From 1ee335dd58e8c309d3ae5b4a4cf66431055001d0 Mon Sep 17 00:00:00 2001
From: Naomi Most <naomi@nthmost.com>
Date: Fri, 27 Feb 2026 14:51:29 -0800
Subject: [PATCH] Bump security-sensitive dependencies across java-sdk modules

- logback-classic 1.5.6 -> 1.5.20 (fixes CVE-2024-12798, CVE-2024-12801)
- jackson-datatype-jdk8 2.15.2 -> 2.17.1 (align with project jackson version)
- mockito-inline/mockito-core aligned to 5.12.0 (match versions.gradle)
- junit versions in examples aligned to 5.10.3 (match versions.gradle)
---
 conductor-client/build.gradle | 8 ++++----
 examples/build.gradle         | 6 +++---
 tests/build.gradle            | 2 +-
 3 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/conductor-client/build.gradle b/conductor-client/build.gradle
index 31c80dd..a7c34b0 100644
--- a/conductor-client/build.gradle
+++ b/conductor-client/build.gradle
@@ -21,12 +21,12 @@ dependencies {
     testImplementation "org.junit.jupiter:junit-jupiter-api:${versions.junit}"
     testRuntimeOnly "org.junit.jupiter:junit-jupiter-engine:${versions.junit}"
 
-    testImplementation 'org.mockito:mockito-inline:5.2.0'
-    testImplementation 'org.mockito:mockito-core:5.4.0'
+    testImplementation 'org.mockito:mockito-inline:5.12.0'
+    testImplementation 'org.mockito:mockito-core:5.12.0'
     testImplementation 'org.spockframework:spock-core:2.3-groovy-3.0'
     testImplementation 'org.codehaus.groovy:groovy:3.0.25'
-    testImplementation 'ch.qos.logback:logback-classic:1.5.6'
-    testImplementation 'com.fasterxml.jackson.datatype:jackson-datatype-jdk8:2.15.2'
+    testImplementation 'ch.qos.logback:logback-classic:1.5.20'
+    testImplementation 'com.fasterxml.jackson.datatype:jackson-datatype-jdk8:2.17.1'
 }
 
 java {
diff --git a/examples/build.gradle b/examples/build.gradle
index a745455..6fd468f 100644
--- a/examples/build.gradle
+++ b/examples/build.gradle
@@ -17,11 +17,11 @@ dependencies {
     implementation project(':conductor-client')
     implementation project(':java-sdk')
     implementation project(':orkes-client')
-    implementation "ch.qos.logback:logback-classic:1.5.6"
+    implementation "ch.qos.logback:logback-classic:1.5.20"
     implementation 'io.micrometer:micrometer-registry-prometheus:1.15.1'
 
-    testImplementation 'org.junit.jupiter:junit-jupiter-api:5.8.1'
-    testRuntimeOnly 'org.junit.jupiter:junit-jupiter-engine:5.13.1'
+    testImplementation 'org.junit.jupiter:junit-jupiter-api:5.10.3'
+    testRuntimeOnly 'org.junit.jupiter:junit-jupiter-engine:5.10.3'
 }
 
 test {
diff --git a/tests/build.gradle b/tests/build.gradle
index 560b047..b1e1146 100644
--- a/tests/build.gradle
+++ b/tests/build.gradle
@@ -14,7 +14,7 @@ dependencies {
 
     testImplementation "org.junit.jupiter:junit-jupiter-api:${versions.junit}"
     testRuntimeOnly "org.junit.jupiter:junit-jupiter-engine:${versions.junit}"
-    testImplementation "ch.qos.logback:logback-classic:1.5.6"
+    testImplementation "ch.qos.logback:logback-classic:1.5.20"
     testImplementation "org.mockito:mockito-core:${versions.mockito}"
     testImplementation "org.testcontainers:localstack:${versions.testContainers}"
     testImplementation "org.testcontainers:testcontainers:${versions.testContainers}"