Skip to content

chore: bump the gradle-updates group across 1 directory with 5 updates#105

Merged
cloudshiftchris merged 1 commit into
mainfrom
dependabot/gradle/gradle-updates-3074deb4d5
Oct 4, 2025
Merged

chore: bump the gradle-updates group across 1 directory with 5 updates#105
cloudshiftchris merged 1 commit into
mainfrom
dependabot/gradle/gradle-updates-3074deb4d5

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 21, 2025

Copy link
Copy Markdown
Contributor

Bumps the gradle-updates group with 5 updates in the / directory:

Package From To
com.google.crypto.tink:tink 1.17.0 1.18.0
com.fasterxml.jackson:jackson-bom 2.19.1 2.19.2
com.squareup.okhttp3:okhttp-bom 5.0.0-alpha.16 5.1.0
io.mockk:mockk 1.14.2 1.14.5
com.diffplug.spotless 7.0.4 7.2.0

Updates com.google.crypto.tink:tink from 1.17.0 to 1.18.0

Release notes

Sourced from com.google.crypto.tink:tink's releases.

Tink Java v1.18.0

Tink is a multi-language, cross-platform library that provides simple and misuse-proof APIs for common cryptographic tasks.

This is Tink Java 1.18.0

The complete list of changes since 1.17.0 can be found here.

Dropped support

  • Tink Android no longer supports API level 21 and 22. From Tink 1.18.0, the minimum API level is 23.

  • Removed Registry.wrap. This API cannot have been used by users: the PrimitiveSet needed for it was already moved to internal in Tink 1.13.0.

New Features

  • Use Conscrypt's implementation of Ed25519 when available.

  • Improved performance of AES-GCM-SIV.

  • Tink now provides a flag GlobalTinkFlags.validateKeysetsOnParsing(). If set to true, Tink will run certain validations on a keyset before it creates a KeysetHandle. We plan to flip the default of this flag to true in Tink 2.0.

Bug fixes

  • AeadConfig.register() now always registers AES-GCM-SIV. If it's not supported by the registered JCE Providers, it will fail when the primitive is created.

  • The Aead implementation returned by com.google.crypto.tink.integration.android.AndroidKeystore.getAead() created invalid ciphertexts on Android API version 28 and older when the input was larger than 128kB. Now, it throws an exception instead.

  • JwtHmacKey, LegacyKmsAeadKey, and LegacyKmsEnvelopeAeadKey are now final. These cannot be properly subclassed as this would break equalsKey.

Obscure behaviour changes

  • Primitive creation of AES-GCM-SIV now will fail if the algorithm is not available. Previously, this used to work with some Configurations succeeding and the primitive then failed when encrypt or decrypt was called.

Future work

To see what we're working towards, check our

... (truncated)

Commits
  • 50ca1dd Bump tink-java version to 1.18.0
  • 230f661 Simplify AES-EAX.
  • 16c9356 Add a helper class which we might use in the future to provide HPKE backed by...
  • 00de94d Do not allow "null" for info in decryptAuthenticatedWithEncapsulatedKeyAndP25...
  • fc8d8ed Add a helper class which we might use in the future to provide HPKE backed by...
  • 1b3af0a Add option to pass additional mount flag to docker run command.
  • 633eff2 Add another test based on the vectors in HpkeTestUtil.
  • 7781039 Add a helper class which we might use in the future to provide HPKE backed by...
  • 3880d1c Automated Code Change
  • c78de3f Rename "run_command.sh" to "docker_execute.sh".
  • Additional commits viewable in compare view

Updates com.fasterxml.jackson:jackson-bom from 2.19.1 to 2.19.2

Commits
  • d36caaf [maven-release-plugin] prepare release jackson-bom-2.19.2
  • 53b24d1 Prep for 2.19.2 release
  • 833ee01 Merge pull request #107 from FasterXML/tatu/2.19/backport-106-from-2.20
  • c146c75 Backport #106 from 2.20 to 2.19(.2)
  • e7c8ef3 Update jackson-parent dep
  • ec00ff9 Merge branch '2.18' into 2.19
  • 4e23492 Update jackson-parent version
  • 6417767 Back to snapshot dep
  • 4f37a5c [maven-release-plugin] prepare for next development iteration
  • See full diff in compare view

Updates com.squareup.okhttp3:okhttp-bom from 5.0.0-alpha.16 to 5.1.0

Changelog

Sourced from com.squareup.okhttp3:okhttp-bom's changelog.

Version 5.1.0

2025-07-07

  • New: Response.peekTrailers(). When we changed Response.trailers() to block instead of throwing in 5.0.0, we inadvertently removed the ability for callers to peek the trailers (by catching the IllegalStateException if they weren't available). This new API restores that capability.

  • Fix: Don't crash on trailers() if the response doesn't have a body. We broke [Retrofit] users who read the trailers on the raw() OkHttp response, after its body was decoded.

Version 5.0.0

2025-07-02

This is our first stable release of OkHttp since 2023. Here's the highlights if you're upgrading from OkHttp 4.x:

OkHttp is now packaged as separate JVM and Android artifacts. This allows us to offer platform-specific features and optimizations. If your build system handles [Gradle module metadata], this change should be automatic.

MockWebServer has a new coordinate and package name. We didn’t like that our old artifact depends on JUnit 4 so the new one doesn’t. It also has a better API built on immutable values. (We intend to continue publishing the old okhttp3.mockwebserver artifact so there’s no urgency to migrate.)

