Skip to content

Bump the gradle-dependencies group across 1 directory with 10 updates#977

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/gradle/gradle-dependencies-8b393227bc
Open

Bump the gradle-dependencies group across 1 directory with 10 updates#977
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/gradle/gradle-dependencies-8b393227bc

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor

Bumps the gradle-dependencies group with 8 updates in the / directory:

Package From To
com.google.code.gson:gson 2.13.2 2.14.0
org.json:json 20251224 20260522
com.squareup.okhttp3:okhttp 5.3.2 5.4.0
org.junit:junit-bom 6.0.3 6.1.1
com.fasterxml.jackson.core:jackson-databind 2.21.2 2.22.0
org.projectlombok:lombok 1.18.44 1.18.46
com.auth0:java-jwt 4.5.1 4.5.2
gradle-wrapper 9.4.1 9.6.1

Updates com.google.code.gson:gson from 2.13.2 to 2.14.0

Release notes

Sourced from com.google.code.gson:gson's releases.

Gson 2.14.0

What's Changed

  • Add type adapters for java.time classes by @​eamonnmcmanus in google/gson#2948

    When the java.time API is available, Gson automatically can read and write instances of classes like Instant and Duration. The format it uses essentially freezes the JSON representation that ReflectiveTypeAdapterFactory established by default, based on the private fields of java.time classes. That's not a great representation, but it is understandable. Changing it to anything else would break compatibility with systems that are expecting the current format.

    With this change, Gson no longer tries to access private fields of these classes using reflection. So it is no longer necessary to run with --add-opens for these classes on recent JDKs.

  • Remove com.google.gson.graph by @​eamonnmcmanus in google/gson#2990.

    This package was not part of any released artifact and depended on Gson internals in potentially problematic ways.

  • Validate that strings being parsed as integers consist of ASCII characters by @​eamonnmcmanus in google/gson#2995

    Previously, strings could contain non-ASCII Unicode digits and still be parsed as integers. That's inconsistent with how JSON numbers are treated.

  • Fix duplicate key detection when first value is null by @​andrewstellman in google/gson#3006

    This could potentially break code that was relying on the incorrect behaviour. For example, this JSON string was previously accepted but will no longer be: {"foo": null, "foo": bar}.

  • Remove Serializable from internal Type implementation classes. by @​eamonnmcmanus in google/gson#3011

    The nested classes ParameterizedTypeImpl, GenericArrayTypeImpl, and WildcardTypeImpl in GsonTypes are implementations of the corresponding types (without Impl) in java.lang.reflect. For some reason, they were serializable, even though the java.lang.reflect implementations are not. Having unnecessarily serializable classes could conceivably have been a security problem if they were part of a larger exploit using serialization. (We do not consider this a likely scenario and do not suggest that you need to update Gson just to get this change.)

  • Add LegacyProtoTypeAdapterFactory. by @​eamonnmcmanus in google/gson#3014

    This is not part of any released artifact, but may be of use when trying to fix code that is currently accessing the internals of protobuf classes via reflection.

  • Make AppendableWriter do flush and close if delegation object supports by @​MukjepScarlet in google/gson#2925

Other less visible changes

New Contributors

Full Changelog: google/gson@gson-parent-2.13.2...gson-parent-2.14.0

Commits
  • 3ff35d6 [maven-release-plugin] prepare release gson-parent-2.14.0
  • a3024fd Bump the maven group with 13 updates (#3002)
  • 5689ffe Bump the github-actions group across 1 directory with 3 updates (#3018)
  • 48db33c Add LegacyProtoTypeAdapterFactory. (#3014)
  • 53d703e Update outdated comment regarding serializable types (#3012)
  • 0189b72 Remove Serializable from internal Type implementation classes. (#3011)
  • f4d371d Fix duplicate key detection when first value is null (#3006)
  • 27d9ba1 Fix typo in README (JPMS dependencies section) (#3005)
  • 1fa9b7a Validate that strings being parsed as integers consist of ASCII characters (#...
  • b7d5954 Add iterator fail-fast tests for LinkedTreeMap.clear() (#2992)
  • Additional commits viewable in compare view

Updates org.json:json from 20251224 to 20260522

Release notes

Sourced from org.json:json's releases.

20260522

Pull Request Description
#1054 pre-release-20260522 prep for next release
#1053 update security.md with key data
#1046 Validate XML numeric character references before string construction
#1044 Ignore static fields in JSONObject.fromJson()
#1041 Enhance README with license clarification
#1039 Fix XML forceList parsing issue
#1038 Fix input validation in XMLTokener.unescapeEntity()
#1037 Fix ClassCastException in JSONML.toJSONArray and toJSONObject
#1029 add badge to external hosted javadoc
#1028 Refactoring: Fix sonarqube reliability issues
#1027 Save/restore default locale in test
Changelog

Sourced from org.json:json's changelog.

20260522 Publish key data, recent commits for minor fixes

Commits
  • 968a592 Merge pull request #1054 from stleary/pre-release-20260522
  • 3665aad pre-release-20260522 doc and build updates for release
  • d749ee1 Merge pull request #1053 from stleary/update-security-md-with-key
  • 6495983 update-security-md-with-key new security.md file, also fixed 1000 level jsona...
  • 896ce0f Merge pull request #1046 from yuki-matsuhashi/master
  • 1877069 Validate XML numeric character references before string construction
  • b959027 Merge pull request #1044 from yuki-matsuhashi/1043-ignore-static
  • 039f331 Add comment for empty test constructor
  • 94e3400 Ignore static fields in JSONObject.fromJson()
  • 6230128 Merge pull request #1041 from stleary/license-clarification
  • Additional commits viewable in compare view

Updates com.squareup.okhttp3:okhttp from 5.3.2 to 5.4.0

Changelog

Sourced from com.squareup.okhttp3:okhttp's changelog.

Version 5.4.0

2026-06-08

  • New: Add superpowers to interceptors. Interceptors can now override anything settable on OkHttpClient.Builder, such as the cache, connection pool, socket factory, and DNS. We expect this will allow most users to use interceptors everywhere, insted of mixing and matching interceptors with custom Call.Factory wrappers.
  • Fix: Limit each HTTP/2 response to 256 KiB of total headers.
  • Upgrade: [kotlinx.coroutines 1.11.0][coroutines_1_11_0]. This is used by the optional okhttp-coroutines artifact.
  • Upgrade: [GraalVM 25.0.3][graalvm_25].
  • Upgrade: [Okio 3.17.0][okio_3_17_0].
Commits

Updates org.junit:junit-bom from 6.0.3 to 6.1.1

Release notes

Sourced from org.junit:junit-bom's releases.

JUnit 6.1.1 = Platform 6.1.1 + Jupiter 6.1.1 + Vintage 6.1.1

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.1.0...r6.1.1

JUnit 6.1.0 = Platform 6.1.0 + Jupiter 6.1.0 + Vintage 6.1.0

See Release Notes.

New Contributors

Full Changelog: junit-team/junit-framework@r6.0.3...r6.1.0

JUnit 6.1.0-RC1 = Platform 6.1.0-RC1 + Jupiter 6.1.0-RC1 + Vintage 6.1.0-RC1

See Release Notes.

New Contributors

Full Changelog: junit-team/junit-framework@r6.1.0-M1...r6.1.0-RC1

JUnit 6.1.0-M1 = Platform 6.1.0-M1 + Jupiter 6.1.0-M1 + Vintage 6.1.0-M1

See Release Notes.

New Contributors

Full Changelog: junit-team/junit-framework@r6.0.0...r6.1.0-M1

Commits
  • 0d85889 Release 6.1.1
  • 0363eee Finalize 6.1.1 release notes
  • a6d540a Move entry to 6.1.1 release notes
  • 69339d5 Only pass timeout when publishing to avoid failure in nmcp plugin
  • dec2eb9 Allow excluding engines from memory cleanup mode (#5786)
  • a5f4270 Publish sha256/sha512 checksums again but filter out signature ones (#5796)
  • 8213012 Update plugin nmcp-settings to v1.6.0 (#5787)
  • d1bf847 Generate Javadoc for aggregator modules
  • d721de5 Pass --no-fonts to javadoc convention
  • d289ec6 Restore original SetSystemProperty values in a ParameterizedTest (#5720)
  • Additional commits viewable in compare view

Updates org.junit.jupiter:junit-jupiter from 6.0.3 to 6.1.1

Release notes

Sourced from org.junit.jupiter:junit-jupiter's releases.

JUnit 6.1.1 = Platform 6.1.1 + Jupiter 6.1.1 + Vintage 6.1.1

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.1.0...r6.1.1

JUnit 6.1.0 = Platform 6.1.0 + Jupiter 6.1.0 + Vintage 6.1.0

See Release Notes.

New Contributors

Full Changelog: junit-team/junit-framework@r6.0.3...r6.1.0

JUnit 6.1.0-RC1 = Platform 6.1.0-RC1 + Jupiter 6.1.0-RC1 + Vintage 6.1.0-RC1

See Release Notes.

New Contributors

Full Changelog: junit-team/junit-framework@r6.1.0-M1...r6.1.0-RC1

JUnit 6.1.0-M1 = Platform 6.1.0-M1 + Jupiter 6.1.0-M1 + Vintage 6.1.0-M1

See Release Notes.

New Contributors

Full Changelog: junit-team/junit-framework@r6.0.0...r6.1.0-M1

Commits
  • 0d85889 Release 6.1.1
  • 0363eee Finalize 6.1.1 release notes
  • a6d540a Move entry to 6.1.1 release notes
  • 69339d5 Only pass timeout when publishing to avoid failure in nmcp plugin
  • dec2eb9 Allow excluding engines from memory cleanup mode (#5786)
  • a5f4270 Publish sha256/sha512 checksums again but filter out signature ones (#5796)
  • 8213012 Update plugin nmcp-settings to v1.6.0 (#5787)
  • d1bf847 Generate Javadoc for aggregator modules
  • d721de5 Pass --no-fonts to javadoc convention
  • d289ec6 Restore original SetSystemProperty values in a ParameterizedTest (#5720)
  • Additional commits viewable in compare view

Updates com.squareup.okhttp3:mockwebserver from 5.3.2 to 5.4.0

Changelog

Sourced from com.squareup.okhttp3:mockwebserver's changelog.

Version 5.4.0

2026-06-08

  • New: Add superpowers to interceptors. Interceptors can now override anything settable on OkHttpClient.Builder, such as the cache, connection pool, socket factory, and DNS. We expect this will allow most users to use interceptors everywhere, insted of mixing and matching interceptors with custom Call.Factory wrappers.
  • Fix: Limit each HTTP/2 response to 256 KiB of total headers.
  • Upgrade: [kotlinx.coroutines 1.11.0][coroutines_1_11_0]. This is used by the optional okhttp-coroutines artifact.
  • Upgrade: [GraalVM 25.0.3][graalvm_25].
  • Upgrade: [Okio 3.17.0][okio_3_17_0].
Commits

Updates com.fasterxml.jackson.core:jackson-databind from 2.21.2 to 2.22.0

Commits

Updates org.projectlombok:lombok from 1.18.44 to 1.18.46

Changelog

Sourced from org.projectlombok:lombok's changelog.

v1.18.46 (April 22nd, 2026)

  • PLATFORM: JDK26 support added #4019.
  • PLATFORM: Spring Tools Suite 5 supported #3985.
  • BUGFIX: @Jacksonized no longer stops generating @JsonProperty once an explicit @JsonIgnore annotations is encountered #4022.
  • BUGFIX: In eclipse, mixing @Jacksonized and fluent = true no longer causes the error com.fasterxml.jackson.annotation.JsonProperty is not a repeatable annotation interface. #3934.
  • BUGFIX: Some finishing touches for v1.18.44's support of Jackson3 #4004.
Commits
  • 936ca59 [build] lombok's launcher is still intended to be 1.4 compatible, or at least...
  • fcdab3f [version] pre-release version bump
  • 1cb7d49 [changelog]#4004 Mention Jackson3 final touches in changelog.
  • 12a15b0 Fix: Bump EA_JDK to 27 (25 and 26 have been released)
  • 2be766c Merge branch 'jackson3-final-touches'
  • 290fa4c [trivial] constantize the warning we spit out for ambiguous jackson2/3, and m...
  • e6567b6 test: Add Jackson 3 test cases and version ambiguity warnings
  • 45e72e2 feat: Add Jackson 3 databind/dataformat annotations to HandlerUtil copy lists
  • 184d423 feat: Add Jackson 3 support to @​Jacksonized handlers
  • e027ad0 refactored to ShadowClassLoader use Collections::enumeration instead of Vector
  • Additional commits viewable in compare view

Updates com.auth0:java-jwt from 4.5.1 to 4.5.2

Release notes

Sourced from com.auth0:java-jwt's releases.

