Skip to content

build(deps): bump the gradle-dependencies group across 1 directory with 18 updates#14

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/gradle/gradle-dependencies-01f0bd782b
Open

build(deps): bump the gradle-dependencies group across 1 directory with 18 updates#14
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/gradle/gradle-dependencies-01f0bd782b

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 3, 2026

Copy link
Copy Markdown
Contributor

Bumps the gradle-dependencies group with 18 updates in the / directory:

Package From To
dev.panuszewski.typesafe-conventions 0.5.1 0.11.1
gradle-wrapper 9.3.1 9.5.1
org.http4k:http4k-bom 5.38.0.0 6.51.0.0
com.fasterxml.jackson.core:jackson-databind 2.21.0 2.22.0
org.junit.jupiter:junit-jupiter-api 5.14.2 6.1.0
org.junit.jupiter:junit-jupiter-engine 5.14.2 6.1.0
org.junit.jupiter:junit-jupiter-params 5.14.2 6.1.0
io.github.oshai:kotlin-logging-jvm 8.0.01 8.0.4
ch.qos.logback:logback-classic 1.5.32 1.5.34
io.mockk:mockk 1.14.9 1.14.11
org.mock-server:mockserver-netty-no-dependencies 5.15.0 6.1.0
io.rest-assured:rest-assured 5.5.7 6.0.0
io.swagger.parser.v3:swagger-parser-v3 2.1.41 2.1.43
org.graalvm.buildtools.native 0.11.4 1.1.1
org.jetbrains.kotlin.jvm 2.3.10 2.4.0
org.jetbrains.kotlin.plugin.power-assert 2.3.10 2.4.0
org.jetbrains.kotlin.plugin.spring 2.3.10 2.4.0
org.springframework.boot 3.5.7 4.0.6

Updates dev.panuszewski.typesafe-conventions from 0.5.1 to 0.11.1

Updates gradle-wrapper from 9.3.1 to 9.5.1

Release notes

Sourced from gradle-wrapper's releases.

9.5.1

The Gradle team is excited to announce Gradle 9.5.1.

Here are the highlights of this release:

  • Task provenance in reports and failure messages
  • Type-safe accessors for precompiled Kotlin Settings plugins

Read the Release Notes

We would like to thank the following community members for their contributions to this release of Gradle: atm1020, mataha, Adam, Attila Kelemen, Benedikt Ritter, Björn Kautler, Caro Silva Rode, CHANHAN, Dmitry Nezavitin, Eng Zer Jun, KugelLibelle, Madalin Valceleanu, Markus Gaisbauer, Oliver Kopp, Philip Wedemann, ploober, Roberto Perez Alcolea, Rohit Anand, Suvrat Acharya, Ujwal Suresh Vanjare, Victor Merkulov

Upgrade instructions

Switch your build to use Gradle 9.5.1 by updating your wrapper:

./gradlew wrapper --gradle-version=9.5.1 && ./gradlew wrapper

See the Gradle 9.x upgrade guide to learn about deprecations, breaking changes and other considerations when upgrading.

For Java, Groovy, Kotlin and Android compatibility, see the full compatibility notes.

Reporting problems

If you find a problem with this release, please file a bug on GitHub Issues adhering to our issue guidelines. If you're not sure you're encountering a bug, please use the forum.

We hope you will build happiness with Gradle, and we look forward to your feedback via Twitter or on GitHub.

9.5.0

... (truncated)

Commits
  • fd78213 Update Documentation Infrastructure: Fix scrolling issue in user manual (#37861)
  • 7758437 fix scroll
  • 2fd605f Only try to run as worker thread in DefaultBuildOperationQueue (#37845)
  • af69849 Release notes for Gradle 9.5.1 (#37853)
  • f4d9d03 Release notes for Gradle 9.5.1
  • 01eda3a Address review feedback on worker-lease retry changes
  • 7024e15 Revert enrich file visitor with size info on release branch (#37848)
  • d51476f Fix tryRunAsWorkerThread null-return test to match contract
  • 090ebab Revert "Add getLength() to FilePropertyVisitor.VisitState"
  • bceab24 Revert "Fix annotation"
  • Additional commits viewable in compare view

Updates org.http4k:http4k-bom from 5.38.0.0 to 6.51.0.0

Release notes

Sourced from org.http4k:http4k-bom's releases.