Coordinate Package Name Description
com.squareup.okhttp3:mockwebserver3:5.0.0 mockwebserver3 Core module. No JUnit dependency!
com.squareup.okhttp3:mockwebserver3-junit4:5.0.0 mockwebserver3.junit4 Optional JUnit 4 integration.
com.squareup.okhttp3:mockwebserver3-junit5:5.0.0 mockwebserver3.junit5 Optional JUnit 5 integration.
com.squareup.okhttp3:mockwebserver:5.0.0 okhttp3.mockwebserver Obsolete. Depends on JUnit 4.

OkHttp now supports Happy Eyeballs ([RFC 8305][rfc_8305]) for IPv4+IPv6 networks. It attempts both IPv6 and IPv4 connections concurrently, keeping whichever connects first.

We’ve improved our Kotlin APIs. You can skip the builder:

val request = Request(
  url = "https://cash.app/".toHttpUrl(),
)

OkHttp now supports [GraalVM].

Here’s what has changed since 5.0.0-alpha.17:

... (truncated)

Commits

Updates io.mockk:mockk from 1.14.2 to 1.14.5

Release notes

Sourced from io.mockk:mockk's releases.

1.14.5

What's Changed

New Contributors

Full Changelog: mockk/mockk@1.14.4...1.14.5

1.14.4

This release is functionally equivalent to v1.14.3, I just wanted to try out the new publishing process that uses Maven Central instead of OSSRH.

Full Changelog: mockk/mockk@1.14.3...1.14.4

1.14.3

What's Changed

New Contributors

Full Changelog: mockk/mockk@1.14.2...1.14.3

Commits
  • 4982eda Version bump
  • 290312e Merge pull request #1413 from Komdosh/master
  • dadf4ec Merge pull request #1399 from Minseok-2001/bdd
  • ef31e7d docs: Remove colon from BDD style section in README
  • ea45e43 docs: Add BDD style usage and aliases to README
  • cd08da0 fix: downgrade byte-buddy to 1.5.11 to be compatible with current android bui...
  • ab602a9 test: Add Android instrumentation tests for BDD API
  • 4880451 chore: Add AndroidManifest.xml for mockk-bdd-android module
  • 50c716b chore: Add mockk-bdd-android.api file
  • dd2f484 Clear a warning on android builds
  • Additional commits viewable in compare view

Updates com.diffplug.spotless from 7.0.4 to 7.2.0

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the gradle-updates group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [com.google.crypto.tink:tink](https://github.com/tink-crypto/tink-java) | `1.17.0` | `1.18.0` |
| [com.fasterxml.jackson:jackson-bom](https://github.com/FasterXML/jackson-bom) | `2.19.1` | `2.19.2` |
| [com.squareup.okhttp3:okhttp-bom](https://github.com/square/okhttp) | `5.0.0-alpha.16` | `5.1.0` |
| [io.mockk:mockk](https://github.com/mockk/mockk) | `1.14.2` | `1.14.5` |
| com.diffplug.spotless | `7.0.4` | `7.2.0` |



Updates `com.google.crypto.tink:tink` from 1.17.0 to 1.18.0
- [Release notes](https://github.com/tink-crypto/tink-java/releases)
- [Commits](tink-crypto/tink-java@v1.17.0...v1.18.0)

Updates `com.fasterxml.jackson:jackson-bom` from 2.19.1 to 2.19.2
- [Commits](FasterXML/jackson-bom@jackson-bom-2.19.1...jackson-bom-2.19.2)

Updates `com.squareup.okhttp3:okhttp-bom` from 5.0.0-alpha.16 to 5.1.0
- [Changelog](https://github.com/square/okhttp/blob/master/CHANGELOG.md)
- [Commits](square/okhttp@parent-5.0.0-alpha.16...parent-5.1.0)

Updates `io.mockk:mockk` from 1.14.2 to 1.14.5
- [Release notes](https://github.com/mockk/mockk/releases)
- [Commits](mockk/mockk@1.14.2...1.14.5)

Updates `com.diffplug.spotless` from 7.0.4 to 7.2.0

---
updated-dependencies:
- dependency-name: com.google.crypto.tink:tink
  dependency-version: 1.18.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gradle-updates
- dependency-name: com.fasterxml.jackson:jackson-bom
  dependency-version: 2.19.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gradle-updates
- dependency-name: com.squareup.okhttp3:okhttp-bom
  dependency-version: 5.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gradle-updates
- dependency-name: io.mockk:mockk
  dependency-version: 1.14.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gradle-updates
- dependency-name: com.diffplug.spotless
  dependency-version: 7.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gradle-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot requested a review from cloudshiftchris July 21, 2025 15:53
@dependabot @github

dependabot Bot commented on behalf of github Jul 21, 2025

Copy link
Copy Markdown
Contributor Author

The reviewers field in the dependabot.yml file will be removed soon. Please use the code owners file to specify reviewers for Dependabot PRs. For more information, see this blog post.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Jul 21, 2025
@dependabot @github

dependabot Bot commented on behalf of github Aug 18, 2025

Copy link
Copy Markdown
Contributor Author

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot rebase.

@cloudshiftchris cloudshiftchris merged commit 2b76638 into main Oct 4, 2025
2 of 3 checks passed
@cloudshiftchris cloudshiftchris deleted the dependabot/gradle/gradle-updates-3074deb4d5 branch October 4, 2025 14:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file java Pull requests that update Java code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant