chore(deps): bump the gradle-dependencies group across 1 directory with 23 updates by dependabot[bot] · Pull Request #61 · AndroidIRCx/NULVEX

dependabot · 2026-06-03T19:31:31Z

Bumps the gradle-dependencies group with 16 updates in the / directory:

Package	From	To
com.android.tools.build:gradle	`9.2.0`	`9.2.1`
io.netty:netty-codec-http	`4.2.12.Final`	`4.2.15.Final`
com.google.protobuf:protobuf-java	`4.34.1`	`4.35.0`
com.google.firebase:firebase-bom	`34.12.0`	`34.14.0`
org.json:json	`20251224`	`20260522`
gradle-wrapper	`9.5.0`	`9.5.1`
androidx.core:core-ktx	`1.18.0`	`1.19.0`
androidx.compose:compose-bom	`2026.04.01`	`2026.05.01`
net.zetetic:sqlcipher-android	`4.15.0`	`4.16.0`
io.mockk:mockk	`1.14.9`	`1.14.11`
io.mockk:mockk-android	`1.14.9`	`1.14.11`
org.jetbrains.kotlinx:kotlinx-coroutines-test	`1.10.2`	`1.11.0`
com.google.android.gms:play-services-ads	`25.2.0`	`25.3.0`
com.android.billingclient:billing-ktx	`8.3.0`	`9.0.0`
org.jetbrains.kotlin.plugin.compose	`2.3.21`	`2.4.0`
com.google.devtools.ksp	`2.3.7`	`2.3.9`

Updates com.android.tools.build:gradle from 9.2.0 to 9.2.1

Updates io.netty:netty-codec-http from 4.2.12.Final to 4.2.15.Final

Release notes

Sourced from io.netty:netty-codec-http's releases.

netty-4.2.15.Final

Security fixes

CVE-2026-48059: memory exhaustion in io.netty:netty-codec-haproxy (high).

CVE-2026-47691: DNS cache poisoning in io.netty:netty-resolver-dns (high).

CVE-2026-XXXXX: DDoS in io.netty:netty-codec-http2.

CVE-2026-XXXXX: memory exhaustion in io.netty:netty-codec-redis (high).

CVE-2026-44250: memory exhaustion in io.netty:netty-codec-redis (high).

CVE-2026-44890: memory exhaustion in io.netty:netty-codec-redis (high).

CVE-2026-XXXXX: information disclosure and denial of service in io.netty:netty-codec-classes-quic.

CVE-2026-44249: IPv6 subnet filter bypass in io.netty:netty-handler (high).

CVE-2026-XXXXX: request smuggling in io.netty:netty-codec-http.

CVE-2026-44892: memory exhaustion in io.netty:netty-codec-http3 (high).

CVE-2026-44893: memory leak in io.netty:netty-codec-haproxy (high).

CVE-2026-44894: traffic amplification in io.netty:netty-codec-classes-quic (high).

CVE-2026-XXXXX: TLS hostname verification accidentally disabled in io.netty:netty-handler (high).

CVE-2026-45673: DNS cache poisoning in io.netty:netty-resolver-dns.

CVE-2026-45416: excessive memory usage from SNIHandler in io.netty:netty-handler (high).

CVE-2026-45536: file descriptor leak in io.netty:netty-transport-native-epoll and io.netty:netty-transport-native-kqueue.

CVE-2026-45674: DNS cache poisoning in io.netty:netty-resolver-dns (high).

CVE-2026-46340: memory exhaustion in io.netty:netty-transport-sctp (high).

CVE-2026-47244: denial of service in io.netty:netty-codec-http2.

CVE-2026-48006: memory exhaustion in io.netty:netty-codec-redis (high).

CVE-2026-48748: memory exhaustion in io.netty:netty-codec-http3 (high).

CVE-2026-48043: memory exhaustion in io.netty:netty-codec-http2.

What's Changed

Fix race in io.netty.channel.uring.IoUringIoHandler.wakeup by @dreamlike-ocean in netty/netty#16836

HTTP/2: Parse request-target path like Vert.x by @yawkat in netty/netty#16810

Auto-port 4.2: ChannelInitializer: correct misleading comment on exceptionCaught route by @netty-project-bot in netty/netty#16853

FlowControlHandler: Suppress duplicate channelReadComplete after draining queue (#15053) by @schiemon in netty/netty#16837

Pass maxAllocation to Brotli and Zstd decoders by @fedinskiy in netty/netty#16844

Fix revapi warnings by @chrisvest in netty/netty#16885

Fix SCTP and Redis tests by @chrisvest in netty/netty#16893

Add maxWindowLog parameter to ZstdDecoder to bound memory allocation by @skyguard1 in netty/netty#16850

Auto-port 4.2: MQTT: Reject malformed no-payload packets with non-zero Remaining Length by @netty-project-bot in netty/netty#16890

New Contributors

@schiemon made their first contribution in netty/netty#16837

@fedinskiy made their first contribution in netty/netty#16844

Full Changelog: netty/netty@netty-4.2.14.Final...netty-4.2.15.Final

netty-4.2.14.Final

What's Changed

HTTP: Fix revapi failure introduced by 84530fa81e12dcd1d42310bb20c1385cb44128d8 by @normanmaurer in netty/netty#16748

HTTP: Re-add constructor to HttpProxyHandler that was removed by mistake by @normanmaurer in netty/netty#16747

Marshalling: Explicit document security requirements by @normanmaurer in netty/netty#16752

Fix io_uring op completion TRACE logging by @chrisvest in netty/netty#16755

Quic: Ensure writes are done before notify close promise of QuicheQui… by @normanmaurer in netty/netty#16758

Avoid re-parsing openssl key material with non-cached provider by @chrisvest in netty/netty#16759

... (truncated)

Commits

a41f7b2 [maven-release-plugin] prepare release netty-4.2.15.Final
2394530 Auto-port 4.2: MQTT: Reject malformed no-payload packets with non-zero Remain...
0bd1657 Add maxWindowLog parameter to ZstdDecoder to bound memory allocation (#16850)
76291f5 Fix SCTP and Redis tests (#16893)
e067b6e Fix revapi warnings (#16885)
5a52600 Pass maxAllocation to Brotli and Zstd decoders (#16844)
541add0 Merge commit from fork
270800e Merge commit from fork
3d45a1e Merge commit from fork
75127ca Merge commit from fork
Additional commits viewable in compare view

Updates io.netty:netty-codec-http2 from 4.2.12.Final to 4.2.15.Final

Release notes

Sourced from io.netty:netty-codec-http2's releases.

netty-4.2.15.Final

Security fixes

CVE-2026-48059: memory exhaustion in io.netty:netty-codec-haproxy (high).

CVE-2026-47691: DNS cache poisoning in io.netty:netty-resolver-dns (high).

CVE-2026-XXXXX: DDoS in io.netty:netty-codec-http2.

CVE-2026-XXXXX: memory exhaustion in io.netty:netty-codec-redis (high).

CVE-2026-44250: memory exhaustion in io.netty:netty-codec-redis (high).

CVE-2026-44890: memory exhaustion in io.netty:netty-codec-redis (high).

CVE-2026-XXXXX: information disclosure and denial of service in io.netty:netty-codec-classes-quic.

CVE-2026-44249: IPv6 subnet filter bypass in io.netty:netty-handler (high).

CVE-2026-XXXXX: request smuggling in io.netty:netty-codec-http.

CVE-2026-44892: memory exhaustion in io.netty:netty-codec-http3 (high).

CVE-2026-44893: memory leak in io.netty:netty-codec-haproxy (high).

CVE-2026-44894: traffic amplification in io.netty:netty-codec-classes-quic (high).

CVE-2026-XXXXX: TLS hostname verification accidentally disabled in io.netty:netty-handler (high).

CVE-2026-45673: DNS cache poisoning in io.netty:netty-resolver-dns.

CVE-2026-45416: excessive memory usage from SNIHandler in io.netty:netty-handler (high).

CVE-2026-45536: file descriptor leak in io.netty:netty-transport-native-epoll and io.netty:netty-transport-native-kqueue.

CVE-2026-45674: DNS cache poisoning in io.netty:netty-resolver-dns (high).

CVE-2026-46340: memory exhaustion in io.netty:netty-transport-sctp (high).

CVE-2026-47244: denial of service in io.netty:netty-codec-http2.

CVE-2026-48006: memory exhaustion in io.netty:netty-codec-redis (high).

CVE-2026-48748: memory exhaustion in io.netty:netty-codec-http3 (high).

CVE-2026-48043: memory exhaustion in io.netty:netty-codec-http2.

What's Changed

Fix race in io.netty.channel.uring.IoUringIoHandler.wakeup by @dreamlike-ocean in netty/netty#16836

HTTP/2: Parse request-target path like Vert.x by @yawkat in netty/netty#16810

Auto-port 4.2: ChannelInitializer: correct misleading comment on exceptionCaught route by @netty-project-bot in netty/netty#16853

FlowControlHandler: Suppress duplicate channelReadComplete after draining queue (#15053) by @schiemon in netty/netty#16837

Pass maxAllocation to Brotli and Zstd decoders by @fedinskiy in netty/netty#16844

Fix revapi warnings by @chrisvest in netty/netty#16885

Fix SCTP and Redis tests by @chrisvest in netty/netty#16893

Add maxWindowLog parameter to ZstdDecoder to bound memory allocation by @skyguard1 in netty/netty#16850

Auto-port 4.2: MQTT: Reject malformed no-payload packets with non-zero Remaining Length by @netty-project-bot in netty/netty#16890

New Contributors

@schiemon made their first contribution in netty/netty#16837

@fedinskiy made their first contribution in netty/netty#16844

Full Changelog: netty/netty@netty-4.2.14.Final...netty-4.2.15.Final

netty-4.2.14.Final

What's Changed

HTTP: Fix revapi failure introduced by 84530fa81e12dcd1d42310bb20c1385cb44128d8 by @normanmaurer in netty/netty#16748

HTTP: Re-add constructor to HttpProxyHandler that was removed by mistake by @normanmaurer in netty/netty#16747

Marshalling: Explicit document security requirements by @normanmaurer in netty/netty#16752

Fix io_uring op completion TRACE logging by @chrisvest in netty/netty#16755

Quic: Ensure writes are done before notify close promise of QuicheQui… by @normanmaurer in netty/netty#16758

Avoid re-parsing openssl key material with non-cached provider by @chrisvest in netty/netty#16759

... (truncated)

Commits

a41f7b2 [maven-release-plugin] prepare release netty-4.2.15.Final
2394530 Auto-port 4.2: MQTT: Reject malformed no-payload packets with non-zero Remain...
0bd1657 Add maxWindowLog parameter to ZstdDecoder to bound memory allocation (#16850)
76291f5 Fix SCTP and Redis tests (#16893)
e067b6e Fix revapi warnings (#16885)
5a52600 Pass maxAllocation to Brotli and Zstd decoders (#16844)
541add0 Merge commit from fork
270800e Merge commit from fork
3d45a1e Merge commit from fork
75127ca Merge commit from fork
Additional commits viewable in compare view

Updates com.google.protobuf:protobuf-java from 4.34.1 to 4.35.0

Commits

See full diff in compare view

Updates com.google.protobuf:protobuf-javalite from 4.34.1 to 4.35.0

Updates com.google.protobuf:protobuf-kotlin from 4.34.1 to 4.35.0

Updates com.google.protobuf:protobuf-kotlin-lite from 4.34.1 to 4.35.0

Updates io.netty:netty-handler from 4.2.12.Final to 4.2.15.Final

Release notes

Sourced from io.netty:netty-handler's releases.

netty-4.2.15.Final

Security fixes

CVE-2026-48059: memory exhaustion in io.netty:netty-codec-haproxy (high).

CVE-2026-47691: DNS cache poisoning in io.netty:netty-resolver-dns (high).

CVE-2026-XXXXX: DDoS in io.netty:netty-codec-http2.

CVE-2026-XXXXX: memory exhaustion in io.netty:netty-codec-redis (high).

CVE-2026-44250: memory exhaustion in io.netty:netty-codec-redis (high).

CVE-2026-44890: memory exhaustion in io.netty:netty-codec-redis (high).

CVE-2026-XXXXX: information disclosure and denial of service in io.netty:netty-codec-classes-quic.

CVE-2026-44249: IPv6 subnet filter bypass in io.netty:netty-handler (high).

CVE-2026-XXXXX: request smuggling in io.netty:netty-codec-http.

CVE-2026-44892: memory exhaustion in io.netty:netty-codec-http3 (high).

CVE-2026-44893: memory leak in io.netty:netty-codec-haproxy (high).

CVE-2026-44894: traffic amplification in io.netty:netty-codec-classes-quic (high).

CVE-2026-XXXXX: TLS hostname verification accidentally disabled in io.netty:netty-handler (high).

CVE-2026-45673: DNS cache poisoning in io.netty:netty-resolver-dns.

CVE-2026-45416: excessive memory usage from SNIHandler in io.netty:netty-handler (high).

CVE-2026-45536: file descriptor leak in io.netty:netty-transport-native-epoll and io.netty:netty-transport-native-kqueue.

CVE-2026-45674: DNS cache poisoning in io.netty:netty-resolver-dns (high).

CVE-2026-46340: memory exhaustion in io.netty:netty-transport-sctp (high).

CVE-2026-47244: denial of service in io.netty:netty-codec-http2.

CVE-2026-48006: memory exhaustion in io.netty:netty-codec-redis (high).

CVE-2026-48748: memory exhaustion in io.netty:netty-codec-http3 (high).

CVE-2026-48043: memory exhaustion in io.netty:netty-codec-http2.

What's Changed

Fix race in io.netty.channel.uring.IoUringIoHandler.wakeup by @dreamlike-ocean in netty/netty#16836

HTTP/2: Parse request-target path like Vert.x by @yawkat in netty/netty#16810

Auto-port 4.2: ChannelInitializer: correct misleading comment on exceptionCaught route by @netty-project-bot in netty/netty#16853

FlowControlHandler: Suppress duplicate channelReadComplete after draining queue (#15053) by @schiemon in netty/netty#16837

Pass maxAllocation to Brotli and Zstd decoders by @fedinskiy in netty/netty#16844

Fix revapi warnings by @chrisvest in netty/netty#16885

Fix SCTP and Redis tests by @chrisvest in netty/netty#16893

Add maxWindowLog parameter to ZstdDecoder to bound memory allocation by @skyguard1 in netty/netty#16850

Auto-port 4.2: MQTT: Reject malformed no-payload packets with non-zero Remaining Length by @netty-project-bot in netty/netty#16890

New Contributors

@schiemon made their first contribution in netty/netty#16837

@fedinskiy made their first contribution in netty/netty#16844

Full Changelog: netty/netty@netty-4.2.14.Final...netty-4.2.15.Final

netty-4.2.14.Final

What's Changed

HTTP: Fix revapi failure introduced by 84530fa81e12dcd1d42310bb20c1385cb44128d8 by @normanmaurer in netty/netty#16748

HTTP: Re-add constructor to HttpProxyHandler that was removed by mistake by @normanmaurer in netty/netty#16747

Marshalling: Explicit document security requirements by @normanmaurer in netty/netty#16752

Fix io_uring op completion TRACE logging by @chrisvest in netty/netty#16755

Quic: Ensure writes are done before notify close promise of QuicheQui… by @normanmaurer in netty/netty#16758

Avoid re-parsing openssl key material with non-cached provider by @chrisvest in netty/netty#16759

... (truncated)

Commits

a41f7b2 [maven-release-plugin] prepare release netty-4.2.15.Final
2394530 Auto-port 4.2: MQTT: Reject malformed no-payload packets with non-zero Remain...
0bd1657 Add maxWindowLog parameter to ZstdDecoder to bound memory allocation (#16850)
76291f5 Fix SCTP and Redis tests (#16893)
e067b6e Fix revapi warnings (#16885)
5a52600 Pass maxAllocation to Brotli and Zstd decoders (#16844)
541add0 Merge commit from fork
270800e Merge commit from fork
3d45a1e Merge commit from fork
75127ca Merge commit from fork
Additional commits viewable in compare view

Updates io.netty:netty-codec from 4.2.12.Final to 4.2.15.Final

Release notes

Sourced from io.netty:netty-codec's releases.

netty-4.2.15.Final

Security fixes

CVE-2026-48059: memory exhaustion in io.netty:netty-codec-haproxy (high).

CVE-2026-47691: DNS cache poisoning in io.netty:netty-resolver-dns (high).

CVE-2026-XXXXX: DDoS in io.netty:netty-codec-http2.

CVE-2026-XXXXX: memory exhaustion in io.netty:netty-codec-redis (high).

CVE-2026-44250: memory exhaustion in io.netty:netty-codec-redis (high).

CVE-2026-44890: memory exhaustion in io.netty:netty-codec-redis (high).

CVE-2026-XXXXX: information disclosure and denial of service in io.netty:netty-codec-classes-quic.

CVE-2026-44249: IPv6 subnet filter bypass in io.netty:netty-handler (high).

CVE-2026-XXXXX: request smuggling in io.netty:netty-codec-http.

CVE-2026-44892: memory exhaustion in io.netty:netty-codec-http3 (high).

CVE-2026-44893: memory leak in io.netty:netty-codec-haproxy (high).

CVE-2026-44894: traffic amplification in io.netty:netty-codec-classes-quic (high).

CVE-2026-XXXXX: TLS hostname verification accidentally disabled in io.netty:netty-handler (high).

CVE-2026-45673: DNS cache poisoning in io.netty:netty-resolver-dns.

CVE-2026-45416: excessive memory usage from SNIHandler in io.netty:netty-handler (high).

CVE-2026-45536: file descriptor leak in io.netty:netty-transport-native-epoll and io.netty:netty-transport-native-kqueue.

CVE-2026-45674: DNS cache poisoning in io.netty:netty-resolver-dns (high).

CVE-2026-46340: memory exhaustion in io.netty:netty-transport-sctp (high).

CVE-2026-47244: denial of service in io.netty:netty-codec-http2.

CVE-2026-48006: memory exhaustion in io.netty:netty-codec-redis (high).

CVE-2026-48748: memory exhaustion in io.netty:netty-codec-http3 (high).

CVE-2026-48043: memory exhaustion in io.netty:netty-codec-http2.

What's Changed

Fix race in io.netty.channel.uring.IoUringIoHandler.wakeup by @dreamlike-ocean in netty/netty#16836

HTTP/2: Parse request-target path like Vert.x by @yawkat in netty/netty#16810

Auto-port 4.2: ChannelInitializer: correct misleading comment on exceptionCaught route by @netty-project-bot in netty/netty#16853

FlowControlHandler: Suppress duplicate channelReadComplete after draining queue (#15053) by @schiemon in netty/netty#16837

Pass maxAllocation to Brotli and Zstd decoders by @fedinskiy in netty/netty#16844

Fix revapi warnings by @chrisvest in netty/netty#16885

Fix SCTP and Redis tests by @chrisvest in netty/netty#16893

Add maxWindowLog parameter to ZstdDecoder to bound memory allocation by @skyguard1 in netty/netty#16850

Auto-port 4.2: MQTT: Reject malformed no-payload packets with non-zero Remaining Length by @netty-project-bot in netty/netty#16890

New Contributors

@schiemon made their first contribution in netty/netty#16837

@fedinskiy made their first contribution in netty/netty#16844

Full Changelog: netty/netty@netty-4.2.14.Final...netty-4.2.15.Final

netty-4.2.14.Final

What's Changed

HTTP: Fix revapi failure introduced by 84530fa81e12dcd1d42310bb20c1385cb44128d8 by @normanmaurer in netty/netty#16748

HTTP: Re-add constructor to HttpProxyHandler that was removed by mistake by @normanmaurer in netty/netty#16747

Marshalling: Explicit document security requirements by @normanmaurer in netty/netty#16752

Fix io_uring op completion TRACE logging by @chrisvest in netty/netty#16755

Quic: Ensure writes are done before notify close promise of QuicheQui… by @normanmaurer in netty/netty#16758

Avoid re-parsing openssl key material with non-cached provider by @chrisvest in netty/netty#16759

... (truncated)

Commits

a41f7b2 [maven-release-plugin] prepare release netty-4.2.15.Final
2394530 Auto-port 4.2: MQTT: Reject malformed no-payload packets with non-zero Remain...
0bd1657 Add maxWindowLog parameter to ZstdDecoder to bound memory allocation (#16850)
76291f5 Fix SCTP and Redis tests (#16893)
e067b6e Fix revapi warnings (#16885)
5a52600 Pass maxAllocation to Brotli and Zstd decoders (#16844)
541add0 Merge commit from fork
270800e Merge commit from fork
3d45a1e Merge commit from fork
75127ca Merge commit from fork
Additional commits viewable in compare view

Updates io.netty:netty-common from 4.2.12.Final to 4.2.15.Final

Release notes

Sourced from io.netty:netty-common's releases.

netty-4.2.15.Final

Security fixes

CVE-2026-48059: memory exhaustion in io.netty:netty-codec-haproxy (high).

CVE-2026-47691: DNS cache poisoning in io.netty:netty-resolver-dns (high).

CVE-2026-XXXXX: DDoS in io.netty:netty-codec-http2.

CVE-2026-XXXXX: memory exhaustion in io.netty:netty-codec-redis (high).

CVE-2026-44250: memory exhaustion in io.netty:netty-codec-redis (high).

CVE-2026-44890: memory exhaustion in io.netty:netty-codec-redis (high).

CVE-2026-XXXXX: information disclosure and denial of service in io.netty:netty-codec-classes-quic.

CVE-2026-44249: IPv6 subnet filter bypass in io.netty:netty-handler (high).

CVE-2026-XXXXX: request smuggling in io.netty:netty-codec-http.

CVE-2026-44892: memory exhaustion in io.netty:netty-codec-http3 (high).

CVE-2026-44893: memory leak in io.netty:netty-codec-haproxy (high).

CVE-2026-44894: traffic amplification in io.netty:netty-codec-classes-quic (high).

CVE-2026-XXXXX: TLS hostname verification accidentally disabled in io.netty:netty-handler (high).

CVE-2026-45673: DNS cache poisoning in io.netty:netty-resolver-dns.

CVE-2026-45416: excessive memory usage from SNIHandler in io.netty:netty-handler (high).

CVE-2026-45536: file descriptor leak in io.netty:netty-transport-native-epoll and io.netty:netty-transport-native-kqueue.

CVE-2026-45674: DNS cache poisoning in io.netty:netty-resolver-dns (high).

CVE-2026-46340: memory exhaustion in io.netty:netty-transport-sctp (high).

CVE-2026-47244: denial of service in io.netty:netty-codec-http2.

CVE-2026-48006: memory exhaustion in io.netty:netty-codec-redis (high).

CVE-2026-48748: memory exhaustion in io.netty:netty-codec-http3 (high).

CVE-2026-48043: memory exhaustion in io.netty:netty-codec-http2.

What's Changed

Fix race in io.netty.channel.uring.IoUringIoHandler.wakeup by @dreamlike-ocean in netty/netty#16836

HTTP/2: Parse request-target path like Vert.x by @yawkat in netty/netty#16810

Auto-port 4.2: ChannelInitializer: correct misleading comment on exceptionCaught route by @netty-project-bot in netty/netty#16853

FlowControlHandler: Suppress duplicate channelReadComplete after draining queue (#15053) by @schiemon in netty/netty#16837

Pass maxAllocation to Brotli and Zstd decoders by @fedinskiy in netty/netty#16844

Fix revapi warnings by @chrisvest in netty/netty#16885

Fix SCTP and Redis tests by @chrisvest in netty/netty#16893

Add maxWindowLog parameter to ZstdDecoder to bound memory allocation by @skyguard1 in netty/netty#16850

Auto-port 4.2: MQTT: Reject malformed no-payload packets with non-zero Remaining Length by @netty-project-bot in netty/netty#16890

New Contributors

@schiemon made their first contribution in netty/netty#16837

@fedinskiy made their first contribution in netty/netty#16844

Full Changelog: netty/netty@netty-4.2.14.Final...netty-4.2.15.Final

netty-4.2.14.Final

What's Changed

HTTP: Fix revapi failure introduced by 84530fa81e12dcd1d42310bb20c1385cb44128d8 by @normanmaurer in netty/netty#16748

HTTP: Re-add constructor to HttpProxyHandler that was removed by mistake by @normanmaurer in netty/netty#16747

Marshalling: Explicit document security requirements by @normanmaurer in netty/netty#16752

Fix io_uring op completion TRACE logging by @chrisvest in netty/netty#16755

Quic: Ensure writes are done before notify close promise of QuicheQui… by @normanmaurer in netty/netty#16758

Avoid re-parsing openssl key material with non-cached provider by @chrisvest in netty/netty#16759

... (truncated)

Commits

a41f7b2 [maven-release-plugin] prepare release netty-4.2.15.Final
2394530 Auto-port 4.2: MQTT: Reject malformed no-payload packets with non-zero Remain...
0bd1657 Add maxWindowLog parameter to ZstdDecoder to bound memory allocation (#16850)
76291f5 Fix SCTP and Redis tests (#16893)
e067b6e Fix revapi warnings (#16885)
5a52600 Pass maxAllocation to Brotli and Zstd decoders (#16844)
541add0 Merge commit from fork
270800e Merge commit from fork
3d45a1e Merge commit from fork
75127ca Merge commit from fork
Additional commits viewable in compare view

Updates com.google.firebase:firebase-bom from 34.12.0 to 34.14.0

Updates org.json:json from 20251224 to 20260522

Release notes

Sourced from org.json:json's releases.

20260522

Pull Request Description

#1054 pre-release-20260522 prep for next release

#1053 update security.md with key data

#1046 Validate XML numeric character references before string construction

#1044 Ignore static fields in JSONObject.fromJson()

#1041 Enhance README with license clarification

#1039 Fix XML forceList parsing issue

#1038 Fix input validation in XMLTokener.unescapeEntity()

#1037 Fix ClassCastException in JSONML.toJSONArray and toJSONObject

#1029 add badge to external hosted javadoc

#1028 Refactoring: Fix sonarqube reliability issues

#1027 Save/restore default locale in test

Changelog

Sourced from org.json:json's changelog.

20260522 Publish key data, recent commits for minor fixes

Commits

968a592 Merge pull request #1054 from stleary/pre-release-20260522
3665aad pre-release-20260522 doc and build updates for release
d749ee1 Merge pull request #1053 from stleary/update-security-md-with-key
6495983 update-security-md-with-key new security.md file, also fixed 1000 level jsona...
896ce0f Merge pull request #1046 from yuki-matsuhashi/master
1877069 Validate XML numeric character references before string construction
b959027 Merge pull request #1044 from yuki-matsuhashi/1043-ignore-static
039f331 Add comment for empty test constructor
94e3400 Ignore static fields in JSONObject.fromJson()
6230128 Merge pull request #1041 from stleary/license-clarification
Additional commits viewable in compare view

Updates gradle-wrapper from 9.5.0 to 9.5.1

Release notes

Sourced from gradle-wrapper's releases.

9.5.1

The Gradle team is excited to announce Gradle 9.5.1.

Here are the highlights of this release:

Task provenance in reports and failure messages

Type-safe accessors for precompiled Kotlin Settings plugins

Read the Release Notes

We would like to thank the following community members for their contributions to this release of Gradle: atm1020, mataha, Adam, Attila Kelemen, Benedikt Ritter, Björn Kautler, Caro Silva Rode, CHANHAN, Dmitry Nezavitin, Eng Zer Jun, KugelLibelle, Madalin Valceleanu, Markus Gaisbauer, Oliver Kopp, Philip Wedemann, ploober, Roberto Perez Alcolea, Rohit Anand, Suvrat Acharya, Ujwal Suresh Vanjare, Victor Merkulov

Upgrade instructions

Switch your build to use Gradle 9.5.1 by updating your wrapper:
./gradlew wrapper --gradle-version=9.5.1 && ./gradlew wrapper
See the Gradle 9.x upgrade guide to learn about deprecations, breaking changes and other considerations when upgrading.

For Java, Groovy, Kotlin and Android compatibility, see the full compatibility notes.

Reporting problems

If you find a problem with this release, please file a bug on GitHub Issues adhering to our issue guidelines. If you're not sure you're encountering a bug, please use the forum.

We hope you will build happiness with Gradle, and we look forward to your feedback via Twitter or on GitHub.

Commits

fd78213 Update Documentation Infrastructure: Fix scrolling issue in user manual (#37861)
7758437 fix scroll
2fd605f Only try to run as worker thread in DefaultBuildOperationQueue (#37845)
af69849 Release notes for Gradle 9.5.1 (#37853)
f4d9d03 Release notes for Gradle 9.5.1
01eda3a Address review feedback on worker-lease retry changes
7024e15 Revert enrich file visitor with size info on release...
Description has been truncated