6.51.0.0

Changelog:

  • http4k-*: Upgrade versions
  • http4k-server-netty: [Unlikely Break] Add websocket heartbeat monitor. H/T @​oharaandrew314
  • http4k-security-digest: [Unlikely Break] DigestAuthReceiver to generate challenge response with correct URI. H/T @​oharaandrew314
  • http4k-core: Adds a maxDecompressedSize: Long parameter to RequestFilters.GunZip, ResponseFilters.GunZip, ServerFilters.GZip, ServerFilters.GZipContentTypes, ClientFilters.GZip, ClientFilters.AcceptGZip, and the underlying Body.gunzippedStream.

6.50.0.0

Changelog:

  • http4k-template-pug4j: [Unlikely break] Pug4jTemplates.HotReload now canonicalizes the resolved template path against baseTemplateDir and rejects any ViewModel.template() that escapes the base.
  • http4k-security-digest: [Unlikely break] DigestAuthProvider.verify now also rejects credentials whose uri parameter does not match the actual request URL.
  • http4k-ai-mcp-*: [Unlikely Break] MCP session and message IDs now derive from SecureRandom by default.
  • http4k-security-oauth: [Unlikely break] OAuth server now persists a nonce for any openid scope (previously only CodeIdToken) and validateNonceAfterToken fail-closes when the token-endpoint id_token is missing or its nonce mismatches.
  • http4k-format-xml: [Unlikely break] defaultXmlParsingConfig now sets disallow-doctype-decl and FEATURE_SECURE_PROCESSING, so Body.xml()/asXmlDocument() reject any document with a <!DOCTYPE>.
  • http4k-webhook: [Unlikely break] ServerFilters.VerifyWebhookSignature now also rejects messages whose webhook-timestamp is more than tolerance away from clock.instant() (default tolerance 5.minutes, clock Clock.systemUTC()), per the Standard Webhooks scheme. Captures of valid webhooks can no longer be replayed indefinitely. Pass a Clock.fixed(...) to control timing in tests.
  • http4k-multipart: [Unlikely break] MultipartFormBody.from, multipartIterator() and Body.multipartForm(...) cap the body at 10MB and 1000 parts by default. Pass maxStreamLength/maxPartCount to override.
  • http4k-serverless-lambda: [Unlikely break] Single-value headers from API Gateway/ALB events are no longer split on commas; values that legitimately contain commas (e.g. X-Forwarded-For: client, proxy1, proxy2) now reach the handler intact. True multi-values continue to flow via multiValueHeaders.
  • http4k-connect-github: [Fix] Header.X_HUB_SIGNATURE_256 lens no longer crashes on an X-Hub-Signature-256 header missing the sha256= prefix; VerifyGitHubSignatureSha256 now returns 401 for malformed signatures instead of 500.
  • http4k-ai-llm-azure: [Fix] AzureClient now attaches the API key as an outbound Authorization: Bearer header (was wired to the inbound ServerFilters.BearerAuth checker.
  • http4k-config: [Fix] Secret.toString() and Secret.hashCode() no longer expose a stable hash of the plaintext (was Secret(hashcode = <Arrays.hashCode-of-plaintext>)); Secret.equals returns false for non-Secret inputs instead of throwing ClassCastException.
  • http4k-multipart: [Fix] A multipart part whose first header line begins with whitespace (a folded-header continuation with nothing to continue) now raises a ParseError instead of crashing with NullPointerException.
  • http4k-ops-opentelemetry: [Fix] OpenTelemetry tracing strips user:pass@ userInfo from request URIs before writing them to span attributes (url.full, legacy http.url) and the default span name, so basic-auth-in-URL credentials no longer reach the tracing backend.
  • http4k-security-oauth: [Fix] Server-side PKCE is now enforced — code_challenge is stored at authorize and an S256 code_verifier is required at token. code_challenge_method=plain is rejected per RFC 7636 §7.2.
  • http4k-security-oauth: [Fix] Post-callback redirect strips scheme/authority and collapses leading / and \ runs, neutralizing open-redirects of the form //evil.com and /\evil.com.
  • http4k-security-oauth: [Fix] AuthRequest is re-validated at AuthenticationComplete; CSRF/nonce compare is null/blank-safe; several redirectUri!! NPEs replaced with typed InvalidAuthorizationRequest.
  • http4k-security-oauth: Adds opt-in requirePkce: Boolean = false on OAuthServer. When true, every authorize/token exchange must use PKCE (recommended per RFC 9700).
  • http4k-security-oauth: [Fix] AuthServerDiscovery rejects a scheme-less resource pointing at root.
  • http4k-security-oauth: requirePkce is exposed on the underlying GenerateAccessToken / GenerateAccessTokenForGrantType / AuthorizationCodeAccessTokenGenerator, mitigating potential PKCE downgrade.
  • http4k-security-digest: [Fix] DigestAuthProvider.verify now hashes with the configured algorithm instead of hardcoded MD5.
  • http4k-*: Secret-bearing value types are now hidden() so their raw value no longer surfaces in toString().

6.49.0.0

Changelog:

  • http4k-*: Upgrade versions
  • http4k-core: [Break] reverseProxy()/reverseProxyRouting() now default to Exact host matching instead of Contains, so a request Host header that merely contains a configured virtual host (e.g. host1.evil.com for vhost host1) no longer routes to it. Pass matcher = Contains to opt back into substring matching.
  • http4k-core: [Unlikely break] ExecutorService.withRequestTracing() applies a defaultTimeout (60s by default, configurable) to the untimed invokeAll/invokeAny so a slow or dead task can no longer pin pool threads indefinitely. No code change needed; only affects callers whose tasks legitimately ran longer than default.
  • http4k-core: [Unlikely break] Header.AUTHORIZATION_BASIC / Request.basicAuthentication() now return null for any malformed Basic credentials (wrong scheme, invalid base64, or no colon in the decoded value) instead of manufacturing Credentials("", ""). Lets callers reliably distinguish absent/invalid credentials from genuinely empty ones.
  • http4k-server-netty: [Unlikely break] Cap aggregated request body size at 10MB (was unbounded ~2GB) to prevent OOM; oversized requests now get a 413 Request Entity Too Large. Duplicate and modify the Netty class if you need a different limit.
  • http4k-core: [Unlikely break] Cap GZip decompression at 10MB (was unbounded) to prevent possible OOM; oversized requests through ServerFilters.GZip/RequestFilters.GunZip now get a 413 Request Entity Too Large, and decompressing elsewhere throws SizeLimitExceededException. Duplicate and modify the Gzip functions if you need a different limit.
  • http4k-core: [Unlikely break] ServerFilters.Cors no longer emits the spec-invalid Access-Control-Allow-Origin: * together with Access-Control-Allow-Credentials: true.
  • http4k-core: [Fix] bearerToken() extracts the token for any casing of the Bearer scheme (e.g. BEARER), instead of returning the raw header value.
  • http4k-core: [Fix] Improve safe path parsing in ResourceLoader.Classpath
  • http4k-core: [Deprecation] Add Sha256 (with hash and hmac) and deprecate HmacSha256, whose hash was misleadingly unkeyed SHA-256. Replace HmacSha256.hash/hmacSHA256 with Sha256.hash/Sha256.hmac.
  • http4k-connect-openfeature: [New module] Standard OpenFeature Remote Evaluation Protocol client
  • http4k-connect-openfeature-fake: [New module] Fake to setup and evaluate OpenFeature flags
  • http4k-ops-openfeature: [New module] Support for plugging OpenFeature into request chain, including typesafe lenses for extracting flags from prinicpal and context during request processing.
  • http4k-bridge-vertx: Stream request and response bodies instead of buffering.
  • http4k-bridge-ratpack: Stream request and response bodies instead of buffering.

6.48.0.0

... (truncated)

Changelog

Sourced from org.http4k:http4k-bom's changelog.

v6.51.0.0

  • http4k-*: Upgrade versions
  • http4k-server-netty: [Unlikely Break] Add websocket heartbeat monitor. H/T @​oharaandrew314
  • http4k-security-digest: [Unlikely Break] DigestAuthReceiver to generate challenge response with correct URI. H/T @​oharaandrew314
  • http4k-core: Adds a maxDecompressedSize: Long parameter to RequestFilters.GunZip, ResponseFilters.GunZip, ServerFilters.GZip, ServerFilters.GZipContentTypes, ClientFilters.GZip, ClientFilters.AcceptGZip, and the underlying Body.gunzippedStream.

v6.50.0.0

  • http4k-template-pug4j: [Unlikely break] Pug4jTemplates.HotReload now canonicalizes the resolved template path against baseTemplateDir and rejects any ViewModel.template() that escapes the base.
  • http4k-security-digest: [Unlikely break] DigestAuthProvider.verify now also rejects credentials whose uri parameter does not match the actual request URL.
  • http4k-ai-mcp-*: [Unlikely Break] MCP session and message IDs now derive from SecureRandom by default.
  • http4k-security-oauth: [Unlikely break] OAuth server now persists a nonce for any openid scope (previously only CodeIdToken) and validateNonceAfterToken fail-closes when the token-endpoint id_token is missing or its nonce mismatches.
  • http4k-format-xml: [Unlikely break] defaultXmlParsingConfig now sets disallow-doctype-decl and FEATURE_SECURE_PROCESSING, so Body.xml()/asXmlDocument() reject any document with a <!DOCTYPE>.
  • http4k-webhook: [Unlikely break] ServerFilters.VerifyWebhookSignature now also rejects messages whose webhook-timestamp is more than tolerance away from clock.instant() (default tolerance 5.minutes, clock Clock.systemUTC()), per the Standard Webhooks scheme. Captures of valid webhooks can no longer be replayed indefinitely. Pass a Clock.fixed(...) to control timing in tests.
  • http4k-multipart: [Unlikely break] MultipartFormBody.from, multipartIterator() and Body.multipartForm(...) cap the body at 10MB and 1000 parts by default. Pass maxStreamLength/maxPartCount to override.
  • http4k-serverless-lambda: [Unlikely break] Single-value headers from API Gateway/ALB events are no longer split on commas; values that legitimately contain commas (e.g. X-Forwarded-For: client, proxy1, proxy2) now reach the handler intact. True multi-values continue to flow via multiValueHeaders.
  • http4k-connect-github: [Fix] Header.X_HUB_SIGNATURE_256 lens no longer crashes on an X-Hub-Signature-256 header missing the sha256= prefix; VerifyGitHubSignatureSha256 now returns 401 for malformed signatures instead of 500.
  • http4k-ai-llm-azure: [Fix] AzureClient now attaches the API key as an outbound Authorization: Bearer header (was wired to the inbound ServerFilters.BearerAuth checker.
  • http4k-config: [Fix] Secret.toString() and Secret.hashCode() no longer expose a stable hash of the plaintext (was Secret(hashcode = <Arrays.hashCode-of-plaintext>)); Secret.equals returns false for non-Secret inputs instead of throwing ClassCastException.
  • http4k-multipart: [Fix] A multipart part whose first header line begins with whitespace (a folded-header continuation with nothing to continue) now raises a ParseError instead of crashing with NullPointerException.
  • http4k-ops-opentelemetry: [Fix] OpenTelemetry tracing strips user:pass@ userInfo from request URIs before writing them to span attributes (url.full, legacy http.url) and the default span name, so basic-auth-in-URL credentials no longer reach the tracing backend.
  • http4k-security-oauth: [Fix] Server-side PKCE is now enforced — code_challenge is stored at authorize and an S256 code_verifier is required at token. code_challenge_method=plain is rejected per RFC 7636 §7.2.
  • http4k-security-oauth: [Fix] Post-callback redirect strips scheme/authority and collapses leading / and \ runs, neutralizing open-redirects of the form //evil.com and /\evil.com.
  • http4k-security-oauth: [Fix] AuthRequest is re-validated at AuthenticationComplete; CSRF/nonce compare is null/blank-safe; several redirectUri!! NPEs replaced with typed InvalidAuthorizationRequest.
  • http4k-security-oauth: Adds opt-in requirePkce: Boolean = false on OAuthServer. When true, every authorize/token exchange must use PKCE (recommended per RFC 9700).
  • http4k-security-oauth: [Fix] AuthServerDiscovery rejects a scheme-less resource pointing at root.
  • http4k-security-oauth: requirePkce is exposed on the underlying GenerateAccessToken / GenerateAccessTokenForGrantType / AuthorizationCodeAccessTokenGenerator, mitigating potential PKCE downgrade.
  • http4k-security-digest: [Fix] DigestAuthProvider.verify now hashes with the configured algorithm instead of hardcoded MD5.
  • http4k-*: Secret-bearing value types are now hidden() so their raw value no longer surfaces in toString().

v6.49.0.0

  • http4k-*: Upgrade versions
  • http4k-core: [Break] reverseProxy()/reverseProxyRouting() now default to Exact host matching instead of Contains, so a request Host header that merely contains a configured virtual host (e.g. host1.evil.com for vhost host1) no longer routes to it. Pass matcher = Contains to opt back into substring matching.
  • http4k-core: [Unlikely break] ExecutorService.withRequestTracing() applies a defaultTimeout (60s by default, configurable) to the untimed invokeAll/invokeAny so a slow or dead task can no longer pin pool threads indefinitely. No code change needed; only affects callers whose tasks legitimately ran longer than default.
  • http4k-core: [Unlikely break] Header.AUTHORIZATION_BASIC / Request.basicAuthentication() now return null for any malformed Basic credentials (wrong scheme, invalid base64, or no colon in the decoded value) instead of manufacturing Credentials("", ""). Lets callers reliably distinguish absent/invalid credentials from genuinely empty ones.
  • http4k-server-netty: [Unlikely break] Cap aggregated request body size at 10MB (was unbounded ~2GB) to prevent OOM; oversized requests now get a 413 Request Entity Too Large. Duplicate and modify the Netty class if you need a different limit.
  • http4k-core: [Unlikely break] Cap GZip decompression at 10MB (was unbounded) to prevent possible OOM; oversized requests through ServerFilters.GZip/RequestFilters.GunZip now get a 413 Request Entity Too Large, and decompressing elsewhere throws SizeLimitExceededException. Duplicate and modify the Gzip functions if you need a different limit.
  • http4k-core: [Unlikely break] ServerFilters.Cors no longer emits the spec-invalid Access-Control-Allow-Origin: * together with Access-Control-Allow-Credentials: true.
  • http4k-core: [Fix] bearerToken() extracts the token for any casing of the Bearer scheme (e.g. BEARER), instead of returning the raw header value.
  • http4k-core: [Fix] Improve safe path parsing in ResourceLoader.Classpath
  • http4k-core: [Deprecation] Add Sha256 (with hash and hmac) and deprecate HmacSha256, whose hash was misleadingly unkeyed SHA-256. Replace HmacSha256.hash/hmacSHA256 with Sha256.hash/Sha256.hmac.
  • http4k-connect-openfeature: [New module] Standard OpenFeature Remote Evaluation Protocol client
  • http4k-connect-openfeature-fake: [New module] Fake to setup and evaluate OpenFeature flags
  • http4k-ops-openfeature: [New module] Support for plugging OpenFeature into request chain, including typesafe lenses for extracting flags from prinicpal and context during request processing.
  • http4k-bridge-vertx: Stream request and response bodies instead of buffering.
  • http4k-bridge-ratpack: Stream request and response bodies instead of buffering.

v6.48.0.0

  • http4k-*: Upgrade versions
  • http4k-security-digest: [Break] Remove default Nonce verifier option so avoid bad config
  • http4k-core: [Break] Deprecate BasicCookieStorage (rename to InsecureCookieStorage) and replace with RFC 6265 compliant DefaultCookieStorage. This should be a drop-in replacement.

... (truncated)

Commits

Updates com.fasterxml.jackson.core:jackson-databind from 2.21.0 to 2.22.0

Commits

Updates org.junit.jupiter:junit-jupiter-api from 5.14.2 to 6.1.0

Release notes

Sourced from org.junit.jupiter:junit-jupiter-api's releases.

JUnit 6.1.0 = Platform 6.1.0 + Jupiter 6.1.0 + Vintage 6.1.0

See Release Notes.

New Contributors

Full Changelog: junit-team/junit-framework@r6.0.3...r6.1.0

JUnit 6.1.0-RC1 = Platform 6.1.0-RC1 + Jupiter 6.1.0-RC1 + Vintage 6.1.0-RC1

See Release Notes.

New Contributors

Full Changelog: junit-team/junit-framework@r6.1.0-M1...r6.1.0-RC1

JUnit 6.1.0-M1 = Platform 6.1.0-M1 + Jupiter 6.1.0-M1 + Vintage 6.1.0-M1

See Release Notes.

New Contributors

Full Changelog: junit-team/junit-framework@r6.0.0...r6.1.0-M1

JUnit 6.0.3 = Platform 6.0.3 + Jupiter 6.0.3 + Vintage 6.0.3

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.0.2...r6.0.3

JUnit 6.0.2 = Platform 6.0.2 + Jupiter 6.0.2 + Vintage 6.0.2

See Release Notes.

... (truncated)

Commits

Updates org.junit.jupiter:junit-jupiter-engine from 5.14.2 to 6.1.0

Release notes

Sourced from org.junit.jupiter:junit-jupiter-engine's releases.

JUnit 6.1.0 = Platform 6.1.0 + Jupiter 6.1.0 + Vintage 6.1.0

See Release Notes.

New Contributors

Full Changelog: junit-team/junit-framework@r6.0.3...r6.1.0

JUnit 6.1.0-RC1 = Platform 6.1.0-RC1 + Jupiter 6.1.0-RC1 + Vintage 6.1.0-RC1

See Release Notes.

New Contributors

Full Changelog: junit-team/junit-framework@r6.1.0-M1...r6.1.0-RC1

JUnit 6.1.0-M1 = Platform 6.1.0-M1 + Jupiter 6.1.0-M1 + Vintage 6.1.0-M1

See Release Notes.

New Contributors

Full Changelog: junit-team/junit-framework@r6.0.0...r6.1.0-M1

JUnit 6.0.3 = Platform 6.0.3 + Jupiter 6.0.3 + Vintage 6.0.3

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.0.2...r6.0.3

JUnit 6.0.2 = Platform 6.0.2 + Jupiter 6.0.2 + Vintage 6.0.2

See Release Notes.

... (truncated)

Commits

Updates org.junit.jupiter:junit-jupiter-params from 5.14.2 to 6.1.0

Release notes

Sourced from org.junit.jupiter:junit-jupiter-params's releases.

JUnit 6.1.0 = Platform 6.1.0 + Jupiter 6.1.0 + Vintage 6.1.0

See Release Notes.

New Contributors

Full Changelog: junit-team/junit-framework@r6.0.3...r6.1.0

JUnit 6.1.0-RC1 = Platform 6.1.0-RC1 + Jupiter 6.1.0-RC1 + Vintage 6.1.0-RC1

See Release Notes.

New Contributors

Full Changelog: junit-team/junit-framework@r6.1.0-M1...r6.1.0-RC1

JUnit 6.1.0-M1 = Platform 6.1.0-M1 + Jupiter 6.1.0-M1 + Vintage 6.1.0-M1

See Release Notes.

New Contributors

Full Changelog: junit-team/junit-framework@r6.0.0...r6.1.0-M1

JUnit 6.0.3 = Platform 6.0.3 + Jupiter 6.0.3 + Vintage 6.0.3

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.0.2...r6.0.3

JUnit 6.0.2 = Platform 6.0.2 + Jupiter 6.0.2 + Vintage 6.0.2

See Release Notes.

... (truncated)

Commits

Updates org.junit.jupiter:junit-jupiter-engine from 5.14.2 to 6.1.0

Release notes

Sourced from org.junit.jupiter:junit-jupiter-engine's releases.

JUnit 6.1.0 = Platform 6.1.0 + Jupiter 6.1.0 + Vintage 6.1.0

See Release Notes.

New Contributors

Full Changelog: junit-team/junit-framework@r6.0.3...r6.1.0

JUnit 6.1.0-RC1 = Platform 6.1.0-RC1 + Jupiter 6.1.0-RC1 + Vintage 6.1.0-RC1

See Release Notes.

New Contributors

Full Changelog: junit-team/junit-framework@r6.1.0-M1...r6.1.0-RC1

JUnit 6.1.0-M1 = Platform 6.1.0-M1 + Jupiter 6.1.0-M1 + Vintage 6.1.0-M1

See Release Notes.

New Contributors

Full Changelog: junit-team/junit-framework@r6.0.0...r6.1.0-M1

JUnit 6.0.3 = Platform 6.0.3 + Jupiter 6.0.3 + Vintage 6.0.3

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.0.2...r6.0.3

JUnit 6.0.2 = Platform 6.0.2 + Jupiter 6.0.2 + Vintage 6.0.2

See Release Notes.

... (truncated)

Commits

Updates org.junit.jupiter:junit-jupiter-params from 5.14.2 to 6.1.0

Release notes

Sourced from org.junit.jupiter:junit-jupiter-params's releases.

JUnit 6.1.0 = Platform 6.1.0 + Jupiter 6.1.0 + Vintage 6.1.0

See Release Notes.

New Contributors

Full Changelog: junit-team/junit-framework@r6.0.3...r6.1.0

JUnit 6.1.0-RC1 = Platform 6.1.0-RC1 + Jupiter 6.1.0-RC1 + Vintage 6.1.0-RC1

See Release Notes.

New Contributors

@dependabot
build(deps): bump the gradle-dependencies group across 1 directory wi…
f8950a3 
…th 18 updates

Bumps the gradle-dependencies group with 18 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| dev.panuszewski.typesafe-conventions | `0.5.1` | `0.11.1` |
| [gradle-wrapper](https://github.com/gradle/gradle) | `9.3.1` | `9.5.1` |
| [org.http4k:http4k-bom](https://github.com/http4k/http4k) | `5.38.0.0` | `6.51.0.0` |
| [com.fasterxml.jackson.core:jackson-databind](https://github.com/FasterXML/jackson) | `2.21.0` | `2.22.0` |
| [org.junit.jupiter:junit-jupiter-api](https://github.com/junit-team/junit-framework) | `5.14.2` | `6.1.0` |
| [org.junit.jupiter:junit-jupiter-engine](https://github.com/junit-team/junit-framework) | `5.14.2` | `6.1.0` |
| [org.junit.jupiter:junit-jupiter-params](https://github.com/junit-team/junit-framework) | `5.14.2` | `6.1.0` |
| [io.github.oshai:kotlin-logging-jvm](https://github.com/oshai/kotlin-logging) | `8.0.01` | `8.0.4` |
| [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) | `1.5.32` | `1.5.34` |
| [io.mockk:mockk](https://github.com/mockk/mockk) | `1.14.9` | `1.14.11` |
| org.mock-server:mockserver-netty-no-dependencies | `5.15.0` | `6.1.0` |
| [io.rest-assured:rest-assured](https://github.com/rest-assured/rest-assured) | `5.5.7` | `6.0.0` |
| io.swagger.parser.v3:swagger-parser-v3 | `2.1.41` | `2.1.43` |
| [org.graalvm.buildtools.native](https://github.com/graalvm/native-build-tools) | `0.11.4` | `1.1.1` |
| [org.jetbrains.kotlin.jvm](https://github.com/JetBrains/kotlin) | `2.3.10` | `2.4.0` |
| [org.jetbrains.kotlin.plugin.power-assert](https://github.com/JetBrains/kotlin) | `2.3.10` | `2.4.0` |
| [org.jetbrains.kotlin.plugin.spring](https://github.com/JetBrains/kotlin) | `2.3.10` | `2.4.0` |
| [org.springframework.boot](https://github.com/spring-projects/spring-boot) | `3.5.7` | `4.0.6` |



Updates `dev.panuszewski.typesafe-conventions` from 0.5.1 to 0.11.1

Updates `gradle-wrapper` from 9.3.1 to 9.5.1
- [Release notes](https://github.com/gradle/gradle/releases)
- [Commits](gradle/gradle@v9.3.1...v9.5.1)

Updates `org.http4k:http4k-bom` from 5.38.0.0 to 6.51.0.0
- [Release notes](https://github.com/http4k/http4k/releases)
- [Changelog](https://github.com/http4k/http4k/blob/master/CHANGELOG.md)
- [Commits](http4k/http4k@5.38.0.0...6.51.0.0)

Updates `com.fasterxml.jackson.core:jackson-databind` from 2.21.0 to 2.22.0
- [Commits](https://github.com/FasterXML/jackson/commits)

Updates `org.junit.jupiter:junit-jupiter-api` from 5.14.2 to 6.1.0
- [Release notes](https://github.com/junit-team/junit-framework/releases)
- [Commits](junit-team/junit-framework@r5.14.2...r6.1.0)

Updates `org.junit.jupiter:junit-jupiter-engine` from 5.14.2 to 6.1.0
- [Release notes](https://github.com/junit-team/junit-framework/releases)
- [Commits](junit-team/junit-framework@r5.14.2...r6.1.0)

Updates `org.junit.jupiter:junit-jupiter-params` from 5.14.2 to 6.1.0
- [Release notes](https://github.com/junit-team/junit-framework/releases)
- [Commits](junit-team/junit-framework@r5.14.2...r6.1.0)

Updates `org.junit.jupiter:junit-jupiter-engine` from 5.14.2 to 6.1.0
- [Release notes](https://github.com/junit-team/junit-framework/releases)
- [Commits](junit-team/junit-framework@r5.14.2...r6.1.0)

Updates `org.junit.jupiter:junit-jupiter-params` from 5.14.2 to 6.1.0
- [Release notes](https://github.com/junit-team/junit-framework/releases)
- [Commits](junit-team/junit-framework@r5.14.2...r6.1.0)

Updates `io.github.oshai:kotlin-logging-jvm` from 8.0.01 to 8.0.4
- [Release notes](https://github.com/oshai/kotlin-logging/releases)
- [Changelog](https://github.com/oshai/kotlin-logging/blob/master/ChangeLog-old.md)
- [Commits](oshai/kotlin-logging@8.0.01...8.0.4)

Updates `ch.qos.logback:logback-classic` from 1.5.32 to 1.5.34
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](qos-ch/logback@v_1.5.32...v_1.5.34)

Updates `io.mockk:mockk` from 1.14.9 to 1.14.11
- [Release notes](https://github.com/mockk/mockk/releases)
- [Commits](mockk/mockk@1.14.9...v1.14.11)

Updates `org.mock-server:mockserver-netty-no-dependencies` from 5.15.0 to 6.1.0

Updates `io.rest-assured:rest-assured` from 5.5.7 to 6.0.0
- [Changelog](https://github.com/rest-assured/rest-assured/blob/master/changelog.txt)
- [Commits](rest-assured/rest-assured@rest-assured-5.5.7...rest-assured-6.0.0)

Updates `io.swagger.parser.v3:swagger-parser-v3` from 2.1.41 to 2.1.43

Updates `org.graalvm.buildtools.native` from 0.11.4 to 1.1.1
- [Release notes](https://github.com/graalvm/native-build-tools/releases)
- [Commits](graalvm/native-build-tools@0.11.4...1.1.1)

Updates `org.jetbrains.kotlin.jvm` from 2.3.10 to 2.4.0
- [Release notes](https://github.com/JetBrains/kotlin/releases)
- [Changelog](https://github.com/JetBrains/kotlin/blob/master/ChangeLog.md)
- [Commits](JetBrains/kotlin@v2.3.10...v2.4.0)

Updates `org.jetbrains.kotlin.plugin.power-assert` from 2.3.10 to 2.4.0
- [Release notes](https://github.com/JetBrains/kotlin/releases)
- [Changelog](https://github.com/JetBrains/kotlin/blob/master/ChangeLog.md)
- [Commits](JetBrains/kotlin@v2.3.10...v2.4.0)

Updates `org.jetbrains.kotlin.plugin.spring` from 2.3.10 to 2.4.0
- [Release notes](https://github.com/JetBrains/kotlin/releases)
- [Changelog](https://github.com/JetBrains/kotlin/blob/master/ChangeLog.md)
- [Commits](JetBrains/kotlin@v2.3.10...v2.4.0)

Updates `org.jetbrains.kotlin.plugin.power-assert` from 2.3.10 to 2.4.0
- [Release notes](https://github.com/JetBrains/kotlin/releases)
- [Changelog](https://github.com/JetBrains/kotlin/blob/master/ChangeLog.md)
- [Commits](JetBrains/kotlin@v2.3.10...v2.4.0)

Updates `org.jetbrains.kotlin.plugin.spring` from 2.3.10 to 2.4.0
- [Release notes](https://github.com/JetBrains/kotlin/releases)
- [Changelog](https://github.com/JetBrains/kotlin/blob/master/ChangeLog.md)
- [Commits](JetBrains/kotlin@v2.3.10...v2.4.0)

Updates `org.springframework.boot` from 3.5.7 to 4.0.6
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v3.5.7...v4.0.6)

---
updated-dependencies:
- dependency-name: dev.panuszewski.typesafe-conventions
  dependency-version: 0.11.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gradle-dependencies
- dependency-name: gradle-wrapper
  dependency-version: 9.5.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gradle-dependencies
- dependency-name: org.http4k:http4k-bom
  dependency-version: 6.51.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: gradle-dependencies
- dependency-name: com.fasterxml.jackson.core:jackson-databind
  dependency-version: 2.22.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gradle-dependencies
- dependency-name: org.junit.jupiter:junit-jupiter-api
  dependency-version: 6.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: gradle-dependencies
- dependency-name: org.junit.jupiter:junit-jupiter-engine
  dependency-version: 6.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: gradle-dependencies
- dependency-name: org.junit.jupiter:junit-jupiter-params
  dependency-version: 6.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: gradle-dependencies
- dependency-name: org.junit.jupiter:junit-jupiter-engine
  dependency-version: 6.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: gradle-dependencies
- dependency-name: org.junit.jupiter:junit-jupiter-params
  dependency-version: 6.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: gradle-dependencies
- dependency-name: io.github.oshai:kotlin-logging-jvm
  dependency-version: 8.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gradle-dependencies
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.34
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gradle-dependencies
- dependency-name: io.mockk:mockk
  dependency-version: 1.14.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gradle-dependencies
- dependency-name: org.mock-server:mockserver-netty-no-dependencies
  dependency-version: 6.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: gradle-dependencies
- dependency-name: io.rest-assured:rest-assured
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: gradle-dependencies
- dependency-name: io.swagger.parser.v3:swagger-parser-v3
  dependency-version: 2.1.43
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gradle-dependencies
- dependency-name: org.graalvm.buildtools.native
  dependency-version: 1.1.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: gradle-dependencies
- dependency-name: org.jetbrains.kotlin.jvm
  dependency-version: 2.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gradle-dependencies
- dependency-name: org.jetbrains.kotlin.plugin.power-assert
  dependency-version: 2.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gradle-dependencies
- dependency-name: org.jetbrains.kotlin.plugin.spring
  dependency-version: 2.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gradle-dependencies
- dependency-name: org.jetbrains.kotlin.plugin.power-assert
  dependency-version: 2.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gradle-dependencies
- dependency-name: org.jetbrains.kotlin.plugin.spring
  dependency-version: 2.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gradle-dependencies
- dependency-name: org.springframework.boot
  dependency-version: 4.0.6
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: gradle-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Jun 3, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants