Bump the all group with 5 updates by dependabot[bot] · Pull Request #192 · Heapy/kotbot

dependabot · 2026-06-01T20:57:06Z

Bumps the all group with 5 updates:

Package	From	To
org.flywaydb:flyway-database-postgresql	`12.6.2`	`12.7.0`
ch.qos.logback:logback-classic	`1.5.32`	`1.5.34`
io.mockk:mockk	`1.14.9`	`1.14.11`
com.openai:openai-java	`4.37.0`	`4.38.0`
com.google.devtools.ksp	`2.3.8`	`2.3.9`

Updates org.flywaydb:flyway-database-postgresql from 12.6.2 to 12.7.0

Updates ch.qos.logback:logback-classic from 1.5.32 to 1.5.34

Release notes

Sourced from ch.qos.logback:logback-classic's releases.

Logback 1.5.33

2026-05-27 Release of logback version 1.5.33

• PropertiesConfiguratorModelHandler now registers properties file URLs to the ConfigurationWatchList when scan is enabled (via local scan="true" attribute or top-level configuration scan), ensuring changes are detected and reconfiguration occurs. This problem was reported in issues/1034.

• When processing <conversionRule> elements and both class and converterClass attributes are specified, silently use the class attribute without issuing a warning. However, if the attribute values differ, a warning will be issued. This change was requested in issues/1031.

• HardenedModelInputStream will no longer accept to deserialize all classes located under the "java.lang" and "java.util" packages but a limited number of explicitly authorized classes in those packages. This potential deserialization whitelist bypass vulnerability was reported by York Shen and registered as CVE-2026-9828.

• SSL parameters for SSLSocketAppender now enable hostname verification by default. Moreover, the default protocol is now "TLSv1.2". This potential vulnerability was reported by York Shen.

• When printing the status message field, ViewStatusMessagesServletBase now escapes special characters such as "&" as character entities. This potential vulnerability was reported by York Shen.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit 124e8b49b55ac34d08743a0646bd463410192647 associated with the tag v_1.5.33. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Commits

e62272a prepare release 1.5.34
1e9e926 add resolveProxyClassRejectsDynamicProxies unit test
2de5cbe added StackTraceElementProxyTest, minor edits to AGENTS.md
0e9b927 in case StackTraceElement is null use a substitute, fixing issues/1040
f7a0654 prevent resolveProxyClass bypass
249b81f docs are no longer distributed
1c3b26a start work on 1.5.34-SNAPSHOT
124e8b4 prepare release 1.5.33
d8fd6f2 escapeTags in message field when printing status messages
95edbeb hostnameVerification default to true in SSLParametersConfiguration, SSL.DEFAU...
Additional commits viewable in compare view

Updates io.mockk:mockk from 1.14.9 to 1.14.11

Release notes

Sourced from io.mockk:mockk's releases.

v1.14.11

What's Changed

fix: added SameInstanceMatcher to handle an issue with equals method when using EqMatcher along with a mock to an object by @DOssaA in mockk/mockk#1508

Add scoped confirmVerified overloads for callables (KFunction and KProperty) by @DOssaA in mockk/mockk#1513

feat: support MockKAnnotation.useDependencyOrder for JUnit 5 by @ilia1243 in mockk/mockk#1515

Allow updating settings from code by @Yentis in mockk/mockk#1517

Add currentThread filter and excluded mocks to clearAllStubsFromMemory by @evgenru in mockk/mockk#1519

Support new Kotlin annotation defaulting rule for @InjectMockKs by @ZzAve in mockk/mockk#1525

feat(dsl): Add context parameters support module (#1431) by @faraz152 in mockk/mockk#1521

fix: resolve @InjectMockKs dependency order for interface by @neungs-2 in mockk/mockk#1526

fix: resolve @InjectMockKs dependency order for list injection by @ilia1243 in mockk/mockk#1527

fix: extract native lib from APK when not on filesystem (AGP 8.5+) by @snowykte0426 in mockk/mockk#1529

fix: support OpenJ9 in JvmAutoHinter by @hspedro in mockk/mockk#1530

New Contributors

@DOssaA made their first contribution in mockk/mockk#1508

@ilia1243 made their first contribution in mockk/mockk#1515

@Yentis made their first contribution in mockk/mockk#1517

@evgenru made their first contribution in mockk/mockk#1519

@ZzAve made their first contribution in mockk/mockk#1525

@faraz152 made their first contribution in mockk/mockk#1521

@hspedro made their first contribution in mockk/mockk#1530

Full Changelog: mockk/mockk@1.14.9...v1.14.11

Commits

d5617fc Version bump for v1.14.11
d4e6a00 Merge pull request #1530 from hspedro/fix/726-openj9-classcast-message-format
98e91bc fix: handle OpenJ9 CCE message in JvmAutoHinter
945f746 Merge pull request #1529 from snowykte0426/fix/1273-jvmtiagent-agp85-native-l...
35cc073 [ 1273-jvmtiagent ] chore: stop tracking .claude/scheduled_tasks.lock
d6aa82b [ 1273-jvmtiagent ] chore: drop useLegacyPackaging workaround
85a907c [ 1273-jvmtiagent ] chore: apply spotless formatting
7d9aec1 [ 1273-jvmtiagent ] fix: extract .so when findLibrary returns a path with '='
1d5d30e [ 1273-jvmtiagent ] test: verify findLibrary resolves mockkjvmtiagent to a va...
21a6a3a [ 1273-jvmtiagent]fix: pass findLibrary path directly to attach JvmtiAgent
Additional commits viewable in compare view

