chore(ci): Run unit tests for GraalVM as well during build.

[phipag]

Summary

This PR adds a graalvm-build job to the check-build workflow. The goal of this workflow is to verify that unit tests in the native image pass. Runtime errors are already caught by the E2E tests (#1805).

The key changes are:

• Cleanup unncessary bytebuddy build time initialization arguments
• Refactor Lambda Context mocking into a centralized stubbed Lambda Context in powertools-common. This will allow for consistent assertions regarding function names etc. across all unit tests in the library.
• Upgrade to Mockito 5.19.1-SNAPSHOT which fixes a GraalVM compatibility issue (Native Tests (GraalVM) fail for Mockito >=5.17.0 using mockito-subclass MockMaker mockito/mockito#3709)
  • Since this is a test dependency it is okay to rely on the SNAPSHOT version temporarily (issue tracking removal: Maintenance: Remove SNAPSHOT version dependency of mockito-core again #2079)
• Add graalvm-build GH actions job compiling a native image and running native tests against it

Changes

Issue number: #1803

---

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

Disclaimer: We value your time and bandwidth. As such, any pull requests created on non-triaged issues might not be successful.

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ❌ 1 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ✅ 0 package(s) with unknown licenses.

See the Details below.

License Issues

.github/workflows/check-build.yml

Package	Version	License	Issue Type
graalvm/setup-graalvm	7f488cf82a3629ee755e4e97342c01d6bed318fa	UPL-1.0	Incompatible License

Allowed Licenses: Apache-1.1, Apache-2.0, ISC, MIT, MIT-0, MIT-CMU, MIT-enna, MIT-feh, MIT-Festival, MIT-Modern-Variant, MIT-open-group, MIT-testregex, MIT-Wu, BSD-1-Clause, BSD-2-Clause, BSD-2-Clause-Views, BSD-3-Clause, BSD-3-Clause-Attribution, BSD-3-Clause-Clear, BSD-3-Clause-flex, BSD-3-Clause-HP, BSD-3-Clause-LBNL, BSD-3-Clause-Modification, BSD-3-Clause-No-Military-License, BSD-3-Clause-No-Nuclear-License, BSD-3-Clause-No-Nuclear-License-2014, BSD-3-Clause-No-Nuclear-Warranty, BSD-3-Clause-Open-MPI

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
actions/graalvm/setup-graalvm	7f488cf82a3629ee755e4e97342c01d6bed318fa	🟢 6.9	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Code-Review 🟢 10 all changesets reviewed Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 19 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected
maven/org.junit-pioneer:junit-pioneer	2.3.0	🟢 5.3	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 8 Found 26/30 approved changesets -- score normalized to 8 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Maintained 🟢 5 2 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 5 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Binary-Artifacts 🟢 10 no binaries found in the repo Packaging 🟢 10 packaging workflow detected SAST 🟢 5 SAST tool is not run on all commits -- score normalized to 5
maven/org.mockito:mockito-core	5.19.1-SNAPSHOT	🟢 7.5	Details Check Score Reason Security-Policy 🟢 9 security policy file detected Maintained 🟢 10 30 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 8 Found 5/6 approved changesets -- score normalized to 8 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege License 🟢 10 license file detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Binary-Artifacts 🟢 10 no binaries found in the repo Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
maven/org.mockito:mockito-junit-jupiter	5.19.1-SNAPSHOT	🟢 7.5	Details Check Score Reason Security-Policy 🟢 9 security policy file detected Maintained 🟢 10 30 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 8 Found 5/6 approved changesets -- score normalized to 8 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege License 🟢 10 license file detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Binary-Artifacts 🟢 10 no binaries found in the repo Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
maven/org.mockito:mockito-subclass	5.19.1-SNAPSHOT	🟢 7.5	Details Check Score Reason Security-Policy 🟢 9 security policy file detected Maintained 🟢 10 30 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 8 Found 5/6 approved changesets -- score normalized to 8 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege License 🟢 10 license file detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Binary-Artifacts 🟢 10 no binaries found in the repo Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
maven/org.apache.maven.plugins:maven-jar-plugin		Unknown	Unknown
maven/org.mockito:mockito-subclass		🟢 7.5	Details Check Score Reason Security-Policy 🟢 9 security policy file detected Maintained 🟢 10 30 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 8 Found 5/6 approved changesets -- score normalized to 8 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege License 🟢 10 license file detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Binary-Artifacts 🟢 10 no binaries found in the repo Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
maven/software.amazon.lambda:powertools-common	2.3.0	🟢 7.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 30 issue activity found in the last 90 days -- score normalized to 10 Dependency-Update-Tool 🟢 10 update tool detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 10 all changesets reviewed Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 8 binaries present in source code Pinned-Dependencies 🟢 10 all dependencies are pinned CII-Best-Practices 🟢 5 badge detected: Passing SAST 🟢 10 SAST tool is run on all commits License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Fuzzing ⚠️ 0 project is not fuzzed Packaging 🟢 10 packaging workflow detected Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches CI-Tests 🟢 10 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 8 contributing companies or organizations Vulnerabilities 🟢 6 4 existing vulnerabilities detected
maven/software.amazon.lambda:powertools-common	2.3.0	🟢 7.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 30 issue activity found in the last 90 days -- score normalized to 10 Dependency-Update-Tool 🟢 10 update tool detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 10 all changesets reviewed Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 8 binaries present in source code Pinned-Dependencies 🟢 10 all dependencies are pinned CII-Best-Practices 🟢 5 badge detected: Passing SAST 🟢 10 SAST tool is run on all commits License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Fuzzing ⚠️ 0 project is not fuzzed Packaging 🟢 10 packaging workflow detected Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches CI-Tests 🟢 10 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 8 contributing companies or organizations Vulnerabilities 🟢 6 4 existing vulnerabilities detected
maven/software.amazon.lambda:powertools-common	2.3.0	🟢 7.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 30 issue activity found in the last 90 days -- score normalized to 10 Dependency-Update-Tool 🟢 10 update tool detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 10 all changesets reviewed Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 8 binaries present in source code Pinned-Dependencies 🟢 10 all dependencies are pinned CII-Best-Practices 🟢 5 badge detected: Passing SAST 🟢 10 SAST tool is run on all commits License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Fuzzing ⚠️ 0 project is not fuzzed Packaging 🟢 10 packaging workflow detected Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches CI-Tests 🟢 10 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 8 contributing companies or organizations Vulnerabilities 🟢 6 4 existing vulnerabilities detected
maven/software.amazon.lambda:powertools-common	2.3.0	🟢 7.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 30 issue activity found in the last 90 days -- score normalized to 10 Dependency-Update-Tool 🟢 10 update tool detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 10 all changesets reviewed Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 8 binaries present in source code Pinned-Dependencies 🟢 10 all dependencies are pinned CII-Best-Practices 🟢 5 badge detected: Passing SAST 🟢 10 SAST tool is run on all commits License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Fuzzing ⚠️ 0 project is not fuzzed Packaging 🟢 10 packaging workflow detected Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches CI-Tests 🟢 10 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 8 contributing companies or organizations Vulnerabilities 🟢 6 4 existing vulnerabilities detected
maven/org.junit.jupiter:junit-jupiter-params		🟢 8.6	Details Check Score Reason Security-Policy 🟢 10 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 3 Found 7/22 approved changesets -- score normalized to 3 Dependency-Update-Tool 🟢 10 update tool detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 9 binaries present in source code Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 Pinned-Dependencies 🟢 10 all dependencies are pinned Vulnerabilities 🟢 10 0 existing vulnerabilities detected CII-Best-Practices 🟢 5 badge detected: Passing Signed-Releases ⚠️ -1 no releases found SAST 🟢 10 SAST tool is run on all commits License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests 🟢 10 13 out of 13 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 58 contributing companies or organizations
maven/org.mockito:mockito-junit-jupiter		🟢 7.5	Details Check Score Reason Security-Policy 🟢 9 security policy file detected Maintained 🟢 10 30 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 8 Found 5/6 approved changesets -- score normalized to 8 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege License 🟢 10 license file detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Binary-Artifacts 🟢 10 no binaries found in the repo Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
maven/org.mockito:mockito-subclass		🟢 7.5	Details Check Score Reason Security-Policy 🟢 9 security policy file detected Maintained 🟢 10 30 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 8 Found 5/6 approved changesets -- score normalized to 8 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege License 🟢 10 license file detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Binary-Artifacts 🟢 10 no binaries found in the repo Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
maven/org.junit.jupiter:junit-jupiter-params		🟢 8.6	Details Check Score Reason Security-Policy 🟢 10 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 3 Found 7/22 approved changesets -- score normalized to 3 Dependency-Update-Tool 🟢 10 update tool detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 9 binaries present in source code Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 Pinned-Dependencies 🟢 10 all dependencies are pinned Vulnerabilities 🟢 10 0 existing vulnerabilities detected CII-Best-Practices 🟢 5 badge detected: Passing Signed-Releases ⚠️ -1 no releases found SAST 🟢 10 SAST tool is run on all commits License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests 🟢 10 13 out of 13 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 58 contributing companies or organizations
maven/org.mockito:mockito-junit-jupiter		🟢 7.5	Details Check Score Reason Security-Policy 🟢 9 security policy file detected Maintained 🟢 10 30 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 8 Found 5/6 approved changesets -- score normalized to 8 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege License 🟢 10 license file detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Binary-Artifacts 🟢 10 no binaries found in the repo Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
maven/org.mockito:mockito-subclass		🟢 7.5	Details Check Score Reason Security-Policy 🟢 9 security policy file detected Maintained 🟢 10 30 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 8 Found 5/6 approved changesets -- score normalized to 8 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege License 🟢 10 license file detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Binary-Artifacts 🟢 10 no binaries found in the repo Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
maven/org.junit.jupiter:junit-jupiter-params		🟢 8.6	Details Check Score Reason Security-Policy 🟢 10 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 3 Found 7/22 approved changesets -- score normalized to 3 Dependency-Update-Tool 🟢 10 update tool detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 9 binaries present in source code Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 Pinned-Dependencies 🟢 10 all dependencies are pinned Vulnerabilities 🟢 10 0 existing vulnerabilities detected CII-Best-Practices 🟢 5 badge detected: Passing Signed-Releases ⚠️ -1 no releases found SAST 🟢 10 SAST tool is run on all commits License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests 🟢 10 13 out of 13 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 58 contributing companies or organizations
maven/org.mockito:mockito-junit-jupiter		🟢 7.5	Details Check Score Reason Security-Policy 🟢 9 security policy file detected Maintained 🟢 10 30 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 8 Found 5/6 approved changesets -- score normalized to 8 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege License 🟢 10 license file detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Binary-Artifacts 🟢 10 no binaries found in the repo Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
maven/org.mockito:mockito-subclass		🟢 7.5	Details Check Score Reason Security-Policy 🟢 9 security policy file detected Maintained 🟢 10 30 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 8 Found 5/6 approved changesets -- score normalized to 8 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege License 🟢 10 license file detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Binary-Artifacts 🟢 10 no binaries found in the repo Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
maven/org.junit.jupiter:junit-jupiter-params		🟢 8.6	Details Check Score Reason Security-Policy 🟢 10 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 3 Found 7/22 approved changesets -- score normalized to 3 Dependency-Update-Tool 🟢 10 update tool detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 9 binaries present in source code Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 Pinned-Dependencies 🟢 10 all dependencies are pinned Vulnerabilities 🟢 10 0 existing vulnerabilities detected CII-Best-Practices 🟢 5 badge detected: Passing Signed-Releases ⚠️ -1 no releases found SAST 🟢 10 SAST tool is run on all commits License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests 🟢 10 13 out of 13 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 58 contributing companies or organizations
maven/org.mockito:mockito-junit-jupiter		🟢 7.5	Details Check Score Reason Security-Policy 🟢 9 security policy file detected Maintained 🟢 10 30 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 8 Found 5/6 approved changesets -- score normalized to 8 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege License 🟢 10 license file detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Binary-Artifacts 🟢 10 no binaries found in the repo Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
maven/org.mockito:mockito-subclass		🟢 7.5	Details Check Score Reason Security-Policy 🟢 9 security policy file detected Maintained 🟢 10 30 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 8 Found 5/6 approved changesets -- score normalized to 8 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege License 🟢 10 license file detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Binary-Artifacts 🟢 10 no binaries found in the repo Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
maven/org.junit.jupiter:junit-jupiter-params		🟢 8.6	Details Check Score Reason Security-Policy 🟢 10 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 3 Found 7/22 approved changesets -- score normalized to 3 Dependency-Update-Tool 🟢 10 update tool detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 9 binaries present in source code Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 Pinned-Dependencies 🟢 10 all dependencies are pinned Vulnerabilities 🟢 10 0 existing vulnerabilities detected CII-Best-Practices 🟢 5 badge detected: Passing Signed-Releases ⚠️ -1 no releases found SAST 🟢 10 SAST tool is run on all commits License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests 🟢 10 13 out of 13 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 58 contributing companies or organizations
maven/org.mockito:mockito-junit-jupiter		🟢 7.5	Details Check Score Reason Security-Policy 🟢 9 security policy file detected Maintained 🟢 10 30 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 8 Found 5/6 approved changesets -- score normalized to 8 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege License 🟢 10 license file detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Binary-Artifacts 🟢 10 no binaries found in the repo Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
maven/org.mockito:mockito-subclass		🟢 7.5	Details Check Score Reason Security-Policy 🟢 9 security policy file detected Maintained 🟢 10 30 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 8 Found 5/6 approved changesets -- score normalized to 8 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege License 🟢 10 license file detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Binary-Artifacts 🟢 10 no binaries found in the repo Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
maven/org.junit.jupiter:junit-jupiter-engine		🟢 8.6	Details Check Score Reason Security-Policy 🟢 10 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 3 Found 7/22 approved changesets -- score normalized to 3 Dependency-Update-Tool 🟢 10 update tool detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 9 binaries present in source code Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 Pinned-Dependencies 🟢 10 all dependencies are pinned Vulnerabilities 🟢 10 0 existing vulnerabilities detected CII-Best-Practices 🟢 5 badge detected: Passing Signed-Releases ⚠️ -1 no releases found SAST 🟢 10 SAST tool is run on all commits License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests 🟢 10 13 out of 13 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 58 contributing companies or organizations
maven/software.amazon.lambda:powertools-common	2.3.0	🟢 7.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 30 issue activity found in the last 90 days -- score normalized to 10 Dependency-Update-Tool 🟢 10 update tool detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 10 all changesets reviewed Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 8 binaries present in source code Pinned-Dependencies 🟢 10 all dependencies are pinned CII-Best-Practices 🟢 5 badge detected: Passing SAST 🟢 10 SAST tool is run on all commits License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Fuzzing ⚠️ 0 project is not fuzzed Packaging 🟢 10 packaging workflow detected Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches CI-Tests 🟢 10 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 8 contributing companies or organizations Vulnerabilities 🟢 6 4 existing vulnerabilities detected

Scanned Files

• .github/workflows/check-build.yml
• pom.xml
• powertools-common/pom.xml
• powertools-logging/pom.xml
• powertools-logging/powertools-logging-log4j/pom.xml
• powertools-logging/powertools-logging-logback/pom.xml
• powertools-metrics/pom.xml
• powertools-parameters/pom.xml
• powertools-parameters/powertools-parameters-appconfig/pom.xml
• powertools-parameters/powertools-parameters-dynamodb/pom.xml
• powertools-parameters/powertools-parameters-secrets/pom.xml
• powertools-parameters/powertools-parameters-ssm/pom.xml
• powertools-parameters/powertools-parameters-tests/pom.xml
• powertools-serialization/pom.xml
• powertools-tracing/pom.xml

[phipag]

Mockito mocking fails with mockito 5.18.0 in native tests. Last working version 5.3.0.

[phipag]

5.12.0 still works. I will keep trying until I find the breaking change.

[phipag]

5.16.0 also still works which uses byte-buddy-1.15.11

Top 10 origins of code area:                                Top 10 object types in image heap:
  10.74MB java.base                                            6.57MB byte[] for code metadata
   3.99MB java.xml                                             3.36MB byte[] for java.lang.String
   2.94MB byte-buddy-1.15.11.jar                               1.79MB java.lang.Class
   2.92MB svm.jar (Native Image)                               1.75MB java.lang.String
 460.33kB mockito-core-5.16.0.jar                            790.38kB byte[] for general heap data
 301.73kB junit-jupiter-engine-5.10.2.jar                    777.61kB byte[] for embedded resources
 266.39kB junit-platform-launcher-1.10.2.jar                 531.14kB byte[] for reflection metadata
 227.74kB org.mockito.codegen                                473.16kB com.oracle.svm.core.hub.DynamicHubCompanion
 222.96kB jdk.proxy4                                         310.63kB java.util.HashMap$Node
 183.81kB junit-platform-commons-1.10.2.jar                  290.00kB c.o.svm.core.hub.DynamicHub$ReflectionMetadata
   1.49MB for 33 more packages                                 3.55MB for 2403 more object types

[phipag]

5.17.0 is the first version breaking. I see a warning:

========================================================================================================================
GraalVM Native Image: Generating 'native-tests' (executable)...
========================================================================================================================
Warning: Could not resolve org.mockito.internal.creation.bytebuddy.codegen.Context$MockitoMock$0a0jka3op99200N for serialization configuration.
Warning: Could not resolve org.mockito.internal.creation.bytebuddy.codegen.InputStream$MockitoMock$e273ro0op99200N for serialization configuration.
Warning: Could not resolve org.mockito.internal.creation.bytebuddy.codegen.OutputStream$MockitoMock$tvkq1p0op99200N for serialization configuration.
Warning: Could not resolve org.mockito.internal.creation.bytebuddy.codegen.ProceedingJoinPoint$MockitoMock$obec860op99200N for serialization configuration.
Warning: Could not resolve org.mockito.internal.creation.bytebuddy.codegen.Signature$MockitoMock$u9ge1d0op99200N for serialization configuration.
[1/8] Initializing... 

byte buddy version is the same as in 5.16.0 (which I initially suspected to be culprit):

Top 10 origins of code area:                                Top 10 object types in image heap:
  10.73MB java.base                                            6.48MB byte[] for code metadata
   3.99MB java.xml                                             3.34MB byte[] for java.lang.String
   2.92MB byte-buddy-1.15.11.jar                               1.78MB java.lang.Class
   2.90MB svm.jar (Native Image)                               1.74MB java.lang.String
 423.34kB mockito-core-5.17.0.jar                            790.21kB byte[] for general heap data
 301.69kB junit-jupiter-engine-5.10.2.jar                    777.61kB byte[] for embedded resources
 266.38kB junit-platform-launcher-1.10.2.jar                 518.77kB byte[] for reflection metadata
 230.34kB jdk.proxy4                                         469.78kB com.oracle.svm.core.hub.DynamicHubCompanion
 183.74kB junit-platform-commons-1.10.2.jar                  345.79kB heap alignment
 182.08kB jdk.crypto.ec                                      310.97kB java.util.HashMap$Node
   1.28MB for 32 more packages                                 3.53MB for 2394 more object types

[phipag]

This warning does not appear on 5.16.0:

========================================================================================================================
GraalVM Native Image: Generating 'native-tests' (executable)...
========================================================================================================================
Warning: Cannot register dynamic proxy for interface list: org_mockito.mockito_core.MyService. Reason: Class org_mockito.mockito_core.MyService not found..
Cannot register declared classes of org.junit.runner.Result for serialization or fields of org.junit.runner.Description for reflection. Vintage JUnit not available.
[1/8] Initializing...

[phipag]

We can see that with Mockito 5.16.0 and the small fix for powertools-serialization all native tests pass. It appears to me that the issue is related with mockito-subclass MockMaker as of 5.17.0. For some reason, the subclasses are no longer found during the native tests e.g. Warning: Could not resolve org.mockito.internal.creation.bytebuddy.codegen.InputStream$MockitoMock.

This can either mean that the subclass MockMaker (which is needed for GraalVM) changed something or that it is not used at all and the inline MockMaker is used which is not compatible with GraalVM native tests.

We have several options:

1. Stay on version 5.16.0 and keep trying if the issue is fixed in future versions
2. Debug further and try to fix mocking on >=5.17.0
3. Avoid mocking at all. For our test scenarios it might be quite easy to avoid mocking. For example, the Lambda Context must not necessarily be mocked. We can simply created test stubs and avoid mockito which was already fragile during native tests in the past.
4. Skip certain on GraalVM (not my favourite option if we can simply avoid mockito)

[phipag]

Another finding: The reason why the Mockito mocks are not loading is that when using >= 5.17.0 of Mockito the GraalVM tracing agent does no longer detect the Mockito mocks within predefined-classes-config.json. Here is an example of that file using 5.16.0 (all bytebuddy classes are missing with >= 5.17.0):

[
  {
    "type":"agent-extracted",
    "classes":[
      { "nameInfo":"org/mockito/codegen/InputStream$MockitoMock$e273ro0op99200N$auxiliary$sdtuvq2S", "hash":"41d519f1ce3a1651c1e7eb6ab883d2ad34816bbbb8d3ac3495ab858b6d088439" },
      { "nameInfo":"net/bytebuddy/utility/Invoker$Dispatcher", "hash":"b4371c0b5187b914976c7db687153600bcd974e028cbe432ed804c9b9f84776a" },
      { "nameInfo":"org/mockito/codegen/InputStream$MockitoMock$e273ro0op99200N$auxiliary$61dq1j0S", "hash":"95dc076c943311e90855770e8394b1f9af92a6efcaf53b780f5fc557e881703d" },
      { "nameInfo":"org/mockito/codegen/Context$MockitoMock$0a0jka3op99200N$auxiliary$4cscpe1S", "hash":"28359ed0dbb69a571c7da786a4f246ce602c9d5506421ace82ca324f646c6b19" },
      { "nameInfo":"org/mockito/codegen/InputStream$MockitoMock$e273ro0op99200N$auxiliary$4cscpe1S", "hash":"e6b254248e2b1c627fdc4c680a7a798c84dc6769e0e1af8a041d0b11ad245062" },
      { "nameInfo":"org/mockito/codegen/InputStream$MockitoMock$e273ro0op99200N$auxiliary$ruanc62S", "hash":"7653b085efb16aae8d93e91fa75bc9a922c2c0b2e0bd7972ce3a78f689b3b4b3" },
      { "nameInfo":"org/mockito/codegen/InputStream$MockitoMock$e273ro0op99200N$auxiliary$7m9oaq0S", "hash":"273415600efce9ccccd99bac19f42a0b2c6a76dc4d0fd5ad56c669bfbbc41622" },
      { "nameInfo":"org/mockito/codegen/OutputStream$MockitoMock$tvkq1p0op99200N$auxiliary$3dkej41S", "hash":"386e63c53b6704f3a54752fb05205a1d9b44474a458f83d65e0b2ecf7bea6901" },
      { "nameInfo":"org/mockito/codegen/Context$MockitoMock$0a0jka3op99200N$auxiliary$6bag2i2S", "hash":"50706cf5764ed8b017abf92699acc0e060360b063475cccbbfa70aa9ae015d5c" },
      { "nameInfo":"org/mockito/codegen/InputStream$MockitoMock$e273ro0op99200N$auxiliary$v4pu6u2S", "hash":"83cb39232c0ae6ad6036239b558d048d4314be6c9993605fd83239c781e26e25" },
      { "nameInfo":"org/mockito/codegen/Signature$MockitoMock$u9ge1d0op99200N$auxiliary$4cscpe1S", "hash":"f9e4a4a1a3ac1fc21d9f6d3ce18fa728006d26635da9b973a1b891c1cfc5b854" },
      { "nameInfo":"org/mockito/codegen/InputStream$MockitoMock$e273ro0op99200N$auxiliary$tdultp0S", "hash":"2eea372f0cbbf58f450ad831d21608bccb6abd891b37bd9dd1a90b1f58b127a6" },
      { "nameInfo":"org/mockito/codegen/OutputStream$MockitoMock$tvkq1p0op99200N$auxiliary$4cscpe1S", "hash":"c4190e37480827d1d8b5232667e3e78eac92b5b735e66084bdf8f9a1e6a2d699" },
      { "nameInfo":"org/mockito/codegen/OutputStream$MockitoMock$tvkq1p0op99200N$auxiliary$nga3le0S", "hash":"fa3bd1977fd95cd1de8876b090242366c15601a78b08c43054b68df3986fb435" },
      { "nameInfo":"org/mockito/codegen/InputStream$MockitoMock$e273ro0op99200N$auxiliary$8u4a0p2S", "hash":"47ae46da44bf1d285cdf00e71b58aa7efd74034b331fe211cc4a485034967ce1" },
      { "nameInfo":"org/mockito/codegen/ProceedingJoinPoint$MockitoMock$obec860op99200N$auxiliary$7m9oaq0S", "hash":"8688508fe8655af6be6e1c73777125b43a152429311e8aba554764d9a4dc522c" },
      { "nameInfo":"org/mockito/codegen/Signature$MockitoMock$u9ge1d0op99200N$auxiliary$7m9oaq0S", "hash":"8d358eda5b531864de8206c42200b914266bcc48e6b640a907ecd70d9957b86d" },
      { "nameInfo":"org/mockito/codegen/OutputStream$MockitoMock$tvkq1p0op99200N$auxiliary$31th5u2S", "hash":"6eda58285f0a3a06a7aeca4b698ba9363b6844864bcc0ae4fc59f132c708af4e" },
      { "nameInfo":"org/mockito/codegen/InputStream$MockitoMock$e273ro0op99200N$auxiliary$7l284i2S", "hash":"0577d4c17eb8677af610f4708f038a97c3603c96971f0088526e4240e1b1fcd6" },
      { "nameInfo":"org/mockito/codegen/InputStream$MockitoMock$e273ro0op99200N$auxiliary$rf00bo2S", "hash":"2cb89306508909b99d0eb047728bce5dc5ec68bb15aa2b0d98ba930e4363def2" },
      { "nameInfo":"org/mockito/codegen/Context$MockitoMock$0a0jka3op99200N", "hash":"be1625622ce9316d95ac70c922311d259c152cf5e95dd51197752aaec759e2c9" },
      { "nameInfo":"org/mockito/codegen/ProceedingJoinPoint$MockitoMock$obec860op99200N", "hash":"295af05b338c38f4c7a98b866983ad48c182614cba386b4cef3caecb787f8ec8" },
      { "nameInfo":"org/mockito/codegen/InputStream$MockitoMock$e273ro0op99200N$auxiliary$4mh2293S", "hash":"455af57fd6347d57cd6929a1532a120ab82e553543cb5d31517959726ea0293b" },
      { "nameInfo":"org/mockito/codegen/OutputStream$MockitoMock$tvkq1p0op99200N", "hash":"d5b3dbfca6bcc6d72256f84237addbb45389854fef020f2163ae4b5259c636b1" },
      { "nameInfo":"org/mockito/codegen/InputStream$MockitoMock$e273ro0op99200N$auxiliary$e5kl3q2S", "hash":"458f06cd8c2eac7e01db87f90159758689c9c0a4be5c53689dfeb80a3ea29246" },
      { "nameInfo":"org/mockito/codegen/Signature$MockitoMock$u9ge1d0op99200N", "hash":"71b08c038fe87d6f50d6ae4a22ae564cb442fcc9f7c7f9a2e29e945ac27f741f" },
      { "nameInfo":"org/mockito/codegen/ProceedingJoinPoint$MockitoMock$obec860op99200N$auxiliary$4cscpe1S", "hash":"069a8bf1a8d6c6094e80263aa59d56d0383a97c2a7a5a405ed661e3df894a1c8" },
      { "nameInfo":"org/mockito/codegen/InputStream$MockitoMock$e273ro0op99200N$auxiliary$e83h9q2S", "hash":"a46772faa3d8be040083d726ac13941a553d56a868427eae6b9a14664098ee4b" },
      { "nameInfo":"org/mockito/codegen/InputStream$MockitoMock$e273ro0op99200N", "hash":"146e3d7aeff39531bd4bad04e373c695f98bfa2f8c69fe841af2e711db3d849d" },
      { "nameInfo":"org/mockito/codegen/Context$MockitoMock$0a0jka3op99200N$auxiliary$7m9oaq0S", "hash":"4243f8dd54c98ac3c8b9daeb1f81081dc76e48858265e8cec65513252b251934" },
      { "nameInfo":"org/mockito/codegen/OutputStream$MockitoMock$tvkq1p0op99200N$auxiliary$3g3ap41S", "hash":"4e19f187b4256263345d8c6281b032d68064e4463a864afa6e3da6468f4b6fc0" },
      { "nameInfo":"org/mockito/codegen/ProceedingJoinPoint$MockitoMock$obec860op99200N$auxiliary$djgi9f3S", "hash":"8428a105644077a7ebd81658fa886704047bbdb27cebe207085ed807779cfb86" },
      { "nameInfo":"org/mockito/codegen/InputStream$MockitoMock$e273ro0op99200N$auxiliary$bgeojo2S", "hash":"c2b2e9f22be768b0e07b5cd20a5ec697099a5aed86cd5ff9633cf948ce0dfe6f" },
      { "nameInfo":"org/mockito/codegen/OutputStream$MockitoMock$tvkq1p0op99200N$auxiliary$7m9oaq0S", "hash":"755e8d4988e0fc7589ddcd11f2f2a9370210f8476b0bdb48a29fb923e1fe4dd3" },
      { "nameInfo":"org/mockito/codegen/InputStream$MockitoMock$e273ro0op99200N$auxiliary$r1nrne2S", "hash":"35b559dad4305ef8e3ec9f5a655528f3b9cf192d73bc8d1ed0df4dea4faa3bad" }
    ]
  }
]

[phipag]

In 5.17.0 the bytebuddy codegen package path was changed which might be related to this issue:

- private static final String CODEGEN_PACKAGE = "org.mockito.codegen.";
+ private static final String CODEGEN_PACKAGE =
+             "org.mockito.internal.creation.bytebuddy.codegen.";

mockito/mockito@v5.16.0...v5.17.0#diff-e1b1fababd94bb146f5b359b8f0f48c7723e54de809f3c2a46d3b67eec1a3dd4R56

[phipag]

I think that option 3 (remove mocking is a good option to stop relying on Mockito since it introduced issues with bytebuddy and native image testing in the past already). We can probably define manual stubs for all these scenarios and avoid mockito.

For example, we can easily re-use stubs for AspectJ Proceeding join points, signatures, and Lambda context across the project. We can define them in the powertools-common module and re-use them in sub modules.

[phipag]

I will keep sending commits now to incrementally remove Mockito from unit tests. I don't see any blockers in doing it.

[phipag]

Created PR in mockito repo: mockito/mockito#3714. Merged into PR mockito/mockito#3710.

When this is released, we can start consuming the SNAPSHOT since mockito is only a test dependency. Once release as a regular version we can disable snapshot versions again.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
1 Accepted issue

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[phipag]

Created follow-up issue tracking removal of SNAPSHOT version again.

[hjgraca]

Small comments

[hjgraca]

GTM