Skip to content

chore: update bazel dependencies #1041

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
simonresch wants to merge 3 commits into
base: main
Choose a base branch
from
Open

chore: update bazel dependencies #1041

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
b12a2f4
chore(deps): update bazel dependencies
renovate[bot] Feb 9, 2026
a6b1765
chore(deps): update github actions
renovate[bot] Feb 9, 2026
7e938e2
chore: fix versions of vulnerable test deps
simonresch Feb 10, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/check-formatting.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ jobs:
runs-on: ubuntu-22.04

steps:
- uses: actions/checkout@v5
- uses: actions/checkout@v6

- name: Run format.sh and print changes
env:
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/fuzzing.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ jobs:
bazel_args: "--xcode_version_config=//.github:host_xcodes"

steps:
- uses: actions/checkout@v5
- uses: actions/checkout@v6

- name: Set up JDK
uses: actions/setup-java@v5
Expand All @@ -45,7 +45,7 @@ jobs:
shell: bash

- name: Cache Fuzzing Corpus
uses: actions/cache@v4
uses: actions/cache@v5
with:
path: |
selffuzz/src/test/resources/.corpus
Expand Down
24 changes: 12 additions & 12 deletions .github/workflows/prerelease.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ jobs:
name: windows

steps:
- uses: actions/checkout@v5
- uses: actions/checkout@v6

- name: Set up JDK
uses: actions/setup-java@v5
Expand Down Expand Up @@ -54,14 +54,14 @@ jobs:
cp -L $(bazel cquery --output=files :jazzer_release) jazzer-${{ matrix.name }}.tar.gz

- name: Upload jazzer.jar
uses: actions/upload-artifact@v5
uses: actions/upload-artifact@v6
with:
name: jazzer_tmp_${{ matrix.name }}
path: jazzer-${{ matrix.name }}.jar
if-no-files-found: error

- name: Upload release archive
uses: actions/upload-artifact@v5
uses: actions/upload-artifact@v6
with:
name: jazzer_releases_${{ matrix.name }}
path: jazzer-${{ matrix.name }}.tar.gz
Expand All @@ -72,10 +72,10 @@ jobs:
needs: build_release

steps:
- uses: actions/checkout@v5
- uses: actions/checkout@v6

- name: Download individual jars
uses: actions/download-artifact@v6
uses: actions/download-artifact@v7
with:
pattern: jazzer_tmp_*
merge-multiple: true
Expand All @@ -88,7 +88,7 @@ jobs:
$(find "$(pwd)/_tmp/" -name '*.jar' -printf "--sources %h/%f ")

- name: Upload merged jar
uses: actions/upload-artifact@v5
uses: actions/upload-artifact@v6
with:
name: jazzer
path: _tmp/jazzer.jar
Expand All @@ -102,7 +102,7 @@ jobs:
name: Deploy

steps:
- uses: actions/checkout@v5
- uses: actions/checkout@v6

- name: Set up JDK
uses: actions/setup-java@v5
Expand All @@ -119,7 +119,7 @@ jobs:
echo "build --//deploy:jazzer_version=${TAG#v}" >> .bazelrc

- name: Download merged jar
uses: actions/download-artifact@v6
uses: actions/download-artifact@v7
with:
name: jazzer
path: _tmp/
Expand All @@ -135,7 +135,7 @@ jobs:

# In case something goes wrong, we can still reupload the bundle manually
- name: Upload Jazzer Bundle to Github Artifacts
uses: actions/upload-artifact@v5
uses: actions/upload-artifact@v6
with:
name: jazzer-maven-central-bundle
path: _tmp/jazzer-maven-central-bundle.tar.gz
Expand Down Expand Up @@ -163,17 +163,17 @@ jobs:

steps:
- name: checkout
uses: actions/checkout@v5
uses: actions/checkout@v6

- name: Download individual tar.gzs
uses: actions/download-artifact@v6
uses: actions/download-artifact@v7
with:
pattern: jazzer_releases_*
merge-multiple: true
path: _releases/

- name: create release
uses: softprops/action-gh-release@6da8fa9354ddfdc4aeace5fc48d7f679b5214090 # v2.4.1
uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2.5.0
with:
generate_release_notes: true
draft: true
Expand Down
8 changes: 4 additions & 4 deletions .github/workflows/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ jobs:

steps:
- name: checkout
uses: actions/checkout@v5
uses: actions/checkout@v6

- name: Build documentation
run: |
Expand All @@ -23,7 +23,7 @@ jobs:
cp $(bazel cquery --output=files //deploy:jazzer-junit-docs) ./jazzer-junit-docs.jar

- name: Upload jars
uses: actions/upload-artifact@v5
uses: actions/upload-artifact@v6
with:
name: jazzer_docs_jars
path: |
Expand All @@ -41,13 +41,13 @@ jobs:

steps:
- name: checkout docs
uses: actions/checkout@v5
uses: actions/checkout@v6
with:
repository: 'CodeIntelligenceTesting/jazzer-docs'
ssh-key: "${{ secrets.JAZZER_DOCS_SSH_KEY_PRIVATE }}"

