0 - Updated all hardcoded versions to use ${property.name} syntax SDK Module (sdk/pom.xml): - Removed duplicate kotlin.version property (now inherited from parent) - Updated mockito-core to use ${mockito.version} - Updated mockito-junit-jupiter to use ${mockito.version} - Updated dokka-maven-plugin to use ${dokka-maven-plugin.version} Benefits: - Single source of truth for dependency versions - Easier future version updates - Ensures version consistency across modules - Follows Maven best practices Verification: - Build: SUCCESS (all 4 modules) - Tests: PASSED - All version properties resolve correctly Addresses all medium-priority suggestions from Gemini Code Assist PR review. Co-Authored-By: Claude Sonnet 4.5 --- pom.xml | 14 ++++++++++---- sdk/pom.xml | 7 +++---- 2 files changed, 13 insertions(+), 8 deletions(-) diff --git a/pom.xml b/pom.xml index e33fa251..2d7a6f99 100644 --- a/pom.xml +++ b/pom.xml @@ -19,6 +19,12 @@ 1.82 10.0.0 1.17.0 + 2.3.0 + 5.10.2 + 5.11.0 + 3.13.0 + 3.5.0 + 2.1.0 0.8.13 jacoco @@ -55,7 +61,7 @@ org.junit junit-bom - 5.10.2 + ${junit-bom.version} pom import @@ -145,7 +151,7 @@ org.jetbrains.kotlin kotlin-stdlib - 2.3.0 + ${kotlin.version} org.bouncycastle @@ -188,11 +194,11 @@ https://maven.apache.org/ref/current/maven-core/default-bindings.html#Plugin_bindings_for_jar_packaging --> maven-compiler-plugin - 3.13.0 + ${maven-compiler-plugin.version} maven-surefire-plugin - 3.5.0 + ${maven-surefire-plugin.version} maven-jar-plugin diff --git a/sdk/pom.xml b/sdk/pom.xml index 87deea60..bdd1351f 100644 --- a/sdk/pom.xml +++ b/sdk/pom.xml @@ -13,7 +13,6 @@ 0.22.1 https://github.com/CodeIntelligenceTesting/jazzer/releases/download/v${jazzer.version} - 2.3.0 0.7.2 4.12.0 protocol/go/v0.11.0 @@ -255,13 +254,13 @@ org.mockito mockito-core - 5.11.0 + ${mockito.version} test org.mockito mockito-junit-jupiter - 5.11.0 + ${mockito.version} test @@ -309,7 +308,7 @@ org.jetbrains.dokka dokka-maven-plugin - 2.1.0 + ${dokka-maven-plugin.version} javadoc From bfbd308f731100c806cc823d625a14bc6a2768ae Mon Sep 17 00:00:00 2001 From: David Mihalcik Date: Wed, 21 Jan 2026 16:41:35 -0500 Subject: [PATCH 3/3] chore(ci): update and pin CodeQL action to v4.31.10 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Update CodeQL action from unpinned @v3 to pinned version 4.31.10 (commit SHA: cdefb33c0f6224e58673d9004f47f7cb3e328b89). Changes: - github/codeql-action/init: v3 → v4.31.10 (pinned) - github/codeql-action/autobuild: v3 → v4.31.10 (pinned) - github/codeql-action/analyze: v3 → v4.31.10 (pinned) Benefits: - Security: Pinning to SHA ensures immutable action version - Latest features: CodeQL bundle updated to 2.23.9 - Transparency: Version tag in comments for readability Released: January 12, 2026 Changelog: https://github.com/github/codeql-action/blob/main/CHANGELOG.md Co-Authored-By: Claude Sonnet 4.5 --- .github/workflows/codeql.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index dd42d9f8..0190d6c0 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -27,17 +27,17 @@ jobs: uses: bufbuild/buf-setup-action@a47c93e0b1648d5651a065437926377d060baa99 # v1.50.0 - name: Initialize the CodeQL tools for scanning - uses: github/codeql-action/init@v3 + uses: github/codeql-action/init@cdefb33c0f6224e58673d9004f47f7cb3e328b89 # v4.31.10 with: languages: ${{ matrix.language }} timeout-minutes: 5 - name: Autobuild - uses: github/codeql-action/autobuild@v3 + uses: github/codeql-action/autobuild@cdefb33c0f6224e58673d9004f47f7cb3e328b89 # v4.31.10 timeout-minutes: 10 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 + uses: github/codeql-action/analyze@cdefb33c0f6224e58673d9004f47f7cb3e328b89 # v4.31.10 with: category: "/language:${{matrix.language}}" timeout-minutes: 10