Bump the app-dependencies group across 1 directory with 3 updates

[dependabot]

Bumps the app-dependencies group with 3 updates in the / directory: org.mnode.ical4j:ical4j, org.jetbrains.kotlinx:kotlinx-serialization-json and io.modelcontextprotocol:kotlin-sdk.

Updates org.mnode.ical4j:ical4j from 4.2.4 to 4.2.5

Commits

• 6ea5892 Merge pull request #873 from ical4j/develop
• dd62a34 fix: correct typo in test name for weekday parsing
• 8e9bf42 Update src/main/java/net/fortuna/ical4j/model/Recur.java
• 5f8cbc5 Update src/main/java/net/fortuna/ical4j/model/Recur.java
• fb08735 test: add cleanup steps to clear system properties in ConfiguratorTest
• 313d71b refactor: replace JetBrains annotations with JSpecify annotations
• ca65f8d Merge pull request #871 from cketti/android-compat-Scanner
• 28de589 Use different Scanner constructor for Android compatibility
• aac6c75 Merge pull request #870 from HCL-TECH-SOFTWARE/Fix_IllegalArgument
• 12ec935 Merge branch 'develop' into Fix_IllegalArgument
• Additional commits viewable in compare view

Updates org.jetbrains.kotlinx:kotlinx-serialization-json from 1.10.0 to 1.11.0

Release notes

Sourced from org.jetbrains.kotlinx:kotlinx-serialization-json's releases.

1.11.0

This release is based on Kotlin 2.3.20 and provides a new Json exceptions API and some bugfixes and improvements.

Expose Json exceptions structure

To make working with exceptions easier and providing proper error codes in e.g., REST APIs, classes JsonException, JsonDecodingException, and JsonEncodingException are now public. They have relevant public properties, such as shortMessage, path, offset, and others. This API is currently experimental, and we're going to improve it further in the subsequent releases. See the linked issues for the details: #1930, #1877.

Ability to hide user input from exception messages for security/privacy reasons.

Historically, exception messages in kotlinx.serialization often included the input Json itself for debuggability reason. Such behavior may pose additional challenges for logging, analytics, and other systems, since a system is not always allowed to store user data due to privacy/security reasons, which imposes additional sanitation logic. To address this issue, a new property exceptionsWithDebugInfo is added to JsonConfiguration. Disable it to hide user input from exception messages. IMPORTANT: This behavior will be enabled by default when this property becomes stable. See #2590 for more details.

Bugfixes and improvements

• CBOR: Relax value range check when decoding numbers (#3167)
• Use a specialized writeDecimalLong method for IO stream integrations in Json (#3152)

Changelog

Sourced from org.jetbrains.kotlinx:kotlinx-serialization-json's changelog.

1.11.0 / 2026-04-10

This release is based on Kotlin 2.3.20 and provides new Json exceptions API and some bugfixes and improvements.

Expose Json exceptions structure

To make working with exceptions easier and providing proper error codes in e.g., REST APIs, classes JsonException, JsonDecodingException, and JsonEncodingException are now public. They have relevant public properties, such as shortMessage, path, offset, and others. This API is currently experimental, and we're going to improve it further in the subsequent releases. See the linked issues for the details: #1930, #1877.

Ability to hide user input from exception messages for security/privacy reasons.

Historically, exception messages in kotlinx.serialization often included the input Json itself for debuggability reason. Such behavior may pose additional challenges for logging, analytics, and other systems, since a system is not always allowed to store user data due to privacy/security reasons, which imposes additional sanitation logic. To address this issue, a new property exceptionsWithDebugInfo is added to JsonConfiguration. Disable it to hide user input from exception messages. IMPORTANT: This behavior will be enabled by default when this property becomes stable. See #2590 for more details.

Bugfixes and improvements

• CBOR: Relax value range check when decoding numbers (#3167)
• Use a specialized writeDecimalLong method for IO stream integrations in Json (#3152)

Commits

• 6956af2 Prepare 1.11 release
• 390d84c Merge remote-tracking branch 'origin/master' into dev
• 431fe2d Use local repo for publishing (#3171)
• 05c12b6 Add usage attribute to "testRepositories" configuration
• a4e1f08 Bump Kover version to 0.9.8 release (#3174)
• 304e858 Expose Json exceptions structure (#3145)
• 4a0338e Included G Play SDK verification file for core-jvm (#3169)
• 421f64c CBOR: Relax value range check when decoding numbers (#3167)
• 85a4f12 KT-84955: mark apple x64 tagets as deprecated error
• bd38b0e Remove dead code
• Additional commits viewable in compare view

Updates io.modelcontextprotocol:kotlin-sdk from 0.10.0 to 0.11.1

Release notes

Sourced from io.modelcontextprotocol:kotlin-sdk's releases.

0.11.1

Description

Fixes an SSE stream crash on Netty when clients connect to the Streamable HTTP GET endpoint.

Fixed

• Fixed GET SSE stream crash on Netty in Streamable HTTP where appendSseHeaders() was called after response headers were already committed, causing UnsupportedOperationException and client retry loops by @​devcrocod in #681

Dependencies

• mcp-kotlin to v0.11.0 in #672, #673, #675, #676
• Ktor BOM to v3.3.3 in #650, #653, #656
• Kotest assertions to v6.1.11 in #674
• anthropic-java to v2.19.0 in #671
• @​modelcontextprotocol/sdk to v1.29.0, @​types/node update in #677
• hono to v4.12.12 in #680
• @​hono/node-server to v1.19.13 in #679

Full Changelog: modelcontextprotocol/kotlin-sdk@0.11.0...0.11.1

0.11.0

Adds URL-mode elicitation with typed schema definitions, configurable server payload size limits, and upgrades core dependencies to Kotlin 2.3.

Breaking Changes

ElicitRequestParams is now a sealed interface by @​devcrocod in #660

Restructured to support both form-based and URL-based elicitation modes per the MCP specification. ElicitRequestParams changed from a data class to a sealed interface with two variants: ElicitRequestFormParams and ElicitRequestUrlParams. A deprecated factory function preserves source compatibility for existing calls.

- val params = ElicitRequestParams(message = "...", requestedSchema = schema)
+ val params = ElicitRequestFormParams(message = "...", requestedSchema = schema)

RequestedSchema.properties type changed by @​devcrocod in #660

Changed from JsonObject to Map<String, PrimitiveSchemaDefinition> for type safety.

macosX64 target removed by @​devcrocod in #625

The macosX64 native target was removed following its deprecation in Kotlin 2.2 and scheduled removal in Kotlin 2.3. Use macosArm64 instead.

Features

• URL-mode elicitation and typed PrimitiveSchemaDefinition hierarchy aligned with MCP specification by @​devcrocod in #660
• Configurable max request payload size for StreamableHttpServerTransport via Configuration.maxRequestBodySize by @​jskjw157 in #646
• Auto-install ContentNegotiation with McpJson in mcp(), mcpStreamableHttp(), and mcpStatelessStreamableHttp() — users no longer need to configure JSON serialization manually (#664) by @​kpavlov in
  #665
• notifications/elicitation/complete notification from server to client for out-of-band elicitation completion by

... (truncated)

Commits

• f02f5d3 release: bump mcp kotlin-sdk version to 0.11.1 (#682)
• 8a7f9f8 fix(server): GET SSE stream crash on Netty in Streamable HTTP (#681)
• cceca4d chore(deps): bump io.ktor:ktor-bom from 3.2.3 to 3.3.3 in /samples/kotlin-mcp...
• 12171dc chore(deps): bump hono from 4.12.9 to 4.12.12 in /integration-test/src/jvmTes...
• 66d1795 chore(deps): bump @​hono/node-server from 1.19.11 to 1.19.13 in /integration-t...
• 8442ab8 chore(deps): bump com.anthropic:anthropic-java from 2.18.0 to 2.19.0 in /samp...
• 20ac69f chore(deps): bump mcp-kotlin from 0.10.0 to 0.11.0 in /samples/simple-streama...
• 4144db6 chore(deps): bump io.modelcontextprotocol:kotlin-sdk-client from 0.10.0 to 0....
• 3f7f499 chore(deps): bump mcp-kotlin from 0.10.0 to 0.11.0 in /samples/kotlin-mcp-ser...
• 7c87ed1 chore(deps): bump the kotest group with 3 updates (#674)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions