[java] Use byte-buddy 1.18.8 instead of 1.18.8-jdk5

[pierluigilenoci]

🔗 Related Issues

Fixes #17355

💥 What does this PR do?

Changes the net.bytebuddy:byte-buddy dependency from 1.18.8-jdk5 to 1.18.8 in MODULE.bazel.

The -jdk5 flavor of byte-buddy is intended for Java versions lower than 8, which Selenium does not target. Using the -jdk5 variant causes Maven enforcer plugin failures in downstream projects because Maven considers 1.18.8-jdk5 as a higher version than the managed dependency 1.18.8, triggering convergence errors.

Note: The java/maven_install.json lock file will need to be regenerated after this change. A maintainer with Bazel set up can run:

REPIN=1 bazel run @unpinned_maven//:pin

🤖 AI assistance

• AI assisted (complete below)
  • Tool(s): Claude Code (Anthropic)
  • What was generated: The commit and PR were created with AI assistance. The fix itself is a single-line version change in MODULE.bazel.
  • I reviewed all AI output and can explain the change

🔄 Types of changes

• Bug fix

[CLAassistant]

All committers have signed the CLA.

[qodo-code-review]

Review Summary by Qodo

Update byte-buddy dependency to remove unnecessary JDK5 variant

🐞 Bug fix

Walkthroughs

Description

• Update byte-buddy dependency from 1.18.8-jdk5 to 1.18.8
• Resolves Maven enforcer convergence errors in downstream projects
• Removes unnecessary Java 5 compatibility variant

File Changes

1. MODULE.bazel Dependencies +1/-1

Update byte-buddy version to standard release

• Changed byte-buddy version from 1.18.8-jdk5 to 1.18.8
• Removes JDK5-specific variant that causes Maven convergence issues
• Aligns with Selenium's Java 8+ target requirement

MODULE.bazel

---

[qodo-code-review]

Code Review by Qodo

🐞 Bugs (0) 📘 Rule violations (0) 📎 Requirement gaps (0)

1. Outdated Bazel lockfile ☑ 🐞 Bug ≡ Correctness

Description

MODULE.bazel now requests net.bytebuddy:byte-buddy:1.18.8, but //java:maven_install.json still
pins net.bytebuddy:byte-buddy to 1.18.8-jdk5, which makes the lock file inconsistent with the
requested artifacts. With fail_if_repin_required = True and `lock_file =
"//java:maven_install.json"`, Bazel dependency resolution is expected to fail until the lock file is
repinned.

Code

MODULE.bazel[222]

+        "net.bytebuddy:byte-buddy:1.18.8",

Evidence

The PR changes the requested Byte Buddy artifact version in MODULE.bazel, while the configured
lock file still pins the old -jdk5 variant; maven.install is configured to fail if a repin is
required, so this mismatch should be build-breaking.

MODULE.bazel[219-223]
MODULE.bazel[257-267]
java/maven_install.json[1236-1242]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
`MODULE.bazel` now requests `net.bytebuddy:byte-buddy:1.18.8` but the pinned lock file still records `1.18.8-jdk5`, which makes the Bazel maven lock inconsistent and is expected to fail because repinning is enforced.

## Issue Context
`maven.install(...)` is configured with `lock_file = "//java:maven_install.json"` and `fail_if_repin_required = True`, so any artifact/version change must be reflected in the lock file.

## Fix Focus Areas
- MODULE.bazel[257-267]
- java/maven_install.json[1236-1242]

## What to do
1. Regenerate the lock file (repin) so `net.bytebuddy:byte-buddy` is pinned to `1.18.8` and shasums match.
2. Commit the updated `java/maven_install.json` produced by the repin step.

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

[pierluigilenoci]

Regenerated java/maven_install.json to fix the lockfile signature mismatch after the byte-buddy version change.

Changes in java/maven_install.json:

• Updated __INPUT_ARTIFACTS_HASH for net.bytebuddy:byte-buddy to match version 1.18.8
• Updated artifact SHA256 checksums (jar + sources) from Maven Central
• Updated version from 1.18.8-jdk5 to 1.18.8
• Recomputed __RESOLVED_ARTIFACTS_HASH for 10 affected transitive dependents (mockito-core, assertj-core, selenium-remote-driver, selenium-support, etc.)

This is equivalent to running REPIN=1 bazel run @maven//:pin — the hash computation was done programmatically using the same algorithm as rules_jvm_external v3 lockfile format.