Update all non-major dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
org.jetbrains.kotlinx:kotlinx-serialization-core	1.10.0 → 1.11.0
org.apache.commons:commons-lang3 (source)	3.17.0 → 3.20.0
commons-codec:commons-codec (source)	1.13 → 1.21.0
org.springframework.security:spring-security-core (source)	4.2.17.RELEASE → 4.2.20.RELEASE
com.guardsquare:proguard-gradle (source)	7.6.1 → 7.9.1
org.springframework.security:spring-security-crypto (source)	5.7.2 → 5.8.16
commons-net:commons-net (source)	3.8.0 → 3.13.0
com.squareup.okhttp3:okhttp (source)	4.9.0 → 4.12.0
org.jetbrains.kotlin:kotlin-test-junit5 (source)	2.3.20 → 2.4.20-neptune-246
com.diffplug.spotless	6.11.0 → 6.25.0
org.jetbrains.kotlin:kotlin-test (source)	2.3.20 → 2.4.20-neptune-246
org.jetbrains.kotlin:kotlin-reflect (source)	2.3.20 → 2.4.20-neptune-246
org.jetbrains.kotlinx:kotlinx-coroutines-core	1.5.1 → 1.10.2
org.jetbrains.kotlin:kotlin-compiler (source)	2.3.20 → 2.4.20-neptune-246

---

Release Notes

Kotlin/kotlinx.serialization (org.jetbrains.kotlinx:kotlinx-serialization-core)

v1.11.0

==================

This release is based on Kotlin 2.3.20 and provides new Json exceptions API and some bugfixes and improvements.

Expose Json exceptions structure

To make working with exceptions easier and providing proper error codes in e.g., REST APIs,
classes JsonException, JsonDecodingException, and JsonEncodingException are now public.
They have relevant public properties, such as shortMessage, path, offset, and others.
This API is currently experimental, and we're going to improve it further in the subsequent releases.
See the linked issues for the details: #​1930, #​1877.

Ability to hide user input from exception messages for security/privacy reasons.

Historically, exception messages in kotlinx.serialization often included the input Json itself for debuggability reason.
Such behavior may pose additional challenges for logging, analytics, and other systems, since
a system is not always allowed to store user data due to privacy/security reasons, which imposes additional sanitation logic.
To address this issue, a new property exceptionsWithDebugInfo is added to JsonConfiguration.
Disable it to hide user input from exception messages.
IMPORTANT: This behavior will be enabled by default when this property becomes stable.
See #​2590 for more details.

Bugfixes and improvements

• CBOR: Relax value range check when decoding numbers (#​3167)
• Use a specialized writeDecimalLong method for IO stream integrations in Json (#​3152)

apache/commons-codec (commons-codec:commons-codec)

v1.21.0

The Apache Commons Codec team is pleased to announce the release of Apache Commons Codec 1.21.0.

The Apache Commons Codec component contains encoders and decoders for
formats such as Base16, Base32, Base64, digest, and Hexadecimal. In addition to these
widely used encoders and decoders, the codec package also maintains a
collection of phonetic encoding utilities.

This is a feature and maintenance release. Java 8 or later is required.

v1.17.2

The Apache Commons Codec component contains encoders and decoders for
formats such as Base16, Base32, Base64, digest, and Hexadecimal. In addition to these
widely used encoders and decoders, the codec package also maintains a
collection of phonetic encoding utilities.

This is a feature and maintenance release. Java 8 or later is required.

v1.17.1

The Apache Commons Codec component contains encoders and decoders for
various formats such as Base16, Base32, Base64, digest, and Hexadecimal. In addition to these
widely used encoders and decoders, the codec package also maintains a
collection of phonetic encoding utilities.

Feature and fix release. Requires a minimum of Java 8.

v1.17.0

The Apache Commons Codec component contains encoders and decoders for
various formats such as Base16, Base32, Base64, digest, and Hexadecimal. In addition to these
widely used encoders and decoders, the codec package also maintains a
collection of phonetic encoding utilities.

Feature and fix release. Requires a minimum of Java 8.

v1.16.1

The Apache Commons Codec component contains encoders and decoders for
various formats such as Base16, Base32, Base64, digest, and Hexadecimal. In addition to these
widely used encoders and decoders, the codec package also maintains a
collection of phonetic encoding utilities.

Feature and fix release. Requires a minimum of Java 8.

spring-projects/spring-security (org.springframework.security:spring-security-core)

v4.2.20.RELEASE

Compare Source

🔨 Dependency Upgrades

• Update to Spring LDAP 2.3.3 #​9274
• Update to GAE 1.9.83 #​9273
• Update to Spring Framework 4.3.30 #​9272

v4.2.19.RELEASE

Compare Source

🔨 Dependency Upgrades

• Update to Spring 4.3.28.RELEASE #​9103

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​rwinch

v4.2.18.RELEASE

Compare Source

⭐ New Features

• Document improvement for configure(WebSecurity web) and configure(HttpSecurity http) #​8859
• Use Github Actions PR pipeline and remove Travis for 4.2.x #​8720
• Use Github Actions PR pipeline in 4.2.x #​8715

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​elliedori

Guardsquare/proguard (com.guardsquare:proguard-gradle)

v7.9.1: 7.9.1

Bugfixes

• Fix regression in Kotlin metadata shrinking (#​527).

v7.8.2

Bugfixes

• Fix regression in marking of interface constants (#​508).

v7.8.1

Bugfixes

• Prevent java.lang.IncompatibleClassChangeError when shrinking is enabled and sealed interfaces are used (#​501).
• Prevent java.lang.ClassCastException when inlining (#​505).

Kotlin/kotlinx.coroutines (org.jetbrains.kotlinx:kotlinx-coroutines-core)

v1.10.2

Compare Source

• Fixed the kotlinx-coroutines-debug JAR file including the module-info.class file twice, resulting in failures in various tooling (#​4314). Thanks, @​RyuNen344!
• Fixed Flow.stateIn hanging when the scope is cancelled in advance or the flow is empty (#​4322). Thanks, @​francescotescari!
• Improved handling of dispatcher failures in .limitedParallelism (#​4330) and during flow collection (#​4272).
• Fixed runBlocking failing to run its coroutine to completion in some cases if its JVM thread got interrupted (#​4399).
• Small tweaks, fixes, and documentation improvements.

v1.10.1

Compare Source

• Fixed binary incompatibility introduced for non-JVM targets in #​4261 (#​4309).

v1.10.0

Compare Source

• Kotlin was updated to 2.1.0 (#​4284).
• Introduced Flow.any, Flow.all, and Flow.none (#​4212). Thanks, @​CLOVIS-AI!
• Reorganized kotlinx-coroutines-debug and kotlinx-coroutines-core code to avoid a split package between the two artifacts (#​4247). Note that directly referencing kotlinx.coroutines.debug.AgentPremain must now be replaced with kotlinx.coroutines.debug.internal.AgentPremain. Thanks, @​sellmair!
• No longer shade byte-buddy in kotlinx-coroutines-debug, reducing the artifact size and simplifying the build configuration of client code. Thanks, @​sellmair!
• Fixed NullPointerException when using Java-deserialized kotlinx-coroutines-core exceptions (#​4291). Thanks, @​AlexRiedler!
• Properly report exceptions thrown by CoroutineDispatcher.dispatch instead of raising internal errors (#​4091). Thanks, @​zuevmaxim!
• Fixed a bug that delayed scheduling of a Dispatchers.Default or Dispatchers.IO task after a yield() in rare scenarios (#​4248).
• Fixed a bug that prevented the main() coroutine on Wasm/WASI from executing after a delay() call in some scenarios (#​4239).
• Fixed scheduling of runBlocking tasks on Kotlin/Native that arrive after the runBlocking block was exited (#​4245).
• Fixed some terminal Flow operators sometimes resuming without taking cancellation into account (#​4254). Thanks, @​jxdabc!
• Fixed a bug on the JVM that caused coroutine-bound ThreadLocal values not to get cleaned when using non-CoroutineDispatcher continuation interceptors (#​4296).
• Small tweaks, fixes, and documentation improvements.

v1.9.0

Compare Source

Features

• Wasm/WASI target support (#​4064). Thanks, @​igoriakovlev!
• limitedParallelism now optionally accepts the name of the dispatcher view for easier debugging (#​4023).
• No longer initialize Dispatchers.IO on the JVM when other standard dispatchers are accessed (#​4166). Thanks, @​metalhead8816!
• Introduced the Flow<T>.chunked(size: Int): Flow<List<T>> operator that groups emitted values into groups of the given size (#​1290).
• Closeable dispatchers are instances of AutoCloseable now (#​4123).

Fixes

• Calling hasNext on a Channel's iterator is idempotent (#​4065). Thanks, @​gitpaxultek!
• CoroutineScope() created without an explicit dispatcher uses Dispatchers.Default on Native (#​4074). Thanks, @​whyoleg!
• Fixed a bug that prevented non-Android Dispatchers.Main from initializing when the Firebase dependency is used (#​3914).
• Ensured a more intuitive ordering of tasks in runBlocking (#​4134).
• Forbid casting a Mutex to Semaphore (#​4176).
• Worked around a stack overflow that may occur when calling asDeferred on a Future many times (#​4156).

Deprecations and promotions

• Advanced the deprecation levels for BroadcastChannel-based API (#​4197).
• Advanced the deprecation levels for the old kotlinx-coroutines-test API (#​4198).
• Deprecated Job.cancelFutureOnCompletion (#​4173).
• Promoted CoroutineDispatcher.limitedParallelism to stable (#​3864).
• Promoted CoroutineStart.ATOMIC from ExperimentalCoroutinesApi to DelicateCoroutinesApi (#​4169).
• Promoted CancellableContinuation.resume with an onCancellation lambda to stable, providing extra arguments to the lambda (#​4088).
• Marked the classes and interfaces that are not supposed to be inherited from with the new InternalForInheritanceCoroutinesApi opt-in (#​3770).
• Marked the classes and interfaces inheriting from which is not stable with the new ExperimentalForInheritanceCoroutinesApi opt-in (#​3770).

Other

• Kotlin was updated to 2.0 (#​4137).
• Reworked the documentation for CoroutineStart and Channel-based API (#​4147, #​4148, #​4167). Thanks, @​globsterg!
• Simplified the internal implementation of Job (#​4053).
• Small tweaks, fixes, and documentation improvements.

v1.8.1

Compare Source

• Remove the @ExperimentalTime annotation from usages of TimeSource (#​4046). Thanks, @​hfhbd!
• Introduce a workaround for an Android bug that caused an occasional NullPointerException when setting the StateFlow value on old Android devices (#​3820).
• No longer use kotlin.random.Random as part of Dispatchers.Default and Dispatchers.IO initialization (#​4051).
• Flow.timeout throws the exception with which the channel was closed (#​4071).
• Small tweaks and documentation fixes.

Changelog relative to version 1.8.1-Beta

• Flow.timeout throws the exception with which the channel was closed (#​4071).
• Small documentation fixes.

v1.8.0

Compare Source

• Implement the library for the Web Assembly (Wasm) for JavaScript (#​3713). Thanks @​igoriakovlev!
• Major Kotlin version update: was 1.8.20, became 1.9.21.
• On Android, ensure that Dispatchers.Main != Dispatchers.Main.immediate (#​3545, #​3963).
• Fixed a bug that caused Flow operators that limit cancel the upstream flow to forget that they were already finished if there is another such operator upstream (#​4035, #​4038)
• kotlinx-coroutines-debug is published with the correct Java 9 module info (#​3944).
• kotlinx-coroutines-debug no longer requires manually setting DebugProbes.enableCoroutineCreationStackTraces to false, it's the default (#​3783).
• kotlinx-coroutines-test: set the default timeout of runTest to 60 seconds, added the ability to configure it on the JVM with the kotlinx.coroutines.test.default_timeout=10s (#​3800).
• kotlinx-coroutines-test: fixed a bug that could lead to not all uncaught exceptions being reported after some tests failed (#​3800).
• delay(Duration) rounds nanoseconds up to whole milliseconds and not down (#​3920). Thanks @​kevincianfarini!
• Dispatchers.Default and the default thread for background work are guaranteed to use the same context classloader as the object containing it them (#​3832).
• It is guaranteed that by the time SharedFlow.collect suspends for the first time, it's registered as a subscriber for that SharedFlow (#​3885). Before, it was also true, but not documented.
• Atomicfu version is updated to 0.23.1, and Kotlin/Native atomic transformations are enabled, reducing the footprint of coroutine-heavy code (#​3954).
• Added a workaround for miscompilation of withLock on JS (#​3881). Thanks @​CLOVIS-AI!
• Small tweaks and documentation fixes.

Changelog relative to version 1.8.0-RC2

• kotlinx-coroutines-debug no longer requires manually setting DebugProbes.enableCoroutineCreationStackTraces to false, it's the default (#​3783).
• Fixed a bug that caused Flow operators that limit cancel the upstream flow to forget that they were already finished if there is another such operator upstream (#​4035, #​4038)
• Small documentation fixes.

v1.7.3

Compare Source

• Disabled the publication of the multiplatform library metadata for the old (1.6 and earlier) KMP Gradle plugin (#​3809).
• Fixed a bug introduced in 1.7.2 that disabled the coroutine debugger in IDEA (#​3822).

v1.7.2

Compare Source

Bug fixes and improvements

• Coroutines debugger no longer keeps track of coroutines with empty coroutine context (#​3782).
• CopyableThreadContextElement now properly copies an element when crossing the coroutine boundary in flowOn (#​3787). Thanks @​wanyingd1996!
• Coroutine timeouts no longer prevent K/N newSingleThreadContext from closing (#​3768).
• A non-linearizability in Mutex during tryLock/unlock sequence with owners is fixed (#​3745).
• Atomicfu version is updated to 0.21.0.

v1.7.1

Compare Source

Bug fixes and improvements

• Special characters in coroutine names in JSON dumps are supported (#​3747)
• The binary compatibility of the experimental overload of runTest is restored (#​3673)
• Channels that don't use onUndeliveredElement now allocate less memory (#​3646)

v1.7.0

Compare Source

Core API significant improvements

• New Channel implementation with significant performance improvements across the API (#​3621).
• New select operator implementation: faster, more lightweight, and more robust (#​3020).
• Mutex and Semaphore now share the same underlying data structure (#​3020).
• Dispatchers.IO is added to K/N (#​3205)
  • newFixedThreadPool and Dispatchers.Default implementations on K/N were wholly rewritten to support graceful growth under load (#​3595).
• kotlinx-coroutines-test rework:
  • Add the timeout parameter to runTest for the whole-test timeout, 10 seconds by default (#​3270). This replaces the configuration of quiescence timeouts, which is now deprecated (#​3603).
  • The withTimeout exception messages indicate if the timeout used the virtual time (#​3588).
  • TestCoroutineScheduler, runTest, and TestScope API are promoted to stable (#​3622).
  • runTest now also fails if there were uncaught exceptions in coroutines not inherited from the test coroutine (#​1205).

Breaking changes

• Old K/N memory model is no longer supported (#​3375).
• New generic upper bounds were added to reactive integration API where the language since 1.8.0 dictates (#​3393).
• kotlinx-coroutines-core and kotlinx-coroutines-jdk8 artifacts were merged into a single artifact (#​3268).
• Artificial stackframes in stacktrace recovery no longer contain the \b symbol and are now navigable in IDE and supplied with proper documentation (#​2291).
• CoroutineContext.isActive returns true for contexts without any job in them (#​3300).

