Skip to content

Bump logback, jackson, mockito, and junit versions for security and consistency#87

Open
nthmost-orkes wants to merge 1 commit intomainfrom
fix/security-bumps-batch
Open

Bump logback, jackson, mockito, and junit versions for security and consistency#87
nthmost-orkes wants to merge 1 commit intomainfrom
fix/security-bumps-batch

Conversation

@nthmost-orkes
Copy link
Contributor

@nthmost-orkes nthmost-orkes commented Feb 27, 2026

Summary

  • logback-classic 1.5.6 → 1.5.20 across 3 modules (conductor-client, examples, tests) — fixes CVE-2024-12798 and CVE-2024-12801
  • jackson-datatype-jdk8 2.15.2 → 2.17.1 in conductor-client — aligns with project's jackson 2.17.x baseline
  • mockito-inline 5.2.0 → 5.12.0, mockito-core 5.4.0 → 5.12.0 in conductor-client — aligns with versions.gradle
  • junit 5.8.1/5.13.1 → 5.10.3 in examples — aligns with versions.gradle

Test plan

  • ./gradlew :conductor-client:test passes
  • ./gradlew :examples:test passes (if applicable)
  • ./gradlew build succeeds

🤖 Generated with Claude Code

@nthmost
Bump security-sensitive dependencies across java-sdk modules
1ee335d 
- logback-classic 1.5.6 -> 1.5.20 (fixes CVE-2024-12798, CVE-2024-12801)
- jackson-datatype-jdk8 2.15.2 -> 2.17.1 (align with project jackson version)
- mockito-inline/mockito-core aligned to 5.12.0 (match versions.gradle)
- junit versions in examples aligned to 5.10.3 (match versions.gradle)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nthmost-orkes @nthmost