Bump the libs group across 1 directory with 16 updates

[dependabot]

Bumps the libs group with 16 updates in the / directory:

Package	From	To
org.jetbrains.kotlinx:kotlinx-serialization-json	1.7.3	1.8.0
io.arrow-kt:arrow-core	1.2.4	2.0.1
io.arrow-kt:arrow-fx-coroutines	1.2.4	2.0.1
com.nimbusds:nimbus-jose-jwt	9.48	10.0.1
com.nimbusds:oauth2-oidc-sdk	11.20	11.21.3
org.bouncycastle:bcpkix-jdk18on	1.79	1.80
org.keycloak:keycloak-admin-client	26.0.2	26.0.4
id.walt.mdoc-credentials:waltid-mdoc-credentials-jvm	0.10.0	1.0.2501150932-fix-reusable-workflow-secret-reference
com.eygraber:uri-kmp	0.0.18	0.0.19
org.springframework.boot	3.4.1	3.4.2
com.diffplug.spotless	6.25.0	7.0.2
org.jetbrains.kotlin.jvm	2.0.20	2.1.10
org.jetbrains.kotlin.plugin.spring	2.0.20	2.1.10
org.jetbrains.kotlin.plugin.serialization	2.0.20	2.1.10
org.owasp.dependencycheck	11.1.1	12.0.2
org.sonarqube	5.1.0.4882	6.0.1.5171

Updates org.jetbrains.kotlinx:kotlinx-serialization-json from 1.7.3 to 1.8.0

Release notes

Sourced from org.jetbrains.kotlinx:kotlinx-serialization-json's releases.

1.8.0

This release contains all of the changes from 1.8.0-RC. Kotlin 2.1.0 is used as a default, while upcoming 2.1.10 is also supported. Also added small bugfixes, including speedup of ProtoWireType.from (#2879).

Changelog for 1.8.0-RC is presented below:

@JsonIgnoreUnknownKeys annotation

Previously, only global setting JsonBuilder.ignoreUnknownKeys controlled whether Json parser would throw exception if input contained a property that was not declared in a @Serializable class. There were a lot of complaints that this setting is not flexible enough. To address them, we added new @JsonIgnoreUnknownKeys annotation that can be applied on a per-class basis. With this annotation, it is possible to allow unknown properties for annotated classes, while general decoding methods (such as Json.decodeFromString and others) would still reject them for everything else. See details in the corresponding PR.

Stabilization of SerialDescriptor API and @SealedSerializationApi annotation

SerialDescriptor, SerialKind, and related API has been around for a long time and has proven itself useful. The main reason @ExperimentalSerializationApi was on SerialDescriptor's properties is that we wanted to discourage people from subclassing it. Fortunately, Kotlin 2.1 provides a special mechanism for such a case — SubclassOptInRequired. New kotlinx.serialization.SealedSerializationApi annotation designates APIs as public for use, but closed for implementation — the case for SerialDescriptor, which is a non-sealed interface for technical reasons. Now you can use most of SerialDescriptor and its builders API without the need to opt-in into experimental serialization API. See the PR for more details.

Note: All SerialKinds are stable API now, except PolymorphicKind — we may want to expand it in the future.

Generate Java 8's default method implementations in interfaces

TL;DR This change ensures better binary compatibility in the future for library. You should not experience any difference from it.

kotlinx.serialization library contains a lot of interfaces with default method implementations. Historically, Kotlin compiled a synthetic DefaultImpls class for them. Starting from Kotlin 1.4, it was possible to compile them using as Java 8's default methods to ensure that new methods can still be added to interfaces without the need for implementors to recompile. To preserve binary compatibility with existing clients, a special all-compatbility mode is supported in compiler to generate both default methods and synthetic DefaultImpls class.

Now, kotlinx.serialization finally makes use of this all-compatibility mode, which potentially allows us to add new methods to interfaces such as SerialDescriptor, Encoder, Decoder, etc., without breaking existing clients. This change is expected to have no effect on existing clients, and no action from your side is required.

... (truncated)

Changelog

Sourced from org.jetbrains.kotlinx:kotlinx-serialization-json's changelog.