…th 23 updates Bumps the gradle-dependencies group with 16 updates in the / directory: | Package | From | To | | --- | --- | --- | | com.android.tools.build:gradle | `9.2.0` | `9.2.1` | | [io.netty:netty-codec-http](https://github.com/netty/netty) | `4.2.12.Final` | `4.2.15.Final` | | [com.google.protobuf:protobuf-java](https://github.com/protocolbuffers/protobuf) | `4.34.1` | `4.35.0` | | com.google.firebase:firebase-bom | `34.12.0` | `34.14.0` | | [org.json:json](https://github.com/douglascrockford/JSON-java) | `20251224` | `20260522` | | [gradle-wrapper](https://github.com/gradle/gradle) | `9.5.0` | `9.5.1` | | androidx.core:core-ktx | `1.18.0` | `1.19.0` | | androidx.compose:compose-bom | `2026.04.01` | `2026.05.01` | | [net.zetetic:sqlcipher-android](https://github.com/sqlcipher/sqlcipher-android) | `4.15.0` | `4.16.0` | | [io.mockk:mockk](https://github.com/mockk/mockk) | `1.14.9` | `1.14.11` | | [io.mockk:mockk-android](https://github.com/mockk/mockk) | `1.14.9` | `1.14.11` | | [org.jetbrains.kotlinx:kotlinx-coroutines-test](https://github.com/Kotlin/kotlinx.coroutines) | `1.10.2` | `1.11.0` | | com.google.android.gms:play-services-ads | `25.2.0` | `25.3.0` | | com.android.billingclient:billing-ktx | `8.3.0` | `9.0.0` | | [org.jetbrains.kotlin.plugin.compose](https://github.com/JetBrains/kotlin) | `2.3.21` | `2.4.0` | | [com.google.devtools.ksp](https://github.com/google/ksp) | `2.3.7` | `2.3.9` | Updates `com.android.tools.build:gradle` from 9.2.0 to 9.2.1 Updates `io.netty:netty-codec-http` from 4.2.12.Final to 4.2.15.Final - [Release notes](https://github.com/netty/netty/releases) - [Commits](netty/netty@netty-4.2.12.Final...netty-4.2.15.Final) Updates `io.netty:netty-codec-http2` from 4.2.12.Final to 4.2.15.Final - [Release notes](https://github.com/netty/netty/releases) - [Commits](netty/netty@netty-4.2.12.Final...netty-4.2.15.Final) Updates `com.google.protobuf:protobuf-java` from 4.34.1 to 4.35.0 - [Release notes](https://github.com/protocolbuffers/protobuf/releases) - [Commits](https://github.com/protocolbuffers/protobuf/commits) Updates `com.google.protobuf:protobuf-javalite` from 4.34.1 to 4.35.0 Updates `com.google.protobuf:protobuf-kotlin` from 4.34.1 to 4.35.0 Updates `com.google.protobuf:protobuf-kotlin-lite` from 4.34.1 to 4.35.0 Updates `io.netty:netty-handler` from 4.2.12.Final to 4.2.15.Final - [Release notes](https://github.com/netty/netty/releases) - [Commits](netty/netty@netty-4.2.12.Final...netty-4.2.15.Final) Updates `io.netty:netty-codec` from 4.2.12.Final to 4.2.15.Final - [Release notes](https://github.com/netty/netty/releases) - [Commits](netty/netty@netty-4.2.12.Final...netty-4.2.15.Final) Updates `io.netty:netty-common` from 4.2.12.Final to 4.2.15.Final - [Release notes](https://github.com/netty/netty/releases) - [Commits](netty/netty@netty-4.2.12.Final...netty-4.2.15.Final) Updates `com.google.firebase:firebase-bom` from 34.12.0 to 34.14.0 Updates `org.json:json` from 20251224 to 20260522 - [Release notes](https://github.com/douglascrockford/JSON-java/releases) - [Changelog](https://github.com/stleary/JSON-java/blob/master/docs/RELEASES.md) - [Commits](stleary/JSON-java@2025122...2026052) Updates `gradle-wrapper` from 9.5.0 to 9.5.1 - [Release notes](https://github.com/gradle/gradle/releases) - [Commits](gradle/gradle@v9.5.0...v9.5.1) Updates `androidx.core:core-ktx` from 1.18.0 to 1.19.0 Updates `androidx.compose:compose-bom` from 2026.04.01 to 2026.05.01 Updates `net.zetetic:sqlcipher-android` from 4.15.0 to 4.16.0 - [Release notes](https://github.com/sqlcipher/sqlcipher-android/releases) - [Commits](sqlcipher/sqlcipher-android@v4.15.0...v4.16.0) Updates `io.mockk:mockk` from 1.14.9 to 1.14.11 - [Release notes](https://github.com/mockk/mockk/releases) - [Commits](mockk/mockk@1.14.9...v1.14.11) Updates `io.mockk:mockk-android` from 1.14.9 to 1.14.11 - [Release notes](https://github.com/mockk/mockk/releases) - [Commits](mockk/mockk@1.14.9...v1.14.11) Updates `io.mockk:mockk-android` from 1.14.9 to 1.14.11 - [Release notes](https://github.com/mockk/mockk/releases) - [Commits](mockk/mockk@1.14.9...v1.14.11) Updates `org.jetbrains.kotlinx:kotlinx-coroutines-test` from 1.10.2 to 1.11.0 - [Release notes](https://github.com/Kotlin/kotlinx.coroutines/releases) - [Changelog](https://github.com/Kotlin/kotlinx.coroutines/blob/master/CHANGES.md) - [Commits](Kotlin/kotlinx.coroutines@1.10.2...1.11.0) Updates `com.google.android.gms:play-services-ads` from 25.2.0 to 25.3.0 Updates `com.android.billingclient:billing-ktx` from 8.3.0 to 9.0.0 Updates `org.jetbrains.kotlin.plugin.compose` from 2.3.21 to 2.4.0 - [Release notes](https://github.com/JetBrains/kotlin/releases) - [Changelog](https://github.com/JetBrains/kotlin/blob/master/ChangeLog.md) - [Commits](JetBrains/kotlin@v2.3.21...v2.4.0) Updates `com.google.devtools.ksp` from 2.3.7 to 2.3.9 - [Release notes](https://github.com/google/ksp/releases) - [Commits](google/ksp@2.3.7...2.3.9) --- updated-dependencies: - dependency-name: com.android.tools.build:gradle dependency-version: 9.2.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gradle-dependencies - dependency-name: io.netty:netty-codec-http dependency-version: 4.2.15.Final dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gradle-dependencies - dependency-name: io.netty:netty-codec-http2 dependency-version: 4.2.15.Final dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gradle-dependencies - dependency-name: com.google.protobuf:protobuf-java dependency-version: 4.35.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gradle-dependencies - dependency-name: com.google.protobuf:protobuf-javalite dependency-version: 4.35.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gradle-dependencies - dependency-name: com.google.protobuf:protobuf-kotlin dependency-version: 4.35.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gradle-dependencies - dependency-name: com.google.protobuf:protobuf-kotlin-lite dependency-version: 4.35.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gradle-dependencies - dependency-name: io.netty:netty-handler dependency-version: 4.2.15.Final dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gradle-dependencies - dependency-name: io.netty:netty-codec dependency-version: 4.2.15.Final dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gradle-dependencies - dependency-name: io.netty:netty-common dependency-version: 4.2.15.Final dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gradle-dependencies - dependency-name: com.google.firebase:firebase-bom dependency-version: 34.14.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gradle-dependencies - dependency-name: org.json:json dependency-version: '20260522' dependency-type: direct:production update-type: version-update:semver-major dependency-group: gradle-dependencies - dependency-name: gradle-wrapper dependency-version: 9.5.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gradle-dependencies - dependency-name: androidx.core:core-ktx dependency-version: 1.19.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gradle-dependencies - dependency-name: androidx.compose:compose-bom dependency-version: 2026.05.01 dependency-type: direct:production dependency-group: gradle-dependencies - dependency-name: net.zetetic:sqlcipher-android dependency-version: 4.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gradle-dependencies - dependency-name: io.mockk:mockk dependency-version: 1.14.11 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gradle-dependencies - dependency-name: io.mockk:mockk-android dependency-version: 1.14.11 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gradle-dependencies - dependency-name: io.mockk:mockk-android dependency-version: 1.14.11 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gradle-dependencies - dependency-name: org.jetbrains.kotlinx:kotlinx-coroutines-test dependency-version: 1.11.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gradle-dependencies - dependency-name: com.google.android.gms:play-services-ads dependency-version: 25.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gradle-dependencies - dependency-name: com.android.billingclient:billing-ktx dependency-version: 9.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: gradle-dependencies - dependency-name: org.jetbrains.kotlin.plugin.compose dependency-version: 2.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gradle-dependencies - dependency-name: com.google.devtools.ksp dependency-version: 2.3.9 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gradle-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update java code labels Jun 3, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the gradle-dependencies group across 1 directory with 23 updates#61

chore(deps): bump the gradle-dependencies group across 1 directory with 23 updates#61
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/gradle/gradle-dependencies-d6086e373c

dependabot Bot commented on behalf of github Jun 3, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Pull Request	Description
#1054	pre-release-20260522 prep for next release
#1053	update security.md with key data
#1046	Validate XML numeric character references before string construction
#1044	Ignore static fields in JSONObject.fromJson()
#1041	Enhance README with license clarification
#1039	Fix XML forceList parsing issue
#1038	Fix input validation in XMLTokener.unescapeEntity()
#1037	Fix ClassCastException in JSONML.toJSONArray and toJSONObject
#1029	add badge to external hosted javadoc
#1028	Refactoring: Fix sonarqube reliability issues
#1027	Save/restore default locale in test

Conversation

dependabot Bot commented on behalf of github Jun 3, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

netty-4.2.15.Final

Security fixes

What's Changed

New Contributors

netty-4.2.14.Final

What's Changed

netty-4.2.15.Final

Security fixes

What's Changed

New Contributors

netty-4.2.14.Final

What's Changed

netty-4.2.15.Final

Security fixes

What's Changed

New Contributors

netty-4.2.14.Final

What's Changed

netty-4.2.15.Final

Security fixes

What's Changed

New Contributors

netty-4.2.14.Final

What's Changed

netty-4.2.15.Final

Security fixes

What's Changed

New Contributors

netty-4.2.14.Final

What's Changed

20260522

9.5.1

Upgrade instructions

Reporting problems

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot Bot commented on behalf of github Jun 3, 2026 •

edited

Loading