Updates com.openai:openai-java from 4.37.0 to 4.38.0

Release notes

Sourced from com.openai:openai-java's releases.

v4.38.0

4.38.0 (2026-06-01)

Full Changelog: v4.37.0...v4.38.0

Features

api: workload identity in audit logs, additional_tools item in responses, fix ActionSearch.query to be optional. (76574c1)

Changelog

Sourced from com.openai:openai-java's changelog.

4.38.0 (2026-06-01)

Full Changelog: v4.37.0...v4.38.0

Features

api: workload identity in audit logs, additional_tools item in responses, fix ActionSearch.query to be optional. (76574c1)

Commits

2157479 release: 4.38.0
40b9b4f feat(api): workload identity in audit logs, additional_tools item in response...
See full diff in compare view

Updates com.google.devtools.ksp from 2.3.8 to 2.3.9

Release notes

Sourced from com.google.devtools.ksp's releases.

2.3.9

What's Changed

Cleaned up native cross-compilation support checks to prevent Gradle Configuration Cache invalidation (#2953)

Fixed a compilation performance regression in in PsiResolutionStrategy introduced in 2.3.8 (#2948)

Contributors

Thanks to everyone who reported bugs and participated in discussions!

Full Changelog: google/ksp@2.3.8...2.3.9

Commits

799f6c1 Add unused test
0410308 return to using kgp api but gate with if statement
3b0ae6d Consolidate klib cross-compilation support check on KGP property
9746fb5 Add test for self referencing type variables
b61da98 Fix release branch cherry-picking
555120d Add copyright header
1a80a30 Revert "Refactor CollectAnnotatedSymbolsPsiVisitor"
b6684d4 Update auto-merge.yml to 2.3.9-release branch
d350521 Add test for context parameters
811dbfe Merge test directories
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the all group with 5 updates: | Package | From | To | | --- | --- | --- | | org.flywaydb:flyway-database-postgresql | `12.6.2` | `12.7.0` | | [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) | `1.5.32` | `1.5.34` | | [io.mockk:mockk](https://github.com/mockk/mockk) | `1.14.9` | `1.14.11` | | [com.openai:openai-java](https://github.com/openai/openai-java) | `4.37.0` | `4.38.0` | | [com.google.devtools.ksp](https://github.com/google/ksp) | `2.3.8` | `2.3.9` | Updates `org.flywaydb:flyway-database-postgresql` from 12.6.2 to 12.7.0 Updates `ch.qos.logback:logback-classic` from 1.5.32 to 1.5.34 - [Release notes](https://github.com/qos-ch/logback/releases) - [Commits](qos-ch/logback@v_1.5.32...v_1.5.34) Updates `io.mockk:mockk` from 1.14.9 to 1.14.11 - [Release notes](https://github.com/mockk/mockk/releases) - [Commits](mockk/mockk@1.14.9...v1.14.11) Updates `com.openai:openai-java` from 4.37.0 to 4.38.0 - [Release notes](https://github.com/openai/openai-java/releases) - [Changelog](https://github.com/openai/openai-java/blob/main/CHANGELOG.md) - [Commits](openai/openai-java@v4.37.0...v4.38.0) Updates `com.google.devtools.ksp` from 2.3.8 to 2.3.9 - [Release notes](https://github.com/google/ksp/releases) - [Commits](google/ksp@2.3.8...2.3.9) --- updated-dependencies: - dependency-name: org.flywaydb:flyway-database-postgresql dependency-version: 12.7.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: ch.qos.logback:logback-classic dependency-version: 1.5.34 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: io.mockk:mockk dependency-version: 1.14.11 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: com.openai:openai-java dependency-version: 4.38.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: com.google.devtools.ksp dependency-version: 2.3.9 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Jun 1, 2026

IRus merged commit aacb3c5 into main Jun 1, 2026
6 of 7 checks passed

dependabot Bot deleted the dependabot/gradle/all-b0ddd9551b branch June 1, 2026 21:09

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the all group with 5 updates#192

Bump the all group with 5 updates#192
IRus merged 1 commit into
mainfrom
dependabot/gradle/all-b0ddd9551b

dependabot Bot commented on behalf of github Jun 1, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot Bot commented on behalf of github Jun 1, 2026

Logback 1.5.33

v1.14.11

What's Changed

New Contributors

v4.38.0

4.38.0 (2026-06-01)

Features

4.38.0 (2026-06-01)

Features

2.3.9

What's Changed

Contributors

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Milestone

Development

Uh oh!

1 participant