4.5.2

Added

Changelog

Sourced from com.auth0:java-jwt's changelog.

4.5.2 (2026-04-29)

Full Changelog

Added

Commits
  • 695fd2b Release 4.5.2 (#765)
  • 4ac3178 Release 4.5.2
  • d056a79 Bump com.fasterxml.jackson.core:jackson-databind from 2.21.2 to 2.21.3 in /li...
  • 37f195a Bump com.fasterxml.jackson.core:jackson-databind in /lib
  • dba4c93 Chore: Bump update commons-beanutils dependency (#761)
  • 84d4c8f Merge branch 'master' into chore/bump-commons-beanutils
  • 5c923d4 Chore: Add SCA scan workflow (#762)
  • 09a4da5 Merge branch 'master' into chore/add-sca-scan
  • ef47e64 Chore: Add SCA scan workflow
  • 3fcfbcb Chore: Bump update commons-beanutils dependency
  • Additional commits viewable in compare view

Updates gradle-wrapper from 9.4.1 to 9.6.1

Release notes

Sourced from gradle-wrapper's releases.

9.6.1

The Gradle team is excited to announce Gradle 9.6.1.

Here are the highlights of this release:

  • Improved Configuration Cache hit rates
  • Additional CLI rendering options
  • Important project hierarchy lookup deprecations

Read the Release Notes

We would like to thank the following community members for their contributions to this release of Gradle: Aharnish Solanki, Benedikt Johannes, Devendra Reddy Pennabadi, Dmytro Rodionov, Dreeam, Elías Hernández Rodríguez, Eng Zer Jun, FinlayRJW, Kamal Kansal, Marcono1234, Nelson Osacky, Philip Wedemann, Ravi, Roberto Perez Alcolea, Ryan Schmitt, Sebastian Schuberth, seunghun.ham, sk-reddy17, Suvrat Acharya, Vedant Madane.

Upgrade instructions

Switch your build to use Gradle 9.6.1 by updating your wrapper:

./gradlew :wrapper --gradle-version=9.6.1 && ./gradlew :wrapper

See the Gradle 9.x upgrade guide to learn about deprecations, breaking changes and other considerations when upgrading.

For Java, Groovy, Kotlin and Android compatibility, see the full compatibility notes.

Reporting problems

If you find a problem with this release, please file a bug on GitHub Issues adhering to our issue guidelines. If you're not sure you're encountering a bug, please use the forum.

We hope you will build happiness with Gradle, and we look forward to your feedback via Twitter or on GitHub.

9.6.0

... (truncated)

Commits
  • 309d128 Update fixed issues in release notes for 9.6.1 (#38328)
  • 040a978 Update fixed issues in release notes for 9.6.1
  • e0b8325 Restore --non-interactive flag instead of --interactive/--no-interactive (#38...
  • 946f3e6 Limit explicit temp file permission setting to intended use case (#38300)
  • 65f8224 Restore --non-interactive flag instead of --interactive/--no-interactive
  • e346a5e Adjust CLI flag to configure non-interactive console (#38301)
  • 9b53be9 Adjust CLI flag to configure non-interactive console
  • 0dd3b53 Limit explicit temp file permission setting to intended use case
  • 48e5ac2 Add reproducers
  • 25598fd Prepare 9.6.1 patch release (#38293)
  • Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the gradle-dependencies group with 8 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [com.google.code.gson:gson](https://github.com/google/gson) | `2.13.2` | `2.14.0` |
| [org.json:json](https://github.com/douglascrockford/JSON-java) | `20251224` | `20260522` |
| [com.squareup.okhttp3:okhttp](https://github.com/square/okhttp) | `5.3.2` | `5.4.0` |
| [org.junit:junit-bom](https://github.com/junit-team/junit-framework) | `6.0.3` | `6.1.1` |
| [com.fasterxml.jackson.core:jackson-databind](https://github.com/FasterXML/jackson) | `2.21.2` | `2.22.0` |
| [org.projectlombok:lombok](https://github.com/projectlombok/lombok) | `1.18.44` | `1.18.46` |
| [com.auth0:java-jwt](https://github.com/auth0/java-jwt) | `4.5.1` | `4.5.2` |
| [gradle-wrapper](https://github.com/gradle/gradle) | `9.4.1` | `9.6.1` |



Updates `com.google.code.gson:gson` from 2.13.2 to 2.14.0
- [Release notes](https://github.com/google/gson/releases)
- [Changelog](https://github.com/google/gson/blob/main/CHANGELOG.md)
- [Commits](google/gson@gson-parent-2.13.2...gson-parent-2.14.0)

Updates `org.json:json` from 20251224 to 20260522
- [Release notes](https://github.com/douglascrockford/JSON-java/releases)
- [Changelog](https://github.com/stleary/JSON-java/blob/master/docs/RELEASES.md)
- [Commits](stleary/JSON-java@2025122...2026052)

Updates `com.squareup.okhttp3:okhttp` from 5.3.2 to 5.4.0
- [Changelog](https://github.com/square/okhttp/blob/master/CHANGELOG.md)
- [Commits](square/okhttp@parent-5.3.2...parent-5.4.0)

Updates `org.junit:junit-bom` from 6.0.3 to 6.1.1
- [Release notes](https://github.com/junit-team/junit-framework/releases)
- [Commits](junit-team/junit-framework@r6.0.3...r6.1.1)

Updates `org.junit.jupiter:junit-jupiter` from 6.0.3 to 6.1.1
- [Release notes](https://github.com/junit-team/junit-framework/releases)
- [Commits](junit-team/junit-framework@r6.0.3...r6.1.1)

Updates `com.squareup.okhttp3:mockwebserver` from 5.3.2 to 5.4.0
- [Changelog](https://github.com/square/okhttp/blob/master/CHANGELOG.md)
- [Commits](square/okhttp@parent-5.3.2...parent-5.4.0)

Updates `com.fasterxml.jackson.core:jackson-databind` from 2.21.2 to 2.22.0
- [Commits](https://github.com/FasterXML/jackson/commits)

Updates `org.projectlombok:lombok` from 1.18.44 to 1.18.46
- [Changelog](https://github.com/projectlombok/lombok/blob/master/doc/changelog.markdown)
- [Commits](projectlombok/lombok@v1.18.44...v1.18.46)

Updates `com.auth0:java-jwt` from 4.5.1 to 4.5.2
- [Release notes](https://github.com/auth0/java-jwt/releases)
- [Changelog](https://github.com/auth0/java-jwt/blob/master/CHANGELOG.md)
- [Commits](auth0/java-jwt@4.5.1...4.5.2)

Updates `gradle-wrapper` from 9.4.1 to 9.6.1
- [Release notes](https://github.com/gradle/gradle/releases)
- [Commits](gradle/gradle@v9.4.1...v9.6.1)

---
updated-dependencies:
- dependency-name: com.google.code.gson:gson
  dependency-version: 2.14.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gradle-dependencies
- dependency-name: org.json:json
  dependency-version: '20260522'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: gradle-dependencies
- dependency-name: com.squareup.okhttp3:okhttp
  dependency-version: 5.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gradle-dependencies
- dependency-name: org.junit:junit-bom
  dependency-version: 6.1.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gradle-dependencies
- dependency-name: org.junit.jupiter:junit-jupiter
  dependency-version: 6.1.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gradle-dependencies
- dependency-name: com.squareup.okhttp3:mockwebserver
  dependency-version: 5.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gradle-dependencies
- dependency-name: com.fasterxml.jackson.core:jackson-databind
  dependency-version: 2.22.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gradle-dependencies
- dependency-name: org.projectlombok:lombok
  dependency-version: 1.18.46
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gradle-dependencies
- dependency-name: com.auth0:java-jwt
  dependency-version: 4.5.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gradle-dependencies
- dependency-name: gradle-wrapper
  dependency-version: 9.6.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gradle-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Jul 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants