Skip to content

Bump logback, jackson, mockito, and junit versions for security and consistency#87

Merged
v1r3n merged 3 commits intomainfrom
fix/security-bumps-batch
Apr 27, 2026
Merged

Bump logback, jackson, mockito, and junit versions for security and consistency#87
v1r3n merged 3 commits intomainfrom
fix/security-bumps-batch

Conversation

@nthmost-orkes
Copy link
Copy Markdown
Contributor

@nthmost-orkes nthmost-orkes commented Feb 27, 2026
edited
Loading

Summary

  • logback-classic 1.5.6 → 1.5.20 across 3 modules (conductor-client, examples/old, tests) — fixes CVE-2024-12798 and CVE-2024-12801
  • jackson-datatype-jdk8 2.15.2 → 2.17.1 in conductor-client — aligns with project's jackson 2.17.x baseline
  • mockito-inline removed from conductor-client — merged into mockito-core in Mockito 5.x; mockito-inline:5.x does not exist on Maven Central
  • mockito-core 5.4.0 → 5.12.0 in conductor-client and conductor-client-metrics — aligns with versions.gradle
  • junit 5.8.1/5.13.1 → 5.10.3 in conductor-client-metrics and examples/old — aligns with versions.gradle

Test plan

  • ./gradlew :conductor-client:test passes
  • ./gradlew :conductor-client-metrics:test passes
  • ./gradlew build succeeds

@nthmost-orkes
Copy link
Copy Markdown
Contributor Author

nthmost-orkes commented Apr 27, 2026

Fixed the CI failure — mockito-inline was removed as a separate artifact in Mockito 5.x (inline mocking is now built into mockito-core). Dropped the line; mockito-core:5.12.0 covers it.

@nthmost-orkes nthmost-orkes requested a review from v1r3n April 27, 2026 21:55
nthmost and others added 2 commits April 27, 2026 14:56
@nthmost @nthmost-orkes
Bump security-sensitive dependencies across java-sdk modules
e04e754 
- logback-classic 1.5.6 -> 1.5.20 (fixes CVE-2024-12798, CVE-2024-12801)
- jackson-datatype-jdk8 2.15.2 -> 2.17.1 (align with project jackson version)
- mockito-inline/mockito-core aligned to 5.12.0 (match versions.gradle)
- junit versions in examples aligned to 5.10.3 (match versions.gradle)
@nthmost-orkes
fix: remove mockito-inline (merged into mockito-core in Mockito 5.x)
19799ab
@nthmost-orkes nthmost-orkes force-pushed the fix/security-bumps-batch branch from c28138d to 19799ab Compare April 27, 2026 21:57
@codecov
Copy link
Copy Markdown

codecov Bot commented Apr 27, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

This was referenced Apr 27, 2026
Closed
Closed
Closed
@v1r3n v1r3n merged commit fd8b1eb into main Apr 27, 2026
9 checks passed
@v1r3n v1r3n deleted the fix/security-bumps-batch branch April 27, 2026 22:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@v1r3n v1r3n v1r3n approved these changes

@chrishagglund-ship-it chrishagglund-ship-it Awaiting requested review from chrishagglund-ship-it

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@nthmost-orkes @v1r3n @nthmost