chore: bump the gradle-updates group across 1 directory with 8 updates

[dependabot]

Bumps the gradle-updates group with 8 updates in the / directory:

Package	From	To
ch.qos.logback:logback-classic	1.5.18	1.5.19
org.apache.maven:maven-artifact	3.9.10	3.9.11
io.github.oshai:kotlin-logging-jvm	7.0.7	7.0.13
com.google.guava:guava	33.4.8-jre	33.5.0-jre
io.ktor:ktor-bom	3.1.3	3.3.0
com.fleeksoft.ksoup:ksoup	0.2.4	0.2.5
com.vanniktech.maven.publish.base	0.32.0	0.34.0
com.ncorti.ktfmt.gradle	0.22.0	0.24.0

Updates ch.qos.logback:logback-classic from 1.5.18 to 1.5.19

Release notes

Sourced from ch.qos.logback:logback-classic's releases.

Logback 1.5.19

2025-09-30 Release of logback version 1.5.19

• Disallow "new" operator in the condition attribute of <if> elements. This fixes an ACE vulnerability recorded as CVE-2025-11226.

• At initialization time, slightly better reporting about watched configuration files.

• Softer message regarding usage of ConsoleAppender and its potential impact on performance.

• In ViewStatusMessagesServlet, restrict processing of "Clear" button to POST method. This change was proposed by Ralf Wiebicke who also provided the relevant PR.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit e572d4f87f06674788eb3ca7148e8d1dffc615fa associated with the tag v_1.5.19. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Commits

• e572d4f skip deployment of blackbox and example modules, published as version 1.5.9
• 4adae8b add plugin for Maven Central deployment
• ee70cf4 prepare release 1.5.19
• 20802cf mindor javadoc changes
• 8116069 comment out code in COWArrayListConcurrencyTest to make IDE happy
• 7f65340 minor changes
• 8d2262d soften warning on using ConsoleAppender
• c76fed3 ViewStatusMessagesServlet requires method POST for button 'Clear' (#971)
• 61f6a25 disallow new in if condition attribute in config files
• a07cfd5 logback-core: fix spelling errors (#956)
• Additional commits viewable in compare view

Updates org.apache.maven:maven-artifact from 3.9.10 to 3.9.11

Updates io.github.oshai:kotlin-logging-jvm from 7.0.7 to 7.0.13

Release notes

Sourced from io.github.oshai:kotlin-logging-jvm's releases.

7.0.13

What's Changed

• Bump actions/cache from 4.2.3 to 4.2.4 by @​dependabot[bot] in oshai/kotlin-logging#549
• Bump org.mockito:mockito-core from 5.18.0 to 5.19.0 by @​dependabot[bot] in oshai/kotlin-logging#555
• Bump actions/first-interaction from 2 to 3 by @​dependabot[bot] in oshai/kotlin-logging#553
• Bump actions/checkout from 4 to 5 by @​dependabot[bot] in oshai/kotlin-logging#552
• fix: regenerate gradle wrapper for 8.13 validation by @​oshai in oshai/kotlin-logging#557
• feat: add wasmWasi target with console appender and tests by @​oshai in oshai/kotlin-logging#551

Full Changelog: oshai/kotlin-logging@7.0.12...7.0.13

7.0.12

What's Changed

• kotlin version back to 2.1.21 by @​oshai in oshai/kotlin-logging#547

Full Changelog: oshai/kotlin-logging@7.0.11...7.0.12

7.0.11

What's Changed

• extract DarwinFormatter and add test by @​oshai in oshai/kotlin-logging#394
• fix linux test by @​oshai in oshai/kotlin-logging#542
• Bump junit from 5.9.2 to 5.13.4 by @​dependabot[bot] in oshai/kotlin-logging#536
• upgrade gradle from 8.12 to 8.13 by @​oshai in oshai/kotlin-logging#544
• Bump com.android.library from 8.10.0 to 8.11.1 by @​dependabot[bot] in oshai/kotlin-logging#527
• fix build warning by @​oshai in oshai/kotlin-logging#545

