Skip to content
This repository was archived by the owner on Jul 5, 2026. It is now read-only.

Bump the deps group across 1 directory with 27 updates#156

Closed
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/gradle/deps-a6dd0a7589
Closed

Bump the deps group across 1 directory with 27 updates#156
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/gradle/deps-a6dd0a7589

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 5, 2026

Copy link
Copy Markdown

Bumps the deps group with 26 updates in the / directory:

Package From To
com.diffplug.spotless 8.4.0 8.8.0
com.helger:parser-generator-cc 1.1.4 2.0.1
se.bjurr.violations:violations-lib 1.160.4 1.160.5
org.jetbrains.kotlinx:kotlinx-serialization-core 1.10.0 1.11.0
com.gradleup.shadow 9.3.2 9.4.3
com.vanniktech.maven.publish:com.vanniktech.maven.publish.gradle.plugin 0.36.0 0.37.0
gradle-wrapper 9.5.0 9.6.1
com.google.guava:guava 33.5.0-jre 33.6.0-jre
com.squareup.okhttp3:okhttp 5.3.2 5.4.0
com.squareup.okhttp3:okhttp-jvm 5.3.2 5.4.0
net.bytebuddy:byte-buddy-agent 1.18.4 1.18.11
org.checkerframework:checker-qual 3.53.1 4.2.1
org.eclipse.parsson:parsson 1.1.7 1.1.9
org.javassist:javassist 3.30.2-GA 3.32.0-GA
org.junit.jupiter:junit-jupiter-engine 6.0.3 6.1.1
org.junit.jupiter:junit-jupiter-params 6.0.3 6.1.1
org.junit.jupiter:junit-jupiter-api 6.0.3 6.1.1
com.google.code.gson:gson 2.13.2 2.14.0
ch.qos.logback:logback-classic 1.5.32 1.5.37
org.projectlombok:lombok 1.18.42 1.18.46
org.jetbrains.kotlin:kotlin-gradle-plugin 2.2.21 2.4.0
org.jetbrains.kotlin.jvm 2.2.21 2.4.0
io.ktor:ktor-server-core 3.4.1 3.5.1
io.ktor:ktor-server-netty 3.4.1 3.5.1
io.ktor:ktor-server-status-pages 3.4.1 3.5.1
io.ktor:ktor-server-html-builder 3.4.1 3.5.1

Updates com.diffplug.spotless from 8.4.0 to 8.8.0

Updates com.helger:parser-generator-cc from 1.1.4 to 2.0.1

Release notes

Sourced from com.helger:parser-generator-cc's releases.

ParserGeneratorCC 2.0.1

  • Updated to ph-commons 12.1.0
  • Using JSpecify annotations

Full Changelog: phax/ParserGeneratorCC@parser-generator-cc-2.0.0...parser-generator-cc-2.0.1

ParserGeneratorCC 2.0.0

  • Using Java 17 as the baseline
  • Updated to ph-commons 12

Full Changelog: https://github.com/phax/ParserGeneratorCC/commits/parser-generator-cc-2.0.0

Commits

Updates se.bjurr.violations:violations-lib from 1.160.4 to 1.160.5

Release notes

Sourced from se.bjurr.violations:violations-lib's releases.

v1.160.5

🐛 Bug Fixes

  • doc PHP_CodeSniffer URL in Reporter.java (766a1 Tomas Bjerre)
Changelog

Sourced from se.bjurr.violations:violations-lib's changelog.

1.160.5 (2026-03-28)

Bug Fixes

  • doc PHP_CodeSniffer URL in Reporter.java (766a1 Tomas Bjerre)
Commits
  • f21e514 chore(release): 1.160.5 [GRADLE SCRIPT]
  • 766a1b7 fix: doc PHP_CodeSniffer URL in Reporter.java
  • 8b2e4b4 chore(release): Updating changelog with 1.160.4 [GRADLE SCRIPT]
  • See full diff in compare view

Updates org.jetbrains.kotlinx:kotlinx-serialization-core from 1.10.0 to 1.11.0

Release notes

Sourced from org.jetbrains.kotlinx:kotlinx-serialization-core's releases.

1.11.0

This release is based on Kotlin 2.3.20 and provides a new Json exceptions API and some bugfixes and improvements.

Expose Json exceptions structure

To make working with exceptions easier and providing proper error codes in e.g., REST APIs, classes JsonException, JsonDecodingException, and JsonEncodingException are now public. They have relevant public properties, such as shortMessage, path, offset, and others. This API is currently experimental, and we're going to improve it further in the subsequent releases. See the linked issues for the details: #1930, #1877.

Ability to hide user input from exception messages for security/privacy reasons.

Historically, exception messages in kotlinx.serialization often included the input Json itself for debuggability reason. Such behavior may pose additional challenges for logging, analytics, and other systems, since a system is not always allowed to store user data due to privacy/security reasons, which imposes additional sanitation logic. To address this issue, a new property exceptionsWithDebugInfo is added to JsonConfiguration. Disable it to hide user input from exception messages. IMPORTANT: This behavior will be enabled by default when this property becomes stable. See #2590 for more details.

Bugfixes and improvements

  • CBOR: Relax value range check when decoding numbers (#3167)
  • Use a specialized writeDecimalLong method for IO stream integrations in Json (#3152)
Changelog

Sourced from org.jetbrains.kotlinx:kotlinx-serialization-core's changelog.

1.11.0 / 2026-04-10

This release is based on Kotlin 2.3.20 and provides new Json exceptions API and some bugfixes and improvements.

Expose Json exceptions structure

To make working with exceptions easier and providing proper error codes in e.g., REST APIs, classes JsonException, JsonDecodingException, and JsonEncodingException are now public. They have relevant public properties, such as shortMessage, path, offset, and others. This API is currently experimental, and we're going to improve it further in the subsequent releases. See the linked issues for the details: #1930, #1877.

Ability to hide user input from exception messages for security/privacy reasons.

Historically, exception messages in kotlinx.serialization often included the input Json itself for debuggability reason. Such behavior may pose additional challenges for logging, analytics, and other systems, since a system is not always allowed to store user data due to privacy/security reasons, which imposes additional sanitation logic. To address this issue, a new property exceptionsWithDebugInfo is added to JsonConfiguration. Disable it to hide user input from exception messages. IMPORTANT: This behavior will be enabled by default when this property becomes stable. See #2590 for more details.

Bugfixes and improvements

  • CBOR: Relax value range check when decoding numbers (#3167)
  • Use a specialized writeDecimalLong method for IO stream integrations in Json (#3152)
Commits
  • 6956af2 Prepare 1.11 release
  • 390d84c Merge remote-tracking branch 'origin/master' into dev
  • 431fe2d Use local repo for publishing (#3171)
  • 05c12b6 Add usage attribute to "testRepositories" configuration
  • a4e1f08 Bump Kover version to 0.9.8 release (#3174)
  • 304e858 Expose Json exceptions structure (#3145)
  • 4a0338e Included G Play SDK verification file for core-jvm (#3169)
  • 421f64c CBOR: Relax value range check when decoding numbers (#3167)
  • 85a4f12 KT-84955: mark apple x64 tagets as deprecated error
  • bd38b0e Remove dead code
  • Additional commits viewable in compare view

Updates org.jetbrains.kotlinx:kotlinx-serialization-json from 1.10.0 to 1.11.0

Release notes

Sourced from org.jetbrains.kotlinx:kotlinx-serialization-json's releases.

1.11.0

This release is based on Kotlin 2.3.20 and provides a new Json exceptions API and some bugfixes and improvements.

Expose Json exceptions structure

To make working with exceptions easier and providing proper error codes in e.g., REST APIs, classes JsonException, JsonDecodingException, and JsonEncodingException are now public. They have relevant public properties, such as shortMessage, path, offset, and others. This API is currently experimental, and we're going to improve it further in the subsequent releases. See the linked issues for the details: #1930, #1877.

Ability to hide user input from exception messages for security/privacy reasons.

Historically, exception messages in kotlinx.serialization often included the input Json itself for debuggability reason. Such behavior may pose additional challenges for logging, analytics, and other systems, since a system is not always allowed to store user data due to privacy/security reasons, which imposes additional sanitation logic. To address this issue, a new property exceptionsWithDebugInfo is added to JsonConfiguration. Disable it to hide user input from exception messages. IMPORTANT: This behavior will be enabled by default when this property becomes stable. See #2590 for more details.

Bugfixes and improvements

  • CBOR: Relax value range check when decoding numbers (#3167)
  • Use a specialized writeDecimalLong method for IO stream integrations in Json (#3152)
Changelog

Sourced from org.jetbrains.kotlinx:kotlinx-serialization-json's changelog.

1.11.0 / 2026-04-10

This release is based on Kotlin 2.3.20 and provides new Json exceptions API and some bugfixes and improvements.

Expose Json exceptions structure

To make working with exceptions easier and providing proper error codes in e.g., REST APIs, classes JsonException, JsonDecodingException, and JsonEncodingException are now public. They have relevant public properties, such as shortMessage, path, offset, and others. This API is currently experimental, and we're going to improve it further in the subsequent releases. See the linked issues for the details: #1930, #1877.

Ability to hide user input from exception messages for security/privacy reasons.

Historically, exception messages in kotlinx.serialization often included the input Json itself for debuggability reason. Such behavior may pose additional challenges for logging, analytics, and other systems, since a system is not always allowed to store user data due to privacy/security reasons, which imposes additional sanitation logic. To address this issue, a new property exceptionsWithDebugInfo is added to JsonConfiguration. Disable it to hide user input from exception messages. IMPORTANT: This behavior will be enabled by default when this property becomes stable. See #2590 for more details.

Bugfixes and improvements

  • CBOR: Relax value range check when decoding numbers (#3167)
  • Use a specialized writeDecimalLong method for IO stream integrations in Json (#3152)
Commits
  • 6956af2 Prepare 1.11 release
  • 390d84c Merge remote-tracking branch 'origin/master' into dev
  • 431fe2d Use local repo for publishing (#3171)
  • 05c12b6 Add usage attribute to "testRepositories" configuration
  • a4e1f08 Bump Kover version to 0.9.8 release (#3174)
  • 304e858 Expose Json exceptions structure (#3145)
  • 4a0338e Included G Play SDK verification file for core-jvm (#3169)
  • 421f64c CBOR: Relax value range check when decoding numbers (#3167)
  • 85a4f12 KT-84955: mark apple x64 tagets as deprecated error
  • bd38b0e Remove dead code
  • Additional commits viewable in compare view

Updates com.gradleup.shadow from 9.3.2 to 9.4.3

Release notes

Sourced from com.gradleup.shadow's releases.

9.4.3

Changed

  • Update dependencies for resolving CVEs. (#2069)

9.4.2

Changed

  • Update jdependency to support Java 27. (#2033)

9.4.1

Changed

  • Update Kotlin to 2.3.20. (#1978)

9.4.0

Added

  • Support Isolated Projects. (#1139)

Changed

  • Allow opting out of adding shadowJar into assemble lifecycle. (#1939)
    shadow {
      // Disable making `assemble` task depend on `shadowJar`. This is enabled by default.
      addShadowJarToAssembleLifecycle = false
    }
  • Stop catching ZipException when writing entries. (#1970)

Fixed

  • Fix interaction with Gradle artifact transforms. (#1345)
  • Fix skipStringConstants per-relocator behavior in mapName. (#1968)
  • Fix failing for non-existent class directories. (#1976)
Commits

Updates com.vanniktech.maven.publish:com.vanniktech.maven.publish.gradle.plugin from 0.36.0 to 0.37.0

Release notes

Sourced from com.vanniktech.maven.publish:com.vanniktech.maven.publish.gradle.plugin's releases.

0.37.0

  • When publishing to Maven Central, redundant checksum files are now excluded by default: checksums of .asc signature files (gradle/gradle#20232) and the sha256/sha512 checksums, which are never read by Gradle or Maven Central. The published checksums can be configured through checksums(...) in the DSL or the mavenCentralChecksums Gradle property (default md5,sha1). Signature checksum exclusion can be controlled through excludeSignatureChecksums() or the mavenCentralExcludeSignatureChecksums Gradle property.
  • Maven Central deployment id is being logged after upload.

Minimum supported versions

  • JDK 17
  • Gradle 9.0.0
  • Android Gradle Plugin 8.13.0
  • Kotlin Gradle Plugin 2.2.0

Compatibility tested up to

  • JDK 26
  • Gradle 9.6.0
  • Gradle 9.7.0-milestone-1
  • Android Gradle Plugin 9.2.1
  • Android Gradle Plugin 9.3.0-rc01
  • Android Gradle Plugin 9.4.0-alpha01
  • Kotlin Gradle Plugin 2.4.0

0.37.0-rc1

  • When publishing to Maven Central, redundant checksum files are now excluded by default: checksums of .asc signature files (gradle/gradle#20232) and the sha256/sha512 checksums, which are never read by Gradle or Maven Central. The published checksums can be configured through checksums(...) in the DSL or the mavenCentralChecksums Gradle property (default md5,sha1). Signature checksum exclusion can be controlled through excludeSignatureChecksums() or the mavenCentralExcludeSignatureChecksums Gradle property.
  • Maven Central deployment id is being logged after upload.

Minimum supported versions

  • JDK 17
  • Gradle 9.0.0
  • Android Gradle Plugin 8.13.0
  • Kotlin Gradle Plugin 2.2.0

Compatibility tested up to

  • JDK 26
  • Gradle 9.6.0
  • Gradle 9.7.0-milestone-1
  • Android Gradle Plugin 9.2.1
  • Android Gradle Plugin 9.3.0-rc01
  • Android Gradle Plugin 9.4.0-alpha01
  • Kotlin Gradle Plugin 2.4.0
Changelog

Sourced from com.vanniktech.maven.publish:com.vanniktech.maven.publish.gradle.plugin's changelog.

0.37.0 (2026-06-21)

  • When publishing to Maven Central, redundant checksum files are now excluded by default: checksums of .asc signature files (gradle/gradle#20232) and the sha256/sha512 checksums, which are never read by Gradle or Maven Central. The published checksums can be configured through checksums(...) in the DSL or the mavenCentralChecksums Gradle property (default md5,sha1). Signature checksum exclusion can be controlled through excludeSignatureChecksums() or the mavenCentralExcludeSignatureChecksums Gradle property.
  • Maven Central deployment id is being logged after upload.

Minimum supported versions

  • JDK 17
  • Gradle 9.0.0
  • Android Gradle Plugin 8.13.0
  • Kotlin Gradle Plugin 2.2.0

Compatibility tested up to

  • JDK 26
  • Gradle 9.6.0
  • Gradle 9.7.0-milestone-1
  • Android Gradle Plugin 9.2.1
  • Android Gradle Plugin 9.3.0-rc01
  • Android Gradle Plugin 9.4.0-alpha01
  • Kotlin Gradle Plugin 2.4.0
Commits

Updates gradle-wrapper from 9.5.0 to 9.6.1

Release notes

Sourced from gradle-wrapper's releases.

9.6.1

The Gradle team is excited to announce Gradle 9.6.1.

Here are the highlights of this release:

  • Improved Configuration Cache hit rates
  • Additional CLI rendering options
  • Important project hierarchy lookup deprecations

Read the Release Notes

We would like to thank the following community members for their contributions to this release of Gradle: Aharnish Solanki, Benedikt Johannes, Devendra Reddy Pennabadi, Dmytro Rodionov, Dreeam, Elías Hernández Rodríguez, Eng Zer Jun, FinlayRJW, Kamal Kansal, Marcono1234, Nelson Osacky, Philip Wedemann, Ravi, Roberto Perez Alcolea, Ryan Schmitt, Sebastian Schuberth, seunghun.ham, sk-reddy17, Suvrat Acharya, Vedant Madane.

Upgrade instructions

Switch your build to use Gradle 9.6.1 by updating your wrapper:

./gradlew :wrapper --gradle-version=9.6.1 && ./gradlew :wrapper

See the Gradle 9.x upgrade guide to learn about deprecations, breaking changes and other considerations when upgrading.

For Java, Groovy, Kotlin and Android compatibility, see the full compatibility notes.

Reporting problems

If you find a problem with this release, please file a bug on GitHub Issues adhering to our issue guidelines. If you're not sure you're encountering a bug, please use the forum.

We hope you will build happiness with Gradle, and we look forward to your feedback via Twitter or on GitHub.

9.6.0

... (truncated)

Commits
  • 309d128 Update fixed issues in release notes for 9.6.1 (#38328)
  • 040a978 Update fixed issues in release notes for 9.6.1
  • e0b8325 Restore --non-interactive flag instead of --interactive/--no-interactive (#38...
  • 946f3e6 Limit explicit temp file permission setting to intended use case (#38300)
  • 65f8224 Restore --non-interactive flag instead of --interactive/--no-interactive
  • e346a5e Adjust CLI flag to configure non-interactive console (#38301)
  • 9b53be9 Adjust CLI flag to configure non-interactive console
  • 0dd3b53 Limit explicit temp file permission setting to intended use case
  • 48e5ac2 Add reproducers
  • 25598fd Prepare 9.6.1 patch release (#38293)
  • Additional commits viewable in compare view

Updates com.google.guava:guava from 33.5.0-jre to 33.6.0-jre

Release notes

Sourced from com.google.guava:guava's releases.

33.6.0

Maven

<dependency>
  <groupId>com.google.guava</groupId>
  <artifactId>guava</artifactId>
  <version>33.6.0-jre</version>
  <!-- or, for Android: -->
  <version>33.6.0-android</version>
</dependency>

Jar files

Guava requires one runtime dependency, which you can download here:

Javadoc

JDiff

Changelog

  • Migrated some classes from finalize() to PhantomReference in preparation for the removal of finalization. (786b619dd6, 7c6b17c, aeef90988d)
  • cache: Deprecated CacheBuilder APIs that use TimeUnit in favor of those that use Duration. (73f8b0bb84)
  • collect: Added toImmutableSortedMap collectors that use the natural comparator. (64d70b9f94)
  • collect: Changed ConcurrentHashMultiset, ImmutableMap and TreeMultiset deserialization to avoid mutating final fields. In extremely unlikely scenarios in which an instance of that type contains an object that refers back to that instance, this could lead to a broken instance that throws NullPointerException when used. (8240c7e596, 046468055f)
  • graph: Removed @Beta from all APIs in the package. (dae9566b73)
  • graph: Added support to Graphs.transitiveClosure() for different strategies for adding self-loops. (2e13df25b2)
  • graph: Added an asNetwork() view to Graph and ValueGraph. (909c593c61)
  • hash: Added BloomFilter.serializedSize(). (df9bcc251a)
  • net: Added HttpHeaders.CDN_CACHE_CONTROL. (75331b5030)
Commits

Updates com.squareup.okhttp3:okhttp from 5.3.2 to 5.4.0

Changelog

Sourced from com.squareup.okhttp3:okhttp's changelog.

Version 5.4.0

2026-06-08

  • New: Add superpowers to interceptors. Interceptors can now override anything settable on OkHttpClient.Builder, such as the cache, connection pool, socket factory, and DNS. We expect this will allow most users to use interceptors everywhere, insted of mixing and matching interceptors with custom Call.Factory wrappers.
  • Fix: Limit each HTTP/2 response to 256 KiB of total headers.
  • Upgrade: [kotlinx.coroutines 1.11.0][coroutines_1_11_0]. This is used by the optional okhttp-coroutines artifact.
  • Upgrade: [GraalVM 25.0.3][graalvm_25].
  • Upgrade: [Okio 3.17.0][okio_3_17_0].
Commits

Updates com.squareup.okhttp3:okhttp-jvm from 5.3.2 to 5.4.0

Changelog

Sourced from com.squareup.okhttp3:okhttp-jvm's changelog.

Version 5.4.0

2026-06-08

  • New: Add superpowers to interceptors. Interceptors can now override anything settable on OkHttpClient.Builder, such as the cache, connection pool, socket factory, and DNS. We expect this will allow most users to use interceptors everywhere, insted of mixing and matching interceptors with custom Call.Factory wrappers.
  • Fix: Limit each HTTP/2 response to 256 KiB of total headers.
  • Upgrade: [kotlinx.coroutines 1.11.0][coroutines_1_11_0]. This is used by the optional okhttp-coroutines artifact.
  • Upgrade: [GraalVM 25.0.3][graalvm_25].
  • Upgrade: [Okio 3.17.0][okio_3_17_0].
Commits

Updates net.bytebuddy:byte-buddy-agent from 1.18.4 to 1.18.11

Release notes

Sourced from net.bytebuddy:byte-buddy-agent's releases.

Byte Buddy 1.18.11

  • Add SBOM to published artifacts.
  • Check for traversable paths injected into class files as a rather hypothetical attack vector.

Byte Buddy 1.18.10

  • Delay change of default for unsage use to Java 26 and improve error message.

Byte Buddy 1.18.9

  • Disable use of Unsafe by default when Java 25or newer is discovered.
  • Check for escape when creating folders in Plugin.Engine.
  • Improve OpenJ9 attachment.
  • Avoid null pointer on missing annotation types.
  • Improve diagnostics for external agent attachment.
  • Improve on Gradle context discovery.
  • Support Android libraries on AGP9 or newer.
  • Update ASM.

Byte Buddy 1.18.8

  • Improve support for repeatable builds.
  • Fix reordering of exception table in type initializers when instrumenting.

Byte Buddy 1.18.7

  • Introduce new versioning concept with -jdk5 suffix for backwards-compatible jar and Java 8 baseline for regular jar.

Byte Buddy 1.18.5

  • Eagerly resolve of canonical files during attach emulation to avoid failure when process ends before file can be deleted.
  • Add super classes to hash code / equals computation in Advice that were missing.
Changelog

Sourced from net.bytebuddy:byte-buddy-agent's changelog.

2. July 2026: version 1.18.11

  • Add SBOM to published artifacts.
  • Check for traversable paths injected into class files as a rather hypothetical attack vector.

3. June 2026: version 1.18.10

  • Delay change of default for unsage use to Java 26 and improve error message.

1. June 2026: version 1.18.9

  • Disable use of Unsafe by default when Java 25or newer is discovered.
  • Check for escape when creating folders in Plugin.Engine.
  • Improve OpenJ9 attachment.
  • Avoid null pointer on missing annotation types.
  • Improve diagnostics for external agent attachment.
  • Improve on Gradle context discovery.
  • Support Android libraries on AGP9 or newer.
  • Update ASM.

1. April 2026: version 1.18.8

  • Improve support for repeatable builds.
  • Fix reordering of exception table in type initializers when instrumenting.

1. March 2026: version 1.18.7

  • Introduce new versioning concept with -jdk5 suffix for backwards-compatible jar and Java 8 baseline for regular jar.

27. February 2026: version 1.18.6

Accidental release during rework of release pipeline. Functional, but with incorrect suffices.

15. February 2026: version 1.18.5

  • Eagerly resolve of canonical files during attach emulation to avoid failure when process ends before file can be deleted.
  • Add super classes to hash code / equals computation in Advice that were missing.
Commits
  • 88dd0a3 [publish] Releasing Byte Buddy 1.18.11
  • 46fcade [release] Release new version
  • 6a68de6 Prevent path traversal from crafted type names when writing class files to fo...
  • 9ba4ab6 Pin ClusterFuzzLite base image and actions by hash.
  • dd4f81e Add SBOM to build.
  • 7dd9a0d Update internal Byte Buddy and release notes
  • d6b3e15 [publish] Start next development iteration 1.18.11-SNAPSHOT
  • e85623d [publish] Releasing Byte Buddy 1.18.10
  • e3bfa68 [release] Release new version
  • 5821ccc Delay disabling of unsafe by default to Java 26 and improve on error message.
  • Additional commits viewable in compare view

Updates org.checkerframework:checker-qual from 3.53.1 to 4.2.1

Release notes

Sourced from org.checkerframework:checker-qual's releases.

Checker Framework 4.2.1

Version 4.2.1 (2026-07-01)

Closed issues

#7726.

Checker Framework 4.2.0

Version 4.2.0 (2026-06-01)

User-visible changes

Renamed error message key "createsmustcallfor.target.unparseable" to "createsmustcallfor.target.unparsable".

Implementation details

In AnnotatedTypeFactory:

  • new overload canonicalAnnotation(AnnotationMirror, TypeMirror).

In TypeHierarchy:

  • new methods equalsShallowEffective().

Closed issues

#7676, #7679, #7680, #7695, #7697, #7699, #7700, #7727.

Checker Framework 4.1.0

Version 4.1.0 (2026-05-01)

User-visible changes

Removed deprecated script checker/bin-devel/build.sh; use ./gradlew assemble instead.

Removed deprecated names "builder", "object.construction", and "objectconstruction" for the Called Methods Checker.

Implementation details

New method annotation @DoesNotUnrefineReceiver.

In AnnotatedTypeFactory:

  • new method hasDoesNotUnrefineReceiver().
  • isAliasedTypeAnnotation() is now protected rather than public.

Closed issues

#6890, #7364, #7488.

... (truncated)

Changelog

Sourced from org.checkerframework:checker-qual's changelog.

Version 4.2.1 (2026-07-01)

Closed issues

#7726.

Version 4.2.0 (2026-06-01)

User-visible changes

Renamed error message key "createsmustcallfor.target.unparseable" to "createsmustcallfor.target.unparsable".

Implementation details

In AnnotatedTypeFactory:

  • new overload canonicalAnnotation(AnnotationMirror, TypeMirror).

In TypeHierarchy:

  • new methods equalsShallowEffective().

Closed issues

#7676, #7679, #7680, #7695, #7697, #7699, #7700, #7727.

Version 4.1.0 (2026-05-01)

User-visible changes

Removed deprecated script checker/bin-devel/build.sh; use ./gradlew assemble instead.

Removed deprecated names "builder", "object.construction", and "objectconstruction" for the Called Methods Checker.

Implementation details

New method annotation @DoesNotUnrefineReceiver.

In AnnotatedTypeFactory:

  • new method hasDoesNotUnrefineReceiver().
  • isAliasedTypeAnnotation() is now protected rather than public.

Closed issues

#6890, #7364, #7488.

Version 4.0.0 (2026-04-07)

... (truncated)

Commits

Updates org.eclipse.parsson:parsson from 1.1.7 to 1.1.9

Release notes

Sourced from org.eclipse.parsson:parsson's releases.

1.1.9

What's Changed

Full Changelog: eclipse-ee4j/parsson@1.1.8...1.1.9

1.1.8

What's Changed

New Contributors

Full Changelog: eclipse-ee4j/parsson@1.1.7...1.1.8

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Jul 5, 2026
@wadoon

wadoon commented Jul 5, 2026

Copy link
Copy Markdown
Collaborator

@dependabot rebase

Bumps the deps group with 26 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| com.diffplug.spotless | `8.4.0` | `8.8.0` |
| [com.helger:parser-generator-cc](https://github.com/phax/ParserGeneratorCC) | `1.1.4` | `2.0.1` |
| [se.bjurr.violations:violations-lib](https://github.com/tomasbjerre/violations-lib) | `1.160.4` | `1.160.5` |
| [org.jetbrains.kotlinx:kotlinx-serialization-core](https://github.com/Kotlin/kotlinx.serialization) | `1.10.0` | `1.11.0` |
| [com.gradleup.shadow](https://github.com/GradleUp/shadow) | `9.3.2` | `9.4.3` |
| [com.vanniktech.maven.publish:com.vanniktech.maven.publish.gradle.plugin](https://github.com/vanniktech/gradle-maven-publish-plugin) | `0.36.0` | `0.37.0` |
| [gradle-wrapper](https://github.com/gradle/gradle) | `9.5.0` | `9.6.1` |
| [com.google.guava:guava](https://github.com/google/guava) | `33.5.0-jre` | `33.6.0-jre` |
| [com.squareup.okhttp3:okhttp](https://github.com/square/okhttp) | `5.3.2` | `5.4.0` |
| [com.squareup.okhttp3:okhttp-jvm](https://github.com/square/okhttp) | `5.3.2` | `5.4.0` |
| [net.bytebuddy:byte-buddy-agent](https://github.com/raphw/byte-buddy) | `1.18.4` | `1.18.11` |
| [org.checkerframework:checker-qual](https://github.com/typetools/checker-framework) | `3.53.1` | `4.2.1` |
| [org.eclipse.parsson:parsson](https://github.com/eclipse-ee4j/parsson) | `1.1.7` | `1.1.9` |
| [org.javassist:javassist](https://github.com/jboss-javassist/javassist) | `3.30.2-GA` | `3.32.0-GA` |
| [org.junit.jupiter:junit-jupiter-engine](https://github.com/junit-team/junit-framework) | `6.0.3` | `6.1.1` |
| [org.junit.jupiter:junit-jupiter-params](https://github.com/junit-team/junit-framework) | `6.0.3` | `6.1.1` |
| [org.junit.jupiter:junit-jupiter-api](https://github.com/junit-team/junit-framework) | `6.0.3` | `6.1.1` |
| [com.google.code.gson:gson](https://github.com/google/gson) | `2.13.2` | `2.14.0` |
| [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) | `1.5.32` | `1.5.37` |
| [org.projectlombok:lombok](https://github.com/projectlombok/lombok) | `1.18.42` | `1.18.46` |
| [org.jetbrains.kotlin:kotlin-gradle-plugin](https://github.com/JetBrains/kotlin) | `2.2.21` | `2.4.0` |
| [org.jetbrains.kotlin.jvm](https://github.com/JetBrains/kotlin) | `2.2.21` | `2.4.0` |
| [io.ktor:ktor-server-core](https://github.com/ktorio/ktor) | `3.4.1` | `3.5.1` |
| [io.ktor:ktor-server-netty](https://github.com/ktorio/ktor) | `3.4.1` | `3.5.1` |
| [io.ktor:ktor-server-status-pages](https://github.com/ktorio/ktor) | `3.4.1` | `3.5.1` |
| [io.ktor:ktor-server-html-builder](https://github.com/ktorio/ktor) | `3.4.1` | `3.5.1` |



Updates `com.diffplug.spotless` from 8.4.0 to 8.8.0

Updates `com.helger:parser-generator-cc` from 1.1.4 to 2.0.1
- [Release notes](https://github.com/phax/ParserGeneratorCC/releases)
- [Commits](https://github.com/phax/ParserGeneratorCC/commits/parser-generator-cc-2.0.1)

Updates `se.bjurr.violations:violations-lib` from 1.160.4 to 1.160.5
- [Release notes](https://github.com/tomasbjerre/violations-lib/releases)
- [Changelog](https://github.com/tomasbjerre/violations-lib/blob/master/CHANGELOG.md)
- [Commits](tomasbjerre/violations-lib@1.160.4...1.160.5)

Updates `org.jetbrains.kotlinx:kotlinx-serialization-core` from 1.10.0 to 1.11.0
- [Release notes](https://github.com/Kotlin/kotlinx.serialization/releases)
- [Changelog](https://github.com/Kotlin/kotlinx.serialization/blob/master/CHANGELOG.md)
- [Commits](Kotlin/kotlinx.serialization@v1.10.0...v1.11.0)

Updates `org.jetbrains.kotlinx:kotlinx-serialization-json` from 1.10.0 to 1.11.0
- [Release notes](https://github.com/Kotlin/kotlinx.serialization/releases)
- [Changelog](https://github.com/Kotlin/kotlinx.serialization/blob/master/CHANGELOG.md)
- [Commits](Kotlin/kotlinx.serialization@v1.10.0...v1.11.0)

Updates `com.gradleup.shadow` from 9.3.2 to 9.4.3
- [Release notes](https://github.com/GradleUp/shadow/releases)
- [Commits](GradleUp/shadow@9.3.2...9.4.3)

Updates `com.vanniktech.maven.publish:com.vanniktech.maven.publish.gradle.plugin` from 0.36.0 to 0.37.0
- [Release notes](https://github.com/vanniktech/gradle-maven-publish-plugin/releases)
- [Changelog](https://github.com/vanniktech/gradle-maven-publish-plugin/blob/main/CHANGELOG.md)
- [Commits](vanniktech/gradle-maven-publish-plugin@0.36.0...0.37.0)

Updates `gradle-wrapper` from 9.5.0 to 9.6.1
- [Release notes](https://github.com/gradle/gradle/releases)
- [Commits](gradle/gradle@v9.5.0...v9.6.1)

Updates `com.google.guava:guava` from 33.5.0-jre to 33.6.0-jre
- [Release notes](https://github.com/google/guava/releases)
- [Commits](https://github.com/google/guava/commits)

Updates `com.squareup.okhttp3:okhttp` from 5.3.2 to 5.4.0
- [Changelog](https://github.com/square/okhttp/blob/master/CHANGELOG.md)
- [Commits](square/okhttp@parent-5.3.2...parent-5.4.0)

Updates `com.squareup.okhttp3:okhttp-jvm` from 5.3.2 to 5.4.0
- [Changelog](https://github.com/square/okhttp/blob/master/CHANGELOG.md)
- [Commits](square/okhttp@parent-5.3.2...parent-5.4.0)

Updates `net.bytebuddy:byte-buddy-agent` from 1.18.4 to 1.18.11
- [Release notes](https://github.com/raphw/byte-buddy/releases)
- [Changelog](https://github.com/raphw/byte-buddy/blob/master/release-notes.md)
- [Commits](raphw/byte-buddy@byte-buddy-1.18.4...byte-buddy-1.18.11)

Updates `org.checkerframework:checker-qual` from 3.53.1 to 4.2.1
- [Release notes](https://github.com/typetools/checker-framework/releases)
- [Changelog](https://github.com/typetools/checker-framework/blob/master/docs/CHANGELOG.md)
- [Commits](typetools/checker-framework@checker-framework-3.53.1...checker-framework-4.2.1)

Updates `org.eclipse.parsson:parsson` from 1.1.7 to 1.1.9
- [Release notes](https://github.com/eclipse-ee4j/parsson/releases)
- [Commits](eclipse-ee4j/parsson@1.1.7...1.1.9)

Updates `org.javassist:javassist` from 3.30.2-GA to 3.32.0-GA
- [Release notes](https://github.com/jboss-javassist/javassist/releases)
- [Changelog](https://github.com/jboss-javassist/javassist/blob/master/Changes.md)
- [Commits](https://github.com/jboss-javassist/javassist/commits)

Updates `org.junit.jupiter:junit-jupiter-engine` from 6.0.3 to 6.1.1
- [Release notes](https://github.com/junit-team/junit-framework/releases)
- [Commits](junit-team/junit-framework@r6.0.3...r6.1.1)

Updates `org.junit.jupiter:junit-jupiter-params` from 6.0.3 to 6.1.1
- [Release notes](https://github.com/junit-team/junit-framework/releases)
- [Commits](junit-team/junit-framework@r6.0.3...r6.1.1)

Updates `org.junit.jupiter:junit-jupiter-api` from 6.0.3 to 6.1.1
- [Release notes](https://github.com/junit-team/junit-framework/releases)
- [Commits](junit-team/junit-framework@r6.0.3...r6.1.1)

Updates `org.junit.jupiter:junit-jupiter-params` from 6.0.3 to 6.1.1
- [Release notes](https://github.com/junit-team/junit-framework/releases)
- [Commits](junit-team/junit-framework@r6.0.3...r6.1.1)

Updates `org.junit.jupiter:junit-jupiter-api` from 6.0.3 to 6.1.1
- [Release notes](https://github.com/junit-team/junit-framework/releases)
- [Commits](junit-team/junit-framework@r6.0.3...r6.1.1)

Updates `com.google.code.gson:gson` from 2.13.2 to 2.14.0
- [Release notes](https://github.com/google/gson/releases)
- [Changelog](https://github.com/google/gson/blob/main/CHANGELOG.md)
- [Commits](google/gson@gson-parent-2.13.2...gson-parent-2.14.0)

Updates `ch.qos.logback:logback-classic` from 1.5.32 to 1.5.37
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](qos-ch/logback@v_1.5.32...v_1.5.37)

Updates `org.projectlombok:lombok` from 1.18.42 to 1.18.46
- [Changelog](https://github.com/projectlombok/lombok/blob/master/doc/changelog.markdown)
- [Commits](projectlombok/lombok@v1.18.42...v1.18.46)

Updates `org.jetbrains.kotlin:kotlin-gradle-plugin` from 2.2.21 to 2.4.0
- [Release notes](https://github.com/JetBrains/kotlin/releases)
- [Changelog](https://github.com/JetBrains/kotlin/blob/master/ChangeLog.md)
- [Commits](JetBrains/kotlin@v2.2.21...v2.4.0)

Updates `org.jetbrains.kotlin.jvm` from 2.2.21 to 2.4.0
- [Release notes](https://github.com/JetBrains/kotlin/releases)
- [Changelog](https://github.com/JetBrains/kotlin/blob/master/ChangeLog.md)
- [Commits](JetBrains/kotlin@v2.2.21...v2.4.0)

Updates `io.ktor:ktor-server-core` from 3.4.1 to 3.5.1
- [Release notes](https://github.com/ktorio/ktor/releases)
- [Changelog](https://github.com/ktorio/ktor/blob/main/CHANGELOG.md)
- [Commits](ktorio/ktor@3.4.1...3.5.1)

Updates `io.ktor:ktor-server-netty` from 3.4.1 to 3.5.1
- [Release notes](https://github.com/ktorio/ktor/releases)
- [Changelog](https://github.com/ktorio/ktor/blob/main/CHANGELOG.md)
- [Commits](ktorio/ktor@3.4.1...3.5.1)

Updates `io.ktor:ktor-server-status-pages` from 3.4.1 to 3.5.1
- [Release notes](https://github.com/ktorio/ktor/releases)
- [Changelog](https://github.com/ktorio/ktor/blob/main/CHANGELOG.md)
- [Commits](ktorio/ktor@3.4.1...3.5.1)

Updates `io.ktor:ktor-server-html-builder` from 3.4.1 to 3.5.1
- [Release notes](https://github.com/ktorio/ktor/releases)
- [Changelog](https://github.com/ktorio/ktor/blob/main/CHANGELOG.md)
- [Commits](ktorio/ktor@3.4.1...3.5.1)

Updates `io.ktor:ktor-server-netty` from 3.4.1 to 3.5.1
- [Release notes](https://github.com/ktorio/ktor/releases)
- [Changelog](https://github.com/ktorio/ktor/blob/main/CHANGELOG.md)
- [Commits](ktorio/ktor@3.4.1...3.5.1)

Updates `io.ktor:ktor-server-status-pages` from 3.4.1 to 3.5.1
- [Release notes](https://github.com/ktorio/ktor/releases)
- [Changelog](https://github.com/ktorio/ktor/blob/main/CHANGELOG.md)
- [Commits](ktorio/ktor@3.4.1...3.5.1)

Updates `io.ktor:ktor-server-html-builder` from 3.4.1 to 3.5.1
- [Release notes](https://github.com/ktorio/ktor/releases)
- [Changelog](https://github.com/ktorio/ktor/blob/main/CHANGELOG.md)
- [Commits](ktorio/ktor@3.4.1...3.5.1)

Updates `org.jetbrains.kotlin.jvm` from 2.2.21 to 2.4.0
- [Release notes](https://github.com/JetBrains/kotlin/releases)
- [Changelog](https://github.com/JetBrains/kotlin/blob/master/ChangeLog.md)
- [Commits](JetBrains/kotlin@v2.2.21...v2.4.0)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.37
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: deps
- dependency-name: com.diffplug.spotless
  dependency-version: 8.8.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: deps
- dependency-name: com.google.code.gson:gson
  dependency-version: 2.14.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: deps
- dependency-name: com.google.guava:guava
  dependency-version: 33.6.0-jre
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: deps
- dependency-name: com.gradleup.shadow
  dependency-version: 9.4.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: deps
- dependency-name: com.helger:parser-generator-cc
  dependency-version: 2.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: deps
- dependency-name: com.squareup.okhttp3:okhttp
  dependency-version: 5.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: deps
- dependency-name: com.squareup.okhttp3:okhttp-jvm
  dependency-version: 5.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: deps
- dependency-name: com.vanniktech.maven.publish:com.vanniktech.maven.publish.gradle.plugin
  dependency-version: 0.37.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: deps
- dependency-name: gradle-wrapper
  dependency-version: 9.6.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: deps
- dependency-name: io.ktor:ktor-server-core
  dependency-version: 3.5.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: deps
- dependency-name: io.ktor:ktor-server-html-builder
  dependency-version: 3.5.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: deps
- dependency-name: io.ktor:ktor-server-html-builder
  dependency-version: 3.5.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: deps
- dependency-name: io.ktor:ktor-server-netty
  dependency-version: 3.5.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: deps
- dependency-name: io.ktor:ktor-server-netty
  dependency-version: 3.5.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: deps
- dependency-name: io.ktor:ktor-server-status-pages
  dependency-version: 3.5.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: deps
- dependency-name: io.ktor:ktor-server-status-pages
  dependency-version: 3.5.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: deps
- dependency-name: net.bytebuddy:byte-buddy-agent
  dependency-version: 1.18.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: deps
- dependency-name: org.checkerframework:checker-qual
  dependency-version: 4.2.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: deps
- dependency-name: org.eclipse.parsson:parsson
  dependency-version: 1.1.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: deps
- dependency-name: org.javassist:javassist
  dependency-version: 3.32.0-GA
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: deps
- dependency-name: org.jetbrains.kotlin.jvm
  dependency-version: 2.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: deps
- dependency-name: org.jetbrains.kotlin.jvm
  dependency-version: 2.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: deps
- dependency-name: org.jetbrains.kotlin:kotlin-gradle-plugin
  dependency-version: 2.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: deps
- dependency-name: org.jetbrains.kotlinx:kotlinx-serialization-core
  dependency-version: 1.11.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: deps
- dependency-name: org.jetbrains.kotlinx:kotlinx-serialization-json
  dependency-version: 1.11.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: deps
- dependency-name: org.junit.jupiter:junit-jupiter-api
  dependency-version: 6.1.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: deps
- dependency-name: org.junit.jupiter:junit-jupiter-api
  dependency-version: 6.1.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: deps
- dependency-name: org.junit.jupiter:junit-jupiter-engine
  dependency-version: 6.1.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: deps
- dependency-name: org.junit.jupiter:junit-jupiter-params
  dependency-version: 6.1.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: deps
- dependency-name: org.junit.jupiter:junit-jupiter-params
  dependency-version: 6.1.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: deps
- dependency-name: org.projectlombok:lombok
  dependency-version: 1.18.46
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: deps
- dependency-name: se.bjurr.violations:violations-lib
  dependency-version: 1.160.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: deps
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title Bump the deps group with 27 updates Bump the deps group across 1 directory with 27 updates Jul 5, 2026
@dependabot dependabot Bot force-pushed the dependabot/gradle/deps-a6dd0a7589 branch from 553cb15 to fea5201 Compare July 5, 2026 02:13
@wadoon wadoon closed this Jul 5, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jul 5, 2026

Copy link
Copy Markdown
Author

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

@dependabot dependabot Bot deleted the dependabot/gradle/deps-a6dd0a7589 branch July 5, 2026 02:43
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

dependencies Pull requests that update a dependency file java Pull requests that update Java code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant