Skip to content

[java] Use byte-buddy 1.18.8 instead of 1.18.8-jdk5#17382

Merged
diemol merged 5 commits into
SeleniumHQ:trunkfrom
pierluigilenoci:fix/byte-buddy-version
May 11, 2026
Merged

[java] Use byte-buddy 1.18.8 instead of 1.18.8-jdk5#17382
diemol merged 5 commits into
SeleniumHQ:trunkfrom
pierluigilenoci:fix/byte-buddy-version

Conversation

@pierluigilenoci

@pierluigilenoci pierluigilenoci commented Apr 24, 2026

Copy link
Copy Markdown
Contributor

🔗 Related Issues

Fixes #17355

💥 What does this PR do?

Changes the net.bytebuddy:byte-buddy dependency from 1.18.8-jdk5 to 1.18.8 in MODULE.bazel.

The -jdk5 flavor of byte-buddy is intended for Java versions lower than 8, which Selenium does not target. Using the -jdk5 variant causes Maven enforcer plugin failures in downstream projects because Maven considers 1.18.8-jdk5 as a higher version than the managed dependency 1.18.8, triggering convergence errors.

Note: The java/maven_install.json lock file will need to be regenerated after this change. A maintainer with Bazel set up can run:

REPIN=1 bazel run @unpinned_maven//:pin

🤖 AI assistance

  • AI assisted (complete below)
    • Tool(s): Claude Code (Anthropic)
    • What was generated: The commit and PR were created with AI assistance. The fix itself is a single-line version change in MODULE.bazel.
    • I reviewed all AI output and can explain the change

🔄 Types of changes

  • Bug fix

@pierluigilenoci
fix(java): use byte-buddy 1.18.8 instead of 1.18.8-jdk5
a7b0dd9 
The -jdk5 flavor of byte-buddy targets Java versions lower than 8,
which is not required by Selenium. Using the -jdk5 variant causes
Maven enforcer plugin failures because Maven considers 1.18.8-jdk5
as greater than the managed dependency 1.18.8.

Fixes #17355

Signed-off-by: Pierluigi Lenoci <pierluigilenoci@gmail.com>
@CLAassistant

CLAassistant commented Apr 24, 2026
edited
Loading

Copy link
Copy Markdown

CLA assistant check
All committers have signed the CLA.

@selenium-ci selenium-ci added the B-build Includes scripting, bazel and CI integrations label Apr 24, 2026
@qodo-code-review

qodo-code-review Bot commented Apr 24, 2026

Copy link
Copy Markdown
Contributor

Review Summary by Qodo

Update byte-buddy dependency to remove unnecessary JDK5 variant

🐞 Bug fix

Grey Divider

Walkthroughs

Description 
• Update byte-buddy dependency from 1.18.8-jdk5 to 1.18.8
• Resolves Maven enforcer convergence errors in downstream projects
• Removes unnecessary Java 5 compatibility variant

Grey Divider

File Changes

1. MODULE.bazel Dependencies +1/-1

Update byte-buddy version to standard release

• Changed byte-buddy version from 1.18.8-jdk5 to 1.18.8
• Removes JDK5-specific variant that causes Maven convergence issues
• Aligns with Selenium's Java 8+ target requirement

MODULE.bazel

Grey Divider

Qodo Logo

@qodo-code-review

qodo-code-review Bot commented Apr 24, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Code Review by Qodo

🐞 Bugs (0) 📘 Rule violations (1) 📎 Requirement gaps (0)

Grey Divider


Action required

1. Outdated Bazel lockfile ✓ Resolved 🐞 Bug ≡ Correctness
Description 
MODULE.bazel now requests net.bytebuddy:byte-buddy:1.18.8, but //java:maven_install.json still
pins net.bytebuddy:byte-buddy to 1.18.8-jdk5, which makes the lock file inconsistent with the
requested artifacts. With fail_if_repin_required = True and `lock_file =
"//java:maven_install.json"`, Bazel dependency resolution is expected to fail until the lock file is
repinned.
Code

MODULE.bazel[222]

+        "net.bytebuddy:byte-buddy:1.18.8",
Evidence 
The PR changes the requested Byte Buddy artifact version in MODULE.bazel, while the configured
lock file still pins the old -jdk5 variant; maven.install is configured to fail if a repin is
required, so this mismatch should be build-breaking.

MODULE.bazel[219-223]
MODULE.bazel[257-267]
java/maven_install.json[1236-1242]

Agent prompt 
The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
`MODULE.bazel` now requests `net.bytebuddy:byte-buddy:1.18.8` but the pinned lock file still records `1.18.8-jdk5`, which makes the Bazel maven lock inconsistent and is expected to fail because repinning is enforced.

## Issue Context
`maven.install(...)` is configured with `lock_file = "//java:maven_install.json"` and `fail_if_repin_required = True`, so any artifact/version change must be reflected in the lock file.

## Fix Focus Areas
- MODULE.bazel[257-267]
- java/maven_install.json[1236-1242]

## What to do
1. Regenerate the lock file (repin) so `net.bytebuddy:byte-buddy` is pinned to `1.18.8` and shasums match.
2. Commit the updated `java/maven_install.json` produced by the repin step.