Bug fixes and improvements

• Kotlin version is updated to 1.8.20
• Atomicfu version is updated to 0.20.2.
• JavaFx version is updated to 17.0.2 in kotlinx-coroutines-javafx (#​3671)..
• JPMS is supported (#​2237). Thanks @​lion7!
• BroadcastChannel and all the corresponding API are deprecated (#​2680).
• Added all supported K/N targets (#​3601, #​812, #​855).
• K/N Dispatchers.Default is backed by the number of threads equal to the number of available cores (#​3366).
• Fixed an issue where some coroutines' internal exceptions were not properly serializable (#​3328).
• Introduced Job.parent API (#​3201).
• Fixed a bug when TestScheduler leaked cancelled jobs (#​3398).
• TestScope.timeSource now provides comparable time marks (#​3617). Thanks @​hfhbd!
• Fixed an issue when cancelled withTimeout handles were preserved in JS runtime (#​3440).
• Ensure awaitFrame only awaits a single frame when used from the main looper (#​3432). Thanks @​pablobaxter!
• Obsolete Class-Path attribute was removed from kotlinx-coroutines-debug.jar manifest (#​3361).
• Fixed a bug when updateThreadContext operated on the parent context (#​3411).
• Added new Flow.filterIsInstance extension (#​3240).
• Dispatchers.Default thread name prefixes are now configurable with system property (#​3231).
• Added Flow.timeout operator as @FlowPreview (#​2624). Thanks @​pablobaxter!
• Improved the performance of the future builder in case of exceptions (#​3475). Thanks @​He-Pin!
• Mono.awaitSingleOrNull now waits for the onComplete signal (#​3487).
• Channel.isClosedForSend and Channel.isClosedForReceive are promoted from experimental to delicate (#​3448).
• Fixed a data race in native EventLoop (#​3547).
• Dispatchers.IO.limitedParallelism(valueLargerThanIOSize) no longer creates an additional wrapper (#​3442). Thanks @​dovchinnikov!
• Various @FlowPreview and @ExperimentalCoroutinesApi are promoted to experimental and stable respectively (#​3542, #​3097, #​3548).
• Performance improvements in Dispatchers.Default and Dispatchers.IO (#​3416, #​3418).
• Fixed a bug when internal suspendCancellableCoroutineReusable might have hanged (#​3613).
• Introduced internal API to process events in the current system dispatcher (#​3439).
• Global CoroutineExceptionHandler is no longer invoked in case of unprocessed future failure (#​3452).
• Performance improvements and reduced thread-local pressure for the withContext operator (#​3592).
• Improved performance of DebugProbes (#​3527).
• Fixed a bug when the coroutine debugger might have detected the state of a coroutine incorrectly (#​3193).
• CoroutineDispatcher.asExecutor() runs tasks without dispatching if the dispatcher is unconfined (#​3683). Thanks @​odedniv!
• SharedFlow.toMutableList and SharedFlow.toSet lints are introduced (#​3706).
• Channel.invokeOnClose is promoted to stable API (#​3358).
• Improved lock contention in Dispatchers.Default and Dispatchers.IO during the startup phase (#​3652).
• Fixed a bug that led to threads oversubscription in Dispatchers.Default (#​3642).
• Fixed a bug that allowed limitedParallelism to perform dispatches even after the underlying dispatcher was closed (#​3672).
• Fixed a bug that prevented stacktrace recovery when the exception's constructor from cause was selected (#​3714).
• Improved sanitizing of stracktrace-recovered traces (#​3714).
• Introduced an internal flag to disable uncaught exceptions reporting in tests as a temporary migration mechanism (#​3736).
• Various documentation improvements and fixes.

Changelog for previous versions may be found in CHANGES_UP_TO_1.7.md

v1.6.4

Compare Source

• Added TestScope.backgroundScope for launching coroutines that perform work in the background and need to be cancelled at the end of the test (#​3287).
• Fixed the POM of kotlinx-coroutines-debug having an incorrect reference to kotlinx-coroutines-bom, which cause the builds of Maven projects using the debug module to break (#​3334).
• Fixed the Publisher.await functions in kotlinx-coroutines-reactive not ensuring that the Subscriber methods are invoked serially (#​3360). Thank you, @​EgorKulbachka!
• Fixed a memory leak in withTimeout on K/N with the new memory model (#​3351).
• Added the guarantee that all Throwable implementations in the core library are serializable (#​3328).
• Moved the documentation to https://kotlinlang.org/api/kotlinx.coroutines/ (#​3342).
• Various documentation improvements.

v1.6.3

Compare Source

• Updated atomicfu version to 0.17.3 (#​3321), fixing the projects using this library with JS IR failing to build (#​3305).

v1.6.2

Compare Source

• Fixed a bug with ThreadLocalElement not being correctly updated when the most outer suspend function was called directly without kotlinx.coroutines (#​2930).
• Fixed multiple data races: one that might have been affecting runBlocking event loop, and a benign data race in Mutex (#​3250, #​3251).
• Obsolete TestCoroutineContext is removed, which fixes the kotlinx-coroutines-test JPMS package being split between kotlinx-coroutines-core and kotlinx-coroutines-test (#​3218).
• Updated the ProGuard rules to further shrink the size of the resulting DEX file with coroutines (#​3111, #​3263). Thanks, @​agrieve!
• Atomicfu is updated to 0.17.2, which includes a more efficient and robust JS IR transformer (#​3255).
• Kotlin is updated to 1.6.21, Gradle version is updated to 7.4.2 (#​3281). Thanks, @​wojtek-kalicinski!
• Various documentation improvements.

v1.6.1

Compare Source

• Rollback of time-related functions dispatching on Dispatchers.Main.
  This behavior was introduced in 1.6.0 and then found inconvenient and erroneous (#​3106, #​3113).
• Reworked the newly-introduced CopyableThreadContextElement to solve issues uncovered after the initial release (#​3227).
• Fixed a bug with ThreadLocalElement not being properly updated in racy scenarios (#​2930).
• Reverted eager loading of default CoroutineExceptionHandler that triggered ANR on some devices (#​3180).
• New API to convert a CoroutineDispatcher to a Rx scheduler (#​968, #​548). Thanks @​recheej!
• Fixed a memory leak with the very last element emitted from flow builder being retained in memory (#​3197).
• Fixed a bug with limitedParallelism on K/N with new memory model throwing ClassCastException (#​3223).
• CoroutineContext is added to the exception printed to the default CoroutineExceptionHandler to improve debuggability (#​3153).
• Static memory consumption of Dispatchers.Default was significantly reduced (#​3137).
• Updated slf4j version in kotlinx-coroutines-slf4j from 1.7.25 to 1.7.32.

v1.6.0

Compare Source

Note that this is a full changelog relative to the 1.5.2 version. Changelog relative to 1.6.0-RC3 can be found at the end.

kotlinx-coroutines-test rework

• kotlinx-coroutines-test became a multiplatform library usable from K/JVM, K/JS, and K/N.
• Its API was completely reworked to address long-standing issues with consistency, structured concurrency and correctness (#​1203, #​1609, #​2379, #​1749, #​1204, #​1390, #​1222, #​1395, #​1881, #​1910, #​1772, #​1626, #​1742, #​2082, #​2102, #​2405, #​2462
  ).
• The old API is deprecated for removal, but the new API is based on the similar concepts (README), and the migration path is designed to be graceful: migration guide.

Dispatchers

• Introduced CoroutineDispatcher.limitedParallelism that allows obtaining a view of the original dispatcher with limited parallelism (#​2919).
• Dispatchers.IO.limitedParallelism usages ignore the bound on the parallelism level of Dispatchers.IO itself to avoid starvation (#​2943).
• Introduced new Dispatchers.shutdown method for containerized environments (#​2558).
• newSingleThreadContext and newFixedThreadPoolContext are promoted to delicate API (#​2919).

Breaking changes

• When racing with cancellation, the future builder no longer reports unhandled exceptions into the global CoroutineExceptionHandler. Thanks @​vadimsemenov! (#​2774, #​2791).
• Mutex.onLock is deprecated for removal (#​2794).
• Dispatchers.Main is now used as the default source of time for delay and withTimeout when present (#​2972).
  • To opt-out from this behaviour, kotlinx.coroutines.main.delay system property can be set to false.
• Java target of coroutines build is now 8 instead of 6 (#​1589).
• Source-breaking change: extension collect no longer resolves when used with a non-in-place argument of a functional type. This is a candidate for a fix, uncovered after 1.6.0, see #​3107 for the additional details.

Bug fixes and improvements

• Kotlin is updated to 1.6.0.
• Kotlin/Native new memory model is now supported in regular builds of coroutines conditionally depending on whether kotlin.native.binary.memoryModel is enabled (#​2914).
• Introduced CopyableThreadContextElement for mutable context elements shared among multiple coroutines. Thanks @​yorickhenning! (#​2893).
• transformWhile, awaitClose, ProducerScope, merge, runningFold, runingReduce, and scan are promoted to stable API (#​2971).
• SharedFlow.subscriptionCount no longer conflates incoming updates and gives all subscribers a chance to observe a short-lived subscription (#​2488, #​2863, #​2871).
• Flow exception transparency mechanism is improved to be more exception-friendly (#​3017, #​2860).
• Cancellation from flat* operators that leverage multiple coroutines is no longer propagated upstream (#​2964).
• SharedFlow.collect now returns Nothing (#​2789, #​2502).
• DisposableHandle is now fun interface, and corresponding inline extension is removed (#​2790).
• FlowCollector is now fun interface, and corresponding inline extension is removed (#​3047).
• Deprecation level of all previously deprecated signatures is raised (#​3024).
• The version file is shipped with each JAR as a resource (#​2941).
• Unhandled exceptions on K/N are passed to the standard library function processUnhandledException (#​2981).
• A direct executor is used for Task callbacks in kotlinx-coroutines-play-services (#​2990).
• Metadata of coroutines artifacts leverages