1.8.0 / 2025-01-06

This release contains all of the changes from 1.8.0-RC. Kotlin 2.1.0 is used as a default, while upcoming 2.1.10 is also supported. Also added small bugfixes, including speedup of ProtoWireType.from (#2879).

1.8.0-RC / 2024-12-10

This is a release candidate for the next version. It is based on Kotlin 2.1.0 and includes a few new features, as well as bugfixes and improvements:

@JsonIgnoreUnknownKeys annotation

Previously, only global setting JsonBuilder.ignoreUnknownKeys controlled whether Json parser would throw exception if input contained a property that was not declared in a @Serializable class. There were a lot of complaints that this setting is not flexible enough. To address them, we added new @JsonIgnoreUnknownKeys annotation that can be applied on a per-class basis. With this annotation, it is possible to allow unknown properties for annotated classes, while general decoding methods (such as Json.decodeFromString and others) would still reject them for everything else. See details in the corresponding PR.

Stabilization of SerialDescriptor API and @SealedSerializationApi annotation

SerialDescriptor, SerialKind, and related API has been around for a long time and has proven itself useful. The main reason @ExperimentalSerializationApi was on SerialDescriptor's properties is that we wanted to discourage people from subclassing it. Fortunately, Kotlin 2.1 provides a special mechanism for such a case — SubclassOptInRequired. New kotlinx.serialization.SealedSerializationApi annotation designates APIs as public for use, but closed for implementation — the case for SerialDescriptor, which is a non-sealed interface for technical reasons. Now you can use most of SerialDescriptor and its builders API without the need to opt-in into experimental serialization API. See the PR for more details.

Note: All SerialKinds are stable API now, except PolymorphicKind — we may want to expand it in the future.

Generate Java 8's default method implementations in interfaces

TL;DR This change ensures better binary compatibility in the future for library. You should not experience any difference from it.

kotlinx.serialization library contains a lot of interfaces with default method implementations. Historically, Kotlin compiled a synthetic DefaultImpls class for them. Starting from Kotlin 1.4, it was possible to compile them using as Java 8's default methods to ensure that new methods can still be added to interfaces without the need for implementors to recompile. To preserve binary compatibility with existing clients, a special all-compatbility mode is supported in compiler

... (truncated)

Commits

• f9f160a Prepare 1.8.0 release
• f17c83f Fix CompositeDecoder.decodeSequentially() documentation
• c645f52 Restructure source-sets-conventions.gradle.kts
• fa797bc Add tests for UuidSerializer that were supposed to work in Kotlin 2.1 (#2884)
• d62f3b8 Speedup ProtoWriteType.from (#2879)
• db217e4 Merge remote-tracking branch 'origin/master' into dev
• 69050a3 Prepare 1.8.0-RC release (#2880)
• c4f798c Update to Kotlin 2.1.0 and some housekeeping: (#2877)
• 7204a36 [Cbor] correctly skip structures with ignoreUnknownKeys setting (#2873)
• aee6336 Introduce @​JsonIgnoreUnknownKeys annotation (#2874)
• Additional commits viewable in compare view

Updates io.arrow-kt:arrow-core from 1.2.4 to 2.0.1

Release notes

Sourced from io.arrow-kt:arrow-core's releases.

2.0.1

Bugfix release, including new Android targets, and more WebAssembly!

New Contributors

• @​Rawa made their first contribution in arrow-kt/arrow#3548
• @​illarionov made their first contribution in arrow-kt/arrow#3544
• @​PavlosTze made their first contribution in arrow-kt/arrow#3550
• @​FWest98 made their first contribution in arrow-kt/arrow#3559

Full Changelog: arrow-kt/arrow@2.0.0...2.0.1

2.0.1-alpha.1

What's Changed

• Remove old Arrow 2.0 warning by @​Rawa in arrow-kt/arrow#3548
• Remove deprecated getHandle() from KDoc in Either by @​illarionov in arrow-kt/arrow#3544
• Align generic name of non-empty collections with the underlying ones by @​serras in arrow-kt/arrow#3549

New Contributors

• @​Rawa made their first contribution in arrow-kt/arrow#3548
• @​illarionov made their first contribution in arrow-kt/arrow#3544

Full Changelog: arrow-kt/arrow@2.0.0...2.0.1-alpha.1

2.0.0

The new major release of Arrow! 🎉

This version strives to be source compatible with 1.2, if deprecated methods and classes are not used. Please check the Arrow website for the full release notes.

2.0.0-rc.1

Release candidate for the new major version

2.0.0-beta.3

No release notes provided.

Changelog

Sourced from io.arrow-kt:arrow-core's changelog.

Release flow

0. Previous checks

• No broken links in the website
• Dependencies in arrow-stack/build.gradle:
  • The new modules are considered
  • The old modules don't appear

1. Create a pull request

Prepare a pull request with these changes:

1. Update versions in arrow-libs/gradle.properties. For instance, the release version will be 0.10.5 and the next SNAPSHOT version will be 0.11.0-SNAPSHOT:

projects.version=0.11.0-SNAPSHOT
projects.latestVersion=0.10.5

2. Update versions in README.md

When merging that pull request, these things will happen automatically:

• New RELEASE version will be published for all the Arrow libraries into Sonatype staging repository.
• A tag will be created with the RELEASE version.
• Release notes will be created and associated to that tag.
• The website will be updated with a new RELEASE version (doc and doc/major.minor directories)

2. Close and release

Then, close and release the Sonatype repository to sync with Maven Central:

1. Login to https://oss.sonatype.org/ > Staging repositories
2. Check the content of the new staging repository
3. Select the staging repository and Close (it will check if the content meet the requirements)
4. Select the staging repository and Release to sync with Maven Central
5. Drop and repeat if there are issues.

NOTE: This plugin provides tasks for closing and releasing the staging repositories. However, that plugin must be applied to the root project, and it would be necessary to discard modules for publication. Let's keep this note here to give it a try later on.

About signing artifacts with GPG/PGP

One of the requirements for artifacts available in Central Maven is being signed with GPG/PGP.

These secrets are involved to meet that requirement:

• ORG_GRADLE_PROJECT_SIGNINGKEY: private key from Generating a Key Pair
• ORG_GRADLE_PROJECT_SIGNINGPASSWORD: passphrase from Generating a Key Pair

To verify artifacts during Close task, the public key must be distributed to a key server: Distributing Your Public Key.

... (truncated)

Commits

• e843a55 Move to in-repo convention plug-in (#3567)
• 994815b Fix traversal invoke (#3566)
• 5297bba fix(deps): update all dependencies (#3562)
• 095c598 Do not run tests for WebAssembly + enable D8 (#3561)
• 0245973 fix(deps): update all dependencies (#3554)
• 6d2e218 chore(deps): update dependency com.diffplug.spotless to v7 (#3558)
• c98377b Add finer-grained validation for determining the symbols to defer during symb...
• f5f9ea4 Do not run flaky tests on corresponding platforms (#3555)
• 4700828 Update to Dokka 2.0 (#3553)
• 50a93dc fix(deps): update all dependencies (#3551)
• Additional commits viewable in compare view

Updates io.arrow-kt:arrow-fx-coroutines from 1.2.4 to 2.0.1

Release notes

Sourced from io.arrow-kt:arrow-fx-coroutines's releases.

2.0.1

Bugfix release, including new Android targets, and more WebAssembly!

New Contributors

• @​Rawa made their first contribution in arrow-kt/arrow#3548
• @​illarionov made their first contribution in arrow-kt/arrow#3544
• @​PavlosTze made their first contribution in arrow-kt/arrow#3550
• @​FWest98 made their first contribution in arrow-kt/arrow#3559

Full Changelog: arrow-kt/arrow@2.0.0...2.0.1

2.0.1-alpha.1

What's Changed

• Remove old Arrow 2.0 warning by @​Rawa in arrow-kt/arrow#3548
• Remove deprecated getHandle() from KDoc in Either by @​illarionov in arrow-kt/arrow#3544
• Align generic name of non-empty collections with the underlying ones by @​serras in arrow-kt/arrow#3549

New Contributors

• @​Rawa made their first contribution in arrow-kt/arrow#3548
• @​illarionov made their first contribution in arrow-kt/arrow#3544

Full Changelog: arrow-kt/arrow@2.0.0...2.0.1-alpha.1

2.0.0

The new major release of Arrow! 🎉

This version strives to be source compatible with 1.2, if deprecated methods and classes are not used. Please check the Arrow website for the full release notes.

2.0.0-rc.1

Release candidate for the new major version

2.0.0-beta.3

No release notes provided.

Changelog

Sourced from io.arrow-kt:arrow-fx-coroutines's changelog.

Release flow

0. Previous checks

• No broken links in the website
• Dependencies in arrow-stack/build.gradle:
  • The new modules are considered
  • The old modules don't appear

1. Create a pull request

Prepare a pull request with these changes:

1. Update versions in arrow-libs/gradle.properties. For instance, the release version will be 0.10.5 and the next SNAPSHOT version will be 0.11.0-SNAPSHOT:

projects.version=0.11.0-SNAPSHOT
projects.latestVersion=0.10.5

2. Update versions in README.md

When merging that pull request, these things will happen automatically:

• New RELEASE version will be published for all the Arrow libraries into Sonatype staging repository.
• A tag will be created with the RELEASE version.
• Release notes will be created and associated to that tag.
• The website will be updated with a new RELEASE version (doc and doc/major.minor directories)

2. Close and release

Then, close and release the Sonatype repository to sync with Maven Central:

1. Login to https://oss.sonatype.org/ > Staging repositories
2. Check the content of the new staging repository
3. Select the staging repository and Close (it will check if the content meet the requirements)
4. Select the staging repository and Release to sync with Maven Central
5. Drop and repeat if there are issues.

NOTE: This plugin provides tasks for closing and releasing the staging repositories. However, that plugin must be applied to the root project, and it would be necessary to discard modules for publication. Let's keep this note here to give it a try later on.

About signing artifacts with GPG/PGP

One of the requirements for artifacts available in Central Maven is being signed with GPG/PGP.

These secrets are involved to meet that requirement:

• ORG_GRADLE_PROJECT_SIGNINGKEY: private key from Generating a Key Pair
• ORG_GRADLE_PROJECT_SIGNINGPASSWORD: passphrase from Generating a Key Pair

To verify artifacts during Close task, the public key must be distributed to a key server: Distributing Your Public Key.

... (truncated)

Commits

• e843a55 Move to in-repo convention plug-in (#3567)
• 994815b Fix traversal invoke (#3566)
• 5297bba fix(deps): update all dependencies (#3562)
• 095c598 Do not run tests for WebAssembly + enable D8 (#3561)
• 0245973 fix(deps): update all dependencies (#3554)
• 6d2e218 chore(deps): update dependency com.diffplug.spotless to v7 (#3558)
• c98377b Add finer-grained validation for determining the symbols to defer during symb...
• f5f9ea4 Do not run flaky tests on corresponding platforms (#3555)
• 4700828 Update to Dokka 2.0 (#3553)
• 50a93dc fix(deps): update all dependencies (#3551)
• Additional commits viewable in compare view

Updates io.arrow-kt:arrow-fx-coroutines from 1.2.4 to 2.0.1

Release notes

Sourced from io.arrow-kt:arrow-fx-coroutines's releases.

2.0.1

Bugfix release, including new Android targets, and more WebAssembly!

New Contributors

• @​Rawa made their first contribution in arrow-kt/arrow#3548
• @​illarionov made their first contribution in arrow-kt/arrow#3544
• @​PavlosTze made their first contribution in arrow-kt/arrow#3550
• @​FWest98 made their first contribution in arrow-kt/arrow#3559

Full Changelog: arrow-kt/arrow@2.0.0...2.0.1

2.0.1-alpha.1

What's Changed

• Remove old Arrow 2.0 warning by @​Rawa in arrow-kt/arrow#3548
• Remove deprecated getHandle() from KDoc in Either by @​illarionov in arrow-kt/arrow#3544
• Align generic name of non-empty collections with the underlying ones by @​serras in arrow-kt/arrow#3549

New Contributors

• @​Rawa made their first contribution in arrow-kt/arrow#3548
• @​illarionov made their first contribution in arrow-kt/arrow#3544

Full Changelog: arrow-kt/arrow@2.0.0...2.0.1-alpha.1

2.0.0

The new major release of Arrow! 🎉

This version strives to be source compatible with 1.2, if deprecated methods and classes are not used. Please check the Arrow website for the full release notes.

2.0.0-rc.1

Release candidate for the new major version

2.0.0-beta.3

No release notes provided.

Changelog

Sourced from io.arrow-kt:arrow-fx-coroutines's changelog.

Release flow

0. Previous checks

• No broken links in the website
• Dependencies in arrow-stack/build.gradle:
  • The new modules are considered
  • The old modules don't appear

1. Create a pull request

Prepare a pull request with these changes:

1. Update versions in arrow-libs/gradle.properties. For instance, the release version will be 0.10.5 and the next SNAPSHOT version will be 0.11.0-SNAPSHOT:

projects.version=0.11.0-SNAPSHOT
projects.latestVersion=0.10.5

2. Update versions in README.md

When merging that pull request, these things will happen automatically:

• New RELEASE version will be published for all the Arrow libraries into Sonatype staging repository.
• A tag will be created with the RELEASE version.
• Release notes will be created and associated to that tag.
• The website will be updated with a new RELEASE version (doc and doc/major.minor directories)

2. Close and release

Then, close and release the Sonatype repository to sync with Maven Central:

1. Login to https://oss.sonatype.org/ > Staging repositories
2. Check the content of the new staging repository
3. Select the staging repository and Close (it will check if the content meet the requirements)
4. Select the staging repository and Release to sync with Maven Central
5. Drop and repeat if there are issues.

NOTE: This plugin provides tasks for closing and releasing the staging repositories. However, that plugin must be applied to the root project, and it would be necessary to discard modules for publication. Let's keep this note here to give it a try later on.

About signing artifacts with GPG/PGP

One of the requirements for artifacts available in Central Maven is being signed with GPG/PGP.

These secrets are involved to meet that requirement:

• ORG_GRADLE_PROJECT_SIGNINGKEY: private key from Generating a Key Pair
• ORG_GRADLE_PROJECT_SIGNINGPASSWORD: passphrase from Generating a Key Pair

To verify artifacts during Close task, the public key must be distributed to a key server: Distributing Your Public Key.

... (truncated)

Commits

• e843a55 Move to in-repo convention plug-in (#3567)
• 994815b Fix traversal invoke (#3566)
• 5297bba fix(deps): update all dependencies (#3562)
• 095c598 Do not run tests for WebAssembly + enable D8 (#3561)
• 0245973 fix(deps): update all dependencies (#3554)
• 6d2e218 chore(deps): update dependency com.diffplug.spotless to v7 (#3558)
• c98377b Add finer-grained validation for determining the symbols to defer during symb...
• f5f9ea4 Do not run flaky tests on corresponding platforms (#3555)
• 4700828 Update to Dokka 2.0 (#3553)
• 50a93dc fix(deps): update all dependencies (#3551)
• Additional commits viewable in compare view

Updates com.nimbusds:nimbus-jose-jwt from 9.48 to 10.0.1

Changelog

Sourced from com.nimbusds:nimbus-jose-jwt's changelog.

9.48 (2024-12-20) * Adds static JWTClaimsSet.getClaimAsString(String) to get the specified JWT claim (registered or custom) as String, with primitive or Wrapper types converted to String.

10.0 (2025-01-02) * Removes the "fips" build profile, it was breaking the Gson dependency shading (iss #550). * Removes the optional BouncyCastle FIPS JCA provider and PKIX dependencies, not required in tests. * Updates to optional BouncyCastle 1.79 (JDK 1.8 on). * Updates pom.xml, bumps Maven plugins.

10.0.1 (2025-01-03) * Adds "Automatic-Module-Name: com.nimbusds.jose.jwt" to restore established module name (iss #550). * Cleans up unused "Multi-Release: true" (iss #550). * Updates Tink dependency to 1.16.0 (iss #571).

Commits

• 6c65f88 [maven-release-plugin] prepare for next development iteration
• fc656b6 Removes the BC "fips" build profile, it was breaking the GSon dependency shad...
• 11b9457 Updates pom.xml, bumps Maven plugins
• ea6c9f4 [maven-release-plugin] prepare release 10.0
• dd59601 [maven-release-plugin] prepare for next development iteration
• 9fd735f Removes unused import from JCASupportTest
• b7995df Adds "Automatic-Module-Name: com.nimbusds.jose.jwt" to restore established mo...
• acaae58 Cleans up unused "Multi-Release: true" (iss #550)
• 3537ec8 Updates Tink dependency to 1.16.0 (iss #571)
• dba7845 [maven-release-plugin] prepare release 10.0.1
• See full diff in compare view

Updates com.nimbusds:oauth2-oidc-sdk from 11.20 to 11.21.3

Changelog

Sourced from com.nimbusds:oauth2-oidc-sdk's changelog.

version 1.0 (2012-05-29) * First official release with authorisation endpoint, token endpoint, check ID endpoint and UserInfo endpoint support. * JSON Web Tokens (JWTs) support through the Nimbus-JWT library. * Language Tags (RFC 5646) support through the Nimbus-LangTag library. * JSON support through the JSON Smart library.

version 2.0 (2013-05-13) * Intermediary development release with Maven build, published to Maven Central.

version 2.1 (2013-06-06) * Updates the APIs to OpenID Connect Messages draft 20, OpenID Connect Standard draft 21, OpenID Connect Discovery draft 17 and OpenID Connect Registration draft 19. * Major refactoring of the APIs for greater simplicity. * Adds JUnit tests.

version 2.2 (2013-06-18) * Refactors dynamic OpenID Connect client registration. * Adds partial support of the OAuth 2.0 Dynamic Client Registration Protocol (draft-ietf-oauth-dyn-reg-12). * Optimises parsing of request parameters consisting of one or more tokens (scope, response type, etc).

version 2.3 (2013-06-19) * Renames OAuth 2.0 dynamic client registration package. * Adds ClientInformation.getClientMetadata() method. * Adds OIDCClientInformation class.

version 2.4 (2013-06-20) * Adds static OIDCClientInformation.parse(JSONObject) method.

version 2.5 (2013-06-22) * Adds support OAuth 2.0 dynamic client update. * Adds OpenID Connect dynamic client registration classes.

version 2.6 (2013-06-25) * Enforces order of preference of ACR values in OpenID Connect client metadata, as required by the specification. * Documentation and performance improvements.

version 2.7 (2013-06-26) * Switches Identifier generation to java.security.SecureRandom.

version 2.8 (2013-06-30) * Fixes serialisation and assignment bugs in ClientMetadata. * Switches Secret generation to java.security.SecureRandom.

version 2.9 (2013-09-17)

... (truncated)

Commits

• 2dd5cc1 [maven-release-plugin] prepare release 11.20.1
• a6905d6 [maven-release-plugin] prepare for next development iteration
• 8492b06 Do not include URISyntaxException messages in ParseException error_descriptio...
• fc5322f Updates the test c2id-net-chain.pem
• fd735f1 Bumps deps
• 6ebbdbc [maven-release-plugin] prepare release 11.20.2
• 17326ed [maven-release-plugin] prepare for next development iteration
• a265e95 TokenTypeURI.DEVICE_SECRET is changed to urn:openid:params:token-type:device-...
• 2f2366c JWTAssertionDetails.toJSONObject() must return a string "aud" claim when the ...
• e272e8b Makes PrivateKeyJWTTest "aud" test values realistic (iss #488)
• Additional commits viewable in compare view

Updates org.bouncycastle:bcpkix-jdk18on from 1.79 to 1.80

Changelog

Sourced from org.bouncycastle:bcpkix-jdk18on's changelog.

2.1.1 Version Release: 1.80 Date:      2025, 14th January.

... (truncated)

Commits

• See full diff in compare view

Updates org.keycloak:keycloak-admin-client from 26.0.2 to 26.0.4

Updates id.walt.mdoc-credentials:waltid-mdoc-credentials-jvm from 0.10.0 to 1.0.2501150932-fix-reusable-workflow-secret-reference

Updates com.eygraber:uri-kmp from 0.0.18 to 0.0.19

Release notes

Sourced from com.eygraber:uri-kmp's releases.

Release 0.0.19

⚙️ Chores

• Use Java 21 (#320)
• Automerge develocity plugin updates (#368)
• Make the POM compatible with licensee (#377)

📖 Documentation

• Enable syntax highlighting. (#360)

📦 Dependencies

• Update dependency gradle to v8.7 (#305)
• Update dependency io.gitlab.arturbosch.detekt:detekt-gradle-plugin to v1.23.6 (#307)
• Update ghcr.io/danger/danger-kotlin Docker tag to v1.3.0 (#306)
• Update dependency org.robolectric:robolectric to v4.12 (#308)
• Update dependency org.robolectric:robolectric to v4.12.1 (#309)
• Update plugin com.gradle.enterprise to v3.17 (#310)
• Replace gradle enterprise with develocity (#311)
• Update plugin com.gradle.develocity to v3.17.1 (#313)
• Update dependency com.android.tools.build:gradle to v8.3.2 (#314)
• Update gradle/wrapper-validation-action action to v2.1.3 (#315)
• Update plugin com.eygraber.conventions.settings to v0.0.71 (#316)
• Update dependency com.eygraber.conventions to v0.0.71 (#318)
• Update plugin com.gradle.develocity to v3.17.2 (#321)
• Update danger/kotlin action to v1.3.1 (#322)
• Update dependency com.android.tools.build:gradle to v8.4.0 (#323)
• Update dependency org.jetbrains.kotlin:kotlin-gradle-plugin to v1.9.24 (#324)
• Update plugin com.gradle.develocity to v3.17.3 (#325)
• Update plugin com.gradle.develocity to v3.17.4 (#326)
• Update dependency org.robolectric:robolectric to v4.12.2 (#327)
• Update dependency com.android.tools.build:gradle to v8.4.1 (#330)
• Kotlin 2.0.0 (#332)
• Update gradle-conventions to 0.0.74 (#334)
• Update dependency gradle to v8.8 (#336)
• Update dependency com.pinterest.ktlint:ktlint-bom to v1.3.0 (#337)
• Update dependency com.android.tools.build:gradle to v8.4.2 (#339)
• Update plugin com.gradle.develocity to v3.17.5 (#340)
• Update dependency com.android.tools.build:gradle to v8.5.0 (#341)
• Update dependency com.vanniktech:gradle-maven-publish-plugin to v0.29.0 (#342)
• Update dependency androidx.test.ext:junit to v1.2.0 (#343)
• Update dependency androidx.test.ext:junit to v1.2.1 (#344)
• Update gradle-conventions to v0.0.75 (#345)
• Update dependency com.pinterest.ktlint:ktlint-bom to v1.3.1 (#346)
• Update dependency org.robolectric:robolectric to v4.13 (#347)
• Update dependency gradle to v8.9 (#348)
• Update dependency com.android.tools.build:gradle to v8.5.1 (#349)
• Update plugin com.gradle.develocity to v3.17.6 (#350)
• Update mikepenz/release-changelog-builder-action action to v5 (#351)

... (truncated)

Commits

• 79ec58f Update dependency com.android.tools.build:gradle to v8.8.0
• 5ceb074 Update dependency gradle to v8.12
• 9f6ce03 Update plugin com.gradle.develocity to v3.19 (#387)
• 129e04c Update dependency com.pinterest.ktlint:ktlint-bom to v1.5.0
• 724d856 Update dependency com.android.tools.build:gradle to v8.7.3
• 5bf28f8 Update danger/kotlin action to v1.3.2
• 4bdd8a8 Use new kotlinx browser library for wasmJs
• 6b31554 Enable incremental wasm compilation
• 21126a6 Enable KLIB cross compilation
• 5f52fc7 Fix detekt violations
• Additional commits viewable in compare view

Updates org.springframework.boot from 3.4.1 to 3.4.2

Release notes

Sourced from org.springframework.boot's releases.

v3.4.2

🐞 Bug Fixes

• Property metadata for "logging.structured.json.customizer" has incorrect type #43916
• GraylogExtendedLogFormatProperties throws NullPointerException when only 'logging.structured.gelf.host' is specified #43863
• Structured logging properties have no effect in a native image #43862
• Docker Compose support for ClickHouse does not allow an empty password when ALLOW_EMPTY_PASSWORD=yes #43790
• docker compose ps now fails due to unknown --orphans flag with 2.23 or earlier #43717
• Build info timestamp is truncated to seconds #43617
• FileWatcher used for SSL reload does not support symlinks #43604
• BindableRuntimeHintsRegistrar should handle TypeNotPresentException #43600
• CapturedOutput is empty when using Log4J2 StatusLogger #43578
• Spring Boot 3.4 is not compatible with Gson 2.10 #43442
• NoClassDefFoundError when using JUnit to test a Gradle 7.6.x app that depends on spring-boot-actuator-autoconfigure but not on org.junit.platform:junit-platform-launcher #43340

📔 Documentation

• Document that the @ConfigurationProperties annotation processor cannot generate description and defaultValue metadata for external types #43929
• Fix description of management.metrics.graphql.autotime.enabled #43905
• Document 'base64:' prefix support #43835
• Document handling of @Fallback beans in ConditionalOnSingleCandidate's javadoc #43826
• Javadoc of DataSourceBuilder does not reference all supported types #43732
• Update OpenTelemetry section in Supported Monitoring Systems to refer to OTLP instead #43729
• Consistently document the minimum supported versions of Gradle #43725
• Document that system libraries are a reason to customize the builder and switch away from builder-jammy-java-tiny #43716
• Links to the Javadoc of Jakarta Messaging are invalid #43662
• Paragraph HTML tags are rendered as-is in Maven Plugin reference documentation #43623
• Javadoc link for jakarta.xml.bind is invalid #43607
• Documentation still has references to 'layertools' #43605
• Javadoc of ConstructorBinding should not use markdown formatting #43599
• Managed Dependency Coordinates lists Spock and OkHttp dependencies that are not managed #43584

🔨 Dependency Upgrades

• Upgrade to ActiveMQ 6.1.5 #43791
• Upgrade to Commons Codec 1.17.2 #43720
• Upgrade to Couchbase Client 3.7.7 #43843
• Upgrade to FreeMarker 2.3.34 #43721
• Upgrade to Hibernate 6.6.5.Final #43910
• Upgrade to HttpCore5 5.3.2 #43792
• Upgrade to Infinispan 15.0.12.Final #43911
• Upgrade to Jersey 3.1.10 #43793
• Upgrade to jOOQ 3.19.18 #43844
• Upgrade to Lettuce 6.4.2.RELEASE #43609
• Upgrade to Logback 1.5.16 #43715
• Upgrade to Micrometer 1.14.3 #43745
• Upgrade to Micrometer Tracing 1.4.2 #43746
• Upgrade to Netty 4.1.117.Final #43845
• Upgrade to Postgresql 42.7.5 #43846
• Upgrade to Pulsar 3.3.4 #43912

... (truncated)

Commits

• f775945 Release v3.4.2
• 068b960 Merge branch '3.3.x' into 3.4.x
• 34c8353 Next development version (v3.3.9-SNAPSHOT)
• f184e98 Merge branch '3.3.x' into 3.4.x
• 390963f Document when defaultValue and description cannot be extracted
• ef82719 Fix memory comparison in ProcessInfoTests
• 1e35a0b Correct the type of logging.structured.json.customizer
• 24e40e8 Upgrade to Spring Pulsar 1.2.2
• 30dd62a Merge branch '3.3.x' into 3.4.x
• a3eaafb Upgrade to Spring Pulsar 1.1.8
• Additional commits viewable in compare view

Updates com.diffplug.spotless from 6.25.0 to 7.0.2

Updates org.jetbrains.kotlin.jvm from 2.0.20 to 2.1.10

Release notes

Sourced from

[dependabot]

Superseded by #271.