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools


Remediation recommended

2. Unrelated lockfile hashes changed 📘 Rule violation ⚙ Maintainability
Description 
java/maven_install.json updates multiple non-Byte Buddy artifact hash entries, expanding the diff
beyond the stated dependency fix and increasing review/regression risk. If these changes aren’t
required for the Byte Buddy artifact switch, the lockfile should be regenerated in a way that
minimizes unrelated churn (or explicitly documented).
Code

java/maven_install.json[136]

+    "com.google.closure-stylesheets:closure-stylesheets": 813279907,
Evidence 
PR Compliance ID 3 requires narrowly-scoped diffs. The updated lockfile includes changed hash
entries for multiple artifacts other than net.bytebuddy:byte-buddy, indicating broader churn in
the generated pin data than the intended single-dependency adjustment.

AGENTS.md
java/maven_install.json[136-136]
java/maven_install.json[348-348]
java/maven_install.json[396-396]
java/maven_install.json[416-416]
java/maven_install.json[430-432]
java/maven_install.json[453-455]

Agent prompt 
The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
`java/maven_install.json` contains updates to multiple artifacts beyond the intended Byte Buddy artifact change, creating a broader diff than necessary.

## Issue Context
This PR’s stated goal is switching `net.bytebuddy:byte-buddy` from the `-jdk5` flavor to the non-`-jdk5` artifact. If the lockfile is regenerated with a different toolchain or non-deterministic inputs, it can introduce unrelated pin/hash changes.

## Fix Focus Areas
- java/maven_install.json[136-136]
- java/maven_install.json[348-348]
- java/maven_install.json[396-396]
- java/maven_install.json[416-416]
- java/maven_install.json[430-432]
- java/maven_install.json[453-455]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

Grey Divider

Qodo Logo

qodo-code-review[bot]
qodo-code-review Bot reviewed Apr 24, 2026
View reviewed changes
Comment thread MODULE.bazel
pierluigilenoci and others added 2 commits April 24, 2026 21:04
@pierluigilenoci
Merge branch 'trunk' into fix/byte-buddy-version
25d629d
@pierluigilenoci
fix(java): regenerate maven_install.json for byte-buddy 1.18.8
723cca6 
Update the Bazel Maven lockfile after changing byte-buddy from
1.18.8-jdk5 to 1.18.8. Recomputed input and resolved artifact
hashes and updated SHA256 checksums from Maven Central.

Signed-off-by: Pierluigi Lenoci <pierluigilenoci@gmail.com>
@pierluigilenoci

pierluigilenoci commented Apr 27, 2026

Copy link
Copy Markdown
Contributor Author

Regenerated java/maven_install.json to fix the lockfile signature mismatch after the byte-buddy version change.

Changes in java/maven_install.json:

  • Updated __INPUT_ARTIFACTS_HASH for net.bytebuddy:byte-buddy to match version 1.18.8
  • Updated artifact SHA256 checksums (jar + sources) from Maven Central
  • Updated version from 1.18.8-jdk5 to 1.18.8
  • Recomputed __RESOLVED_ARTIFACTS_HASH for 10 affected transitive dependents (mockito-core, assertj-core, selenium-remote-driver, selenium-support, etc.)

This is equivalent to running REPIN=1 bazel run @maven//:pin — the hash computation was done programmatically using the same algorithm as rules_jvm_external v3 lockfile format.

@qodo-code-review

qodo-code-review Bot commented May 10, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Persistent review updated to latest commit b687ac3

@qodo-code-review

qodo-code-review Bot commented May 11, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Persistent review updated to latest commit 54e1c97

@diemol diemol merged commit 9c5fe94 into SeleniumHQ:trunk May 11, 2026
19 checks passed
AutomatedTester pushed a commit that referenced this pull request May 11, 2026
@pierluigilenoci @diemol @AutomatedTester
[java] Use byte-buddy 1.18.8 instead of 1.18.8-jdk5 (#17382)
1a40141 
* fix(java): use byte-buddy 1.18.8 instead of 1.18.8-jdk5

The -jdk5 flavor of byte-buddy targets Java versions lower than 8,
which is not required by Selenium. Using the -jdk5 variant causes
Maven enforcer plugin failures because Maven considers 1.18.8-jdk5
as greater than the managed dependency 1.18.8.

Fixes #17355

Signed-off-by: Pierluigi Lenoci <pierluigilenoci@gmail.com>

* fix(java): regenerate maven_install.json for byte-buddy 1.18.8

Update the Bazel Maven lockfile after changing byte-buddy from
1.18.8-jdk5 to 1.18.8. Recomputed input and resolved artifact
hashes and updated SHA256 checksums from Maven Central.

Signed-off-by: Pierluigi Lenoci <pierluigilenoci@gmail.com>

---------

Signed-off-by: Pierluigi Lenoci <pierluigilenoci@gmail.com>
Co-authored-by: Diego Molina <diemol@users.noreply.github.com>
@pierluigilenoci pierluigilenoci mentioned this pull request May 19, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@qodo-code-review qodo-code-review[bot] qodo-code-review[bot] left review comments

@diemol diemol diemol approved these changes

Assignees

No one assigned

Labels

B-build Includes scripting, bazel and CI integrations

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[🐛 Bug]: Selenium should depend on net.bytebuddy:byte-buddy 1.18.8 instead of 1.18.8-jdk5

4 participants

@pierluigilenoci @CLAassistant @diemol @selenium-ci