Full Changelog: oshai/kotlin-logging@7.0.10...7.0.11

7.0.10

Full Changelog: oshai/kotlin-logging@7.0.9...7.0.10

7.0.9

Full Changelog: oshai/kotlin-logging@7.0.8...7.0.9

7.0.8

What's Changed

• Bump ch.qos.logback:logback-classic from 1.5.11 to 1.5.18 by @​dependabot[bot] in oshai/kotlin-logging#505
• Bump log4j from 2.22.0 to 2.24.3 by @​dependabot[bot] in oshai/kotlin-logging#504
• Bump coroutines from 1.8.0 to 1.10.2 by @​dependabot[bot] in oshai/kotlin-logging#502
• Bump org.mockito:mockito-core from 4.11.0 to 5.17.0 by @​dependabot[bot] in oshai/kotlin-logging#501
• Bump org.graalvm.sdk:nativeimage from 24.2.0 to 24.2.1 by @​dependabot[bot] in oshai/kotlin-logging#503
• Bump slf4j from 2.0.13 to 2.0.17 by @​dependabot[bot] in oshai/kotlin-logging#506
• Bump net.logstash.logback:logstash-logback-encoder from 8.0 to 8.1 by @​dependabot[bot] in oshai/kotlin-logging#507
• Bump com.android.library from 8.9.1 to 8.9.2 by @​dependabot[bot] in oshai/kotlin-logging#511
• Bump jackson from 2.18.3 to 2.19.0 by @​dependabot[bot] in oshai/kotlin-logging#510
• Bump org.jetbrains.kotlin.multiplatform from 2.1.20 to 2.1.21 by @​dependabot[bot] in oshai/kotlin-logging#513
• Bump org.mockito:mockito-core from 5.17.0 to 5.18.0 by @​dependabot[bot] in oshai/kotlin-logging#514

... (truncated)

Commits

• 9867208 bump version to 7.0.14
• be2e531 feat: add wasmWasi target with console appender and tests (#551)
• 96ea134 fix: regenerate gradle wrapper for 8.13 validation
• bbbd165 Bump actions/checkout from 4 to 5
• 6df9a11 Bump actions/first-interaction from 2 to 3
• 1e91cf8 Bump org.mockito:mockito-core from 5.18.0 to 5.19.0
• 5948172 Bump actions/cache from 4.2.3 to 4.2.4
• 764f134 add comment for kotlin version
• f1795d5 bump version to 7.0.13
• 7dc9eaa kotlin version back to 2.1.21
• Additional commits viewable in compare view

Updates com.google.guava:guava from 33.4.8-jre to 33.5.0-jre

Release notes

Sourced from com.google.guava:guava's releases.

33.5.0

Maven

<dependency>
  <groupId>com.google.guava</groupId>
  <artifactId>guava</artifactId>
  <version>33.5.0-jre</version>
  <!-- or, for Android: -->
  <version>33.5.0-android</version>
</dependency>

Jar files

• 33.5.0-jre.jar
• 33.5.0-android.jar

Guava requires one runtime dependency, which you can download here:

• failureaccess-1.0.3.jar

Javadoc

• 33.5.0-jre
• 33.5.0-android

JDiff

• 33.5.0-jre vs. 33.4.8-jre
• 33.5.0-android vs. 33.4.8-android
• 33.5.0-android vs. 33.5.0-jre

Changelog

• Restored the Automatic-Module-Name to guava-android. (It, unlike, guava-jre, is not a proper module.) (7a04a8a955)
• For users of guava-gwt: Google has moved off GWT internally. We plan to continue to release guava-gwt for users of GWT and J2CL, but the artifact is no longer tested for GWT-specific issues, and we have limited resources to fix any unexpected issues that might arise. While we do not anticipate any specific problems, we can't guarantee how long support will continue.
• Increased our Android minSdkVersion to 23 (Marshmallow). This follows the minimum of Google's foundational Android libraries, and we expect it to have no practical impact on users. (5c23347cc1)
• Listed the JSpecify annotations as an optional dependency in our OSGi metadata. (2dfd572981)
• cache: Improved the handling of exceptions from compute functions in Cache.asMap(). (We do still recommend using Caffeine rather than com.google.common.cache.) (087f2c4a80)
• collect: Improved Iterators.mergeSorted() to preserve stability for equal elements. (4dc93be9a8)
• math: Added saturatedAbs methods to IntMath and LongMath. (ed0e518f20)
• net: Added image/avif to MediaType. (53344caba6)
• testing: Made CollectorTester available to Android users. (294c251079)
• util.concurrent: Added Striped.custom. (1586eb271d)

Commits

• See full diff in compare view

Updates io.ktor:ktor-bom from 3.1.3 to 3.3.0

Release notes

Sourced from io.ktor:ktor-bom's releases.

3.3.0

Published 11 September 2025

Features

• Support for server side http2 without tls (h2c) (KTOR-4750)
• OpenAPI generation build extension preview (KTOR-8721)
• Serve static resources with caching headers and ETag based on sha256 of content (KTOR-6700)
• Jetty engine: Upgrade Jetty dependencies to the latest version 12 (KTOR-6734)
• Static content: Support a custom respond logic if the file is not found (KTOR-8496)
• Upgrade OkHttp to version 5.0.0 (KTOR-8652)
• WebRTC Client, Android + WASM (KTOR-7958)

Improvements

• SSE: Cannot read response body from SSEClientException (KTOR-8165)
• SSE: "SSEClientException: Content-Length mismatch" on saving response body in DefaultResponseValidation (KTOR-8753)
• var Route.staticRootFolder: File? should be deprecated (KTOR-5836)
• Add image/bmp to the ContentType (KTOR-8735)
• Add some missing image content types (KTOR-8624)
• Upgrade to Kotlin 2.2 (KTOR-8647)
• Bump Kotlin API level to 2.2 (KTOR-8637)
• CIO: The engine ignores system proxy settings (KTOR-5922)

Bugfixes

• Performance regression when using ContentEncoding and HttpRequestRetry since 3.2.0 (KTOR-8820)
• Big number of simultaneous outbound web socket connections leads to a coroutine deadlock (KTOR-8829)
• DI: JobCancellationException during cleanup (KTOR-8785)
• Autoreloading: JobCancellationException when app is reloaded in the debugger since 3.2.0 (KTOR-8810)
• HttpRedirect: The client is redirected when no Location header in response (KTOR-8697)
• SerializationException when Application.propertyOrNull() is called with type Map<String, Any?> (KTOR-8781)
• "Failed resolution of: Ljava/lang/management/ManagementFactory" on Android when JvmGcMetrics are initialized (KTOR-8714)
• HttpCache: all header values but first in HttpResponse.varyKeys() are ignored (KTOR-6402)
• HttpCache: plugin selects wrong cache entry when filtering Vary headers with different case (KTOR-7621)
• CountedByteWriteChannel: autoFlush of the source channel doesn't make the channel auto flushing (KTOR-8411)

3.2.3

Published 29 July 2025

Improvements

• Server only accepts yaml as the configuration file suffix (KTOR-8712)
• JS / WASM error when process global is undefined (KTOR-8686)
• DI async duplicate resolution (KTOR-8681)

Bugfixes

• CIO: Expect 100-continue response is missing a final \r\n (KTOR-8687)
• Intermittent "ParserException: No colon in HTTP header" when parsing multipart request (KTOR-8523)
• Infinite loop in ByteReadChannel.readFully (KTOR-8682)
• ShutDownUrl: The server cannot shut down since 3.2.0 (KTOR-8674)

3.2.2

Published 14 July 2025

... (truncated)

Changelog

Sourced from io.ktor:ktor-bom's changelog.

3.3.0

Published 11 September 2025

Features

• Support for server side http2 without tls (h2c) (KTOR-4750)
• OpenAPI generation build extension preview (KTOR-8721)
• Serve static resources with caching headers and ETag based on sha256 of content (KTOR-6700)
• Jetty engine: Upgrade Jetty dependencies to the latest version 12 (KTOR-6734)
• Static content: Support a custom respond logic if the file is not found (KTOR-8496)
• Upgrade OkHttp to version 5.0.0 (KTOR-8652)
• WebRTC Client, Android + WASM (KTOR-7958)

Improvements

• SSE: Cannot read response body from SSEClientException (KTOR-8165)
• SSE: "SSEClientException: Content-Length mismatch" on saving response body in DefaultResponseValidation (KTOR-8753)
• var Route.staticRootFolder: File? should be deprecated (KTOR-5836)
• Add image/bmp to the ContentType (KTOR-8735)
• Add some missing image content types (KTOR-8624)
• Upgrade to Kotlin 2.2 (KTOR-8647)
• Bump Kotlin API level to 2.2 (KTOR-8637)
• CIO: The engine ignores system proxy settings (KTOR-5922)

Bugfixes

• Performance regression when using ContentEncoding and HttpRequestRetry since 3.2.0 (KTOR-8820)
• Big number of simultaneous outbound web socket connections leads to a coroutine deadlock (KTOR-8829)
• DI: JobCancellationException during cleanup (KTOR-8785)
• Autoreloading: JobCancellationException when app is reloaded in the debugger since 3.2.0 (KTOR-8810)
• HttpRedirect: The client is redirected when no Location header in response (KTOR-8697)
• SerializationException when Application.propertyOrNull() is called with type Map<String, Any?> (KTOR-8781)
• "Failed resolution of: Ljava/lang/management/ManagementFactory" on Android when JvmGcMetrics are initialized (KTOR-8714)
• HttpCache: all header values but first in HttpResponse.varyKeys() are ignored (KTOR-6402)
• HttpCache: plugin selects wrong cache entry when filtering Vary headers with different case (KTOR-7621)
• CountedByteWriteChannel: autoFlush of the source channel doesn't make the channel auto flushing (KTOR-8411)

3.2.3

Published 29 July 2025

Improvements

• Server only accepts yaml as the configuration file suffix (KTOR-8712)
• JS / WASM error when process global is undefined (KTOR-8686)
• DI async duplicate resolution (KTOR-8681)

Bugfixes

• CIO: Expect 100-continue response is missing a final \r\n (KTOR-8687)
• Intermittent "ParserException: No colon in HTTP header" when parsing multipart request (KTOR-8523)
• Infinite loop in ByteReadChannel.readFully (KTOR-8682)
• ShutDownUrl: The server cannot shut down since 3.2.0 (KTOR-8674)

... (truncated)

Commits

• b9abe31 Add changelog for 3.3.0 (#5081)
• 40eb608 Release 3.3.0 (#5076)
• 1324c4c Update netty.tcnative to v2.0.73.Final
• dbbbaee Update dependency io.swagger.parser.v3:swagger-parser to v2.1.33
• 55e77cf KTOR-8044 Get flaky tests under control
• fab7164 KTOR-8753 Change OkHttp specific sse session to default sse session (#5072)
• 6f0c34e Merge pull request #5069 from ktorio/zibet27/ktor-client-webrtc-android
• cb0bca4 Merge branch 'main' into zibet27/ktor-client-webrtc-android
• 1c9ecad KTOR-8785 Fix for DI shutdown hook
• e0d204c KTOR-8820 Performance regression when using ContentEncoding and HttpRequestRe...
• Additional commits viewable in compare view

Updates com.fleeksoft.ksoup:ksoup from 0.2.4 to 0.2.5

Release notes

Sourced from com.fleeksoft.ksoup:ksoup's releases.

0.2.5

🛠️ Build & Dependencies

• Kotlin 2.2.0, Ktor 3.2.2, Okio 3.16.0, kotlinx-io 0.8.0
• Gradle Wrapper updated to 8.14.3
• Removed deprecated: kotlin.native.ignoreIncorrectDependencies

🔬 CI & Compatibility

• GitHub Actions matrix: Java 17, 21, 24
• Expanded test coverage: unit, concurrency, edge cases

⚙️ Enhancements

• Improved DOM performance with childNodes cache
• Refactored iterators, attribute, and parser logic
• Build cleanup and code simplification

🐛 Bug Fixes

• Base URI resolution, text node whitespace, stream reader edge cases
• Maven publish ordering
• ✅ Resolved Bug #122

📚 Documentation

• Deprecated PseudoTextElement → use Element#selectNodes

Commits

• a5f0049 Merge pull request #123 from fleeksoft/develop
• 2db9641 chore(workflows): expand paths-ignore in test workflow to include common do...
• 083c4e9 chore(license): rename LICENSE.md to LICENSE
• 227c820 chore(workflows): update Gradle action to setup-gradle@v4 in deploy and tes...
• 14be11f docs(README): update Kotlin badge to version 2.2.0
• 445ac39 test: remove platform-specific test skips for JS and Wasm
• 36c384c fix(testHelper): update resource URL to point to develop branch instead of ...
• 992e83a chore(gradle): update libBuildType to core in gradle.properties
• 875fbd0 chore(deps): update library versions in libs.versions.toml
• 7027aa6 docs: update Notes.md with new Jsoup port log entry for performance tweak
• Additional commits viewable in compare view

Updates com.vanniktech.maven.publish.base from 0.32.0 to 0.34.0

Release notes

Sourced from com.vanniktech.maven.publish.base's releases.

0.34.0

• Added configuration cache support for publishing.
• Removed support for publishing through Sonatype OSSRH since it has been shut down. See the 0.33.0 release notes for upgrade instructions if you haven't upgraded yet.
  • SonatypeHost has been removed from the DSL.
  • SONATYPE_HOST only supports CENTRAL_PORTAL now. It's recommended to use the following properties instead:
    • mavenCentralPublishing=true replaces SONATYPE_HOST=CENTRAL_PORTAL.
    • mavenCentralAutomaticPublishing=true replaces SONATYPE_AUTOMATIC_RELEASE=true.
• Update the Central Portal Publisher APIs to the latest.
• It's now possible to mix SNAPSHOT versions and release versions when running publish tasks.
• Fixed Gradle's deprecation warning caused by invalid URI.
• Fixed check for the minimum supported Gradle version running too late in some cases.

Thanks to @​Goooler and @​solrudev for their contributions to this release.

Minimum supported versions

• JDK 11
• Gradle 8.5
• Android Gradle Plugin 8.0.0
• Kotlin Gradle Plugin 1.9.20

Compatibility tested up to

• JDK 24
• Gradle 8.14.3
• Gradle 9.0.0-rc2
• Android Gradle Plugin 8.11.1
• Android Gradle Plugin 8.12.0-alpha08
• Kotlin Gradle Plugin 2.2.0
• Kotlin Gradle Plugin 2.2.20-Beta1

0.33.0

[!CAUTION] Sonatype OSSRH (oss.sonatype.org and s01.oss.sonatype.org) will be shut down on June 30, 2025.

Migration steps:

1. Sign in to the Central Portal with your existing Sonatype account
2. Go to Namespaces and click "Migrate Namespace" for the relevant namespace. Confirm the migration and wait for it to complete.
3. Optional: If you want to publish snapshots of your project tap the 3 dots next to your namespace and select "Enable SNAPSHOTs"
4. Go to Account and select "Generate User Token". Use the shown "Username" and "Password" as values for mavenCentralUsername and mavenCentralPassword.
5. Configure this plugin to publish to Central Portal. Either update your SONATYPE_HOST property from DEFAULT or S01 to CENTRAL_PORTAL or call publishToMavenCentral()/publishToMavenCentral(automaticRelease) without a SonatypeHost parameter.

BREAKING

• publishToMavenCentral() and publishToMavenCentral(automaticRelease) without SonatypeHost will now publish through the Central Portal.

... (truncated)

Changelog

Sourced from com.vanniktech.maven.publish.base's changelog.

0.34.0 (2025-07-13)

• Added configuration cache support for publishing.
• Removed support for publishing through Sonatype OSSRH since it has been shut down. See the 0.33.0 release notes for upgrade instructions if you haven't upgraded yet.
  • SonatypeHost has been removed from the DSL.
  • SONATYPE_HOST only supports CENTRAL_PORTAL now. It's recommended to use the following properties instead:
    • mavenCentralPublishing=true replaces SONATYPE_HOST=CENTRAL_PORTAL.
    • mavenCentralAutomaticPublishing=true replaces SONATYPE_AUTOMATIC_RELEASE=true.
• Update the Central Portal Publisher APIs to the latest.
• It's now possible to mix SNAPSHOT versions and release versions when running publish tasks.
• Fixed Gradle's deprecation warning caused by invalid URI.
• Fixed check for the minimum supported Gradle version running too late in some cases.

Thanks to @​Goooler and @​solrudev for their contributions to this release.

Minimum supported versions

• JDK 11
• Gradle 8.5
• Android Gradle Plugin 8.0.0
• Kotlin Gradle Plugin 1.9.20

Compatibility tested up to

• JDK 24
• Gradle 8.14.3
• Gradle 9.0.0-rc2
• Android Gradle Plugin 8.11.1
• Android Gradle Plugin 8.12.0-alpha08
• Kotlin Gradle Plugin 2.2.0
• Kotlin Gradle Plugin 2.2.20-Beta1

0.33.0 (2025-06-22)

[!CAUTION] Sonatype OSSRH (oss.sonatype.org and s01.oss.sonatype.org) will be shut down on June 30, 2025.

Migration steps:

1. Sign in to the Central Portal with your existing Sonatype account.
2. Go to Namespaces and click "Migrate Namespace" for the relevant namespace. Confirm the migration and wait for it to complete.
3. Optional: If you want to publish snapshots of your project tap the 3 dots next to your namespace and select "Enable SNAPSHOTs".
4. Go to Account and select "Generate User Token". Use the shown "Username" and "Password" as values for mavenCentralUsername and mavenCentralPassword.
5. Configure this plugin to publish to Central Portal. Either update your SONATYPE_HOST property from DEFAULT or S01 to CENTRAL_PORTAL or call publishToMavenCentral()/publishToMavenCentral(automaticRelease) without a SonatypeHost parameter.

... (truncated)

Commits

• 544def9 use rc5
• 2bedb3c Revert "use rc4"
• 4d56546 add back ScalarsConverterFactory
• c9c569a use rc4
• d2f2742 missing mkdirs
• 911ada6 Revert "use rc3"
• 48b838a use rc3
• a3fcd77 add missing createNewFile
• 42811ba create prerelease release notes
• a131f23 Revert "use rc2"
• Additional commits viewable in compare view

Updates com.ncorti.ktfmt.gradle from 0.22.0 to 0.24.0

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions