From e274fc9f8c001baeeeed166f733923fdea4e80aa Mon Sep 17 00:00:00 2001
From: Julien HENRY <julien.henry@sonarsource.com>
Date: Wed, 11 Mar 2026 12:50:04 +0100
Subject: [PATCH 1/2] Update dependencies

* sslcontext-kickstart 10.0.2 -> 10.0.3
* mockito 5.20.0 -> 5.22.0
* junit-bom 5.14.1 -> 6.0.3
* commons-codec 1.20.0 -> 1.21.0

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 lib/pom.xml | 2 +-
 pom.xml     | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/lib/pom.xml b/lib/pom.xml
index cf6c12c9..2a977049 100644
--- a/lib/pom.xml
+++ b/lib/pom.xml
@@ -54,7 +54,7 @@
     <dependency>
       <groupId>io.github.hakky54</groupId>
       <artifactId>ayza</artifactId>
-      <version>10.0.2</version>
+      <version>10.0.3</version>
     </dependency>
     <dependency>
       <groupId>org.bouncycastle</groupId>
diff --git a/pom.xml b/pom.xml
index 8de43ff4..d3822762 100644
--- a/pom.xml
+++ b/pom.xml
@@ -54,7 +54,7 @@
 
     <!-- used for deployment to SonarSource Artifactory -->
     <gitRepositoryName>sonar-scanner-java-library</gitRepositoryName>
-    <mockito.version>5.20.0</mockito.version>
+    <mockito.version>5.22.0</mockito.version>
     <!-- Don't update to slf4j 2 to continue supporting the Scanner for Maven with Maven < 4 -->
     <slf4j.version>1.7.36</slf4j.version>
   </properties>
@@ -89,7 +89,7 @@
 			<dependency>
 				<groupId>org.junit</groupId>
 				<artifactId>junit-bom</artifactId>
-				<version>5.14.1</version>
+				<version>6.0.3</version>
 				<type>pom</type>
 				<scope>import</scope>
 			</dependency>
@@ -111,7 +111,7 @@
       <dependency>
         <groupId>commons-codec</groupId>
         <artifactId>commons-codec</artifactId>
-        <version>1.20.0</version>
+        <version>1.21.0</version>
       </dependency>
     </dependencies>
   </dependencyManagement>

From 9e2ceb98365a5297db7081199f300154a06e9071 Mon Sep 17 00:00:00 2001
From: Julien HENRY <julien.henry@sonarsource.com>
Date: Wed, 11 Mar 2026 09:07:25 +0100
Subject: [PATCH 2/2] Use more recent jdks in the build pipeline

By default mise uses openjdk that is only patched for 6 months.
https://github.com/jdx/mise/discussions/5138
---
 .github/workflows/build.yml                                   | 4 ++--
 .../src/test/java/com/sonar/scanner/lib/it/SSLTest.java       | 1 +
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 834abab1..5f3ffd50 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -28,7 +28,7 @@ jobs:
         with:
           version: 2025.7.12
           tool_versions: |
-            java 21
+            java temurin-21
 
       - uses: SonarSource/ci-github-actions/build-maven@v1
         with:
@@ -66,7 +66,7 @@ jobs:
         with:
           version: 2025.7.12
           tool_versions: |
-            java ${{ matrix.JAVA_VERSION }}
+            java temurin-${{ matrix.JAVA_VERSION }}
 
       - name: Getting Vault Secrets
         uses: SonarSource/vault-action-wrapper@v3
diff --git a/its/it-tests/src/test/java/com/sonar/scanner/lib/it/SSLTest.java b/its/it-tests/src/test/java/com/sonar/scanner/lib/it/SSLTest.java
index 7e55768e..18291119 100644
--- a/its/it-tests/src/test/java/com/sonar/scanner/lib/it/SSLTest.java
+++ b/its/it-tests/src/test/java/com/sonar/scanner/lib/it/SSLTest.java
@@ -231,6 +231,7 @@ public void simple_analysis_with_server_and_without_client_certificate_is_failin
       .containsAnyOf(
         // different exception is thrown depending on the JDK version. See: https://bugs.java.com/bugdatabase/view_bug.do?bug_id=8172163
         commonMessage + "Received fatal alert: bad_certificate",
+        commonMessage + "(certificate_required) Received fatal alert: certificate_required",
         commonMessage + "Broken pipe");
   }