- name: Download jar
uses: actions/download-artifact@v6
uses: actions/download-artifact@v7
with:
name: jazzer_docs_jars
path: .
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/run-all-tests-pr.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ jobs:
arch: "windows"

steps:
- uses: actions/checkout@v5
- uses: actions/checkout@v6

- name: Set up JDK
uses: actions/setup-java@v5
Expand All @@ -54,7 +54,7 @@ jobs:
echo "C:\Program Files\LLVM\bin" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append

- name: Load fuzzing corpus cache
uses: actions/cache/restore@v4
uses: actions/cache/restore@v5
with:
path: |
selffuzz/src/test/resources/.corpus
Expand All @@ -74,7 +74,7 @@ jobs:

- name: Upload test logs
if: always()
uses: actions/upload-artifact@v5
uses: actions/upload-artifact@v6
with:
name: testlogs-${{ matrix.arch }}-${{ matrix.jdk }}
# https://github.com/actions/upload-artifact/issues/92#issuecomment-711107236
Expand Down
27 changes: 15 additions & 12 deletions MODULE.bazel
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,28 +7,28 @@ module(name = "jazzer")
################################################################################

bazel_dep(name = "abseil-cpp", version = "20250814.1")
bazel_dep(name = "apple_support", version = "1.24.5")
bazel_dep(name = "apple_support", version = "2.2.0")
bazel_dep(name = "bazel_jar_jar", version = "0.1.11")
bazel_dep(name = "bazel_skylib", version = "1.8.2")
bazel_dep(name = "buildifier_prebuilt", version = "8.2.1")
bazel_dep(name = "bazel_skylib", version = "1.9.0")
bazel_dep(name = "buildifier_prebuilt", version = "8.2.1.2")

# TODO: Starting with version 0.28.0 the JUnit test runner is compiled for Java 11 which breaks our JDK 8 tests.
# https://github.com/bazel-contrib/rules_jvm/pull/307
bazel_dep(name = "contrib_rules_jvm", version = "0.27.0")
bazel_dep(name = "googletest", version = "1.17.0.bcr.2")
bazel_dep(name = "platforms", version = "1.0.0")
bazel_dep(name = "protobuf", version = "33.1")
bazel_dep(name = "rules_android", version = "0.6.6")
bazel_dep(name = "protobuf", version = "33.5")
bazel_dep(name = "rules_android", version = "0.7.1")
bazel_dep(name = "rules_android_ndk", version = "0.1.3")
bazel_dep(name = "rules_foreign_cc", version = "0.15.1")
bazel_dep(name = "rules_java", version = "9.1.0")
bazel_dep(name = "rules_java", version = "9.4.0")
bazel_dep(name = "rules_jni", version = "0.11.1")
bazel_dep(name = "rules_jvm_external", version = "6.9")
bazel_dep(name = "rules_kotlin", version = "2.2.0")
bazel_dep(name = "rules_jvm_external", version = "6.10")
bazel_dep(name = "rules_kotlin", version = "2.2.2")
bazel_dep(name = "rules_license", version = "1.0.0")
bazel_dep(name = "rules_pkg", version = "1.1.0")
bazel_dep(name = "rules_cc", version = "0.2.14")
bazel_dep(name = "toolchains_llvm", version = "1.5.0")
bazel_dep(name = "rules_pkg", version = "1.2.0")
bazel_dep(name = "rules_cc", version = "0.2.16")
bazel_dep(name = "toolchains_llvm", version = "1.6.0")

################################################################################
# Maven dependencies
Expand Down Expand Up @@ -77,6 +77,7 @@ TEST_MAVEN_ARTIFACTS_FIXED = [
TEST_MAVEN_ARTIFACTS = [
# keep sorted
# renovate: keep updated
"com.google.code.gson:gson:2.13.2",
"com.google.truth.extensions:truth-java8-extension:1.4.5",
"com.google.truth.extensions:truth-liteproto-extension:1.4.5",
"com.google.truth.extensions:truth-proto-extension:1.4.5",
Expand Down Expand Up @@ -106,7 +107,6 @@ VULNERABLE_TEST_MAVEN_ARTIFACTS = [
"com.fasterxml.jackson.core:jackson-core:2.12.1",
"com.fasterxml.jackson.core:jackson-databind:2.12.1",
"com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:2.12.1",
"com.google.code.gson:gson:2.8.6",
"com.h2database:h2:2.1.212",
"com.mikesamuel:json-sanitizer:1.2.1",
"com.unboundid:unboundid-ldapsdk:6.0.3",
Expand Down Expand Up @@ -155,6 +155,9 @@ maven.override(
maven.artifact(
testonly = True,
artifact = coordinate.split(":")[1],
# Force vulnerable versions. Otherwise version selection might land on patched versions if a newer version is
# in the dependeny tree.
force_version = coordinate in VULNERABLE_TEST_MAVEN_ARTIFACTS,
group = coordinate.split(":")[0],
version = coordinate.split(":")[2],
)
Expand Down
2 changes: 1 addition & 1 deletion examples/src/main/java/com/example/JsonSanitizerValidJsonFuzzer.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ public static void fuzzerTestOneInput(FuzzedDataProvider data) {
// that trust the output of the sanitizer.
try {
Gson gson = new Gson();
gson.fromJson(validJson, JsonElement.class);
Object unused = gson.fromJson(validJson, JsonElement.class);
} catch (Exception e) {
throw new FuzzerSecurityIssueLow("Output is invalid JSON", e);
}
Expand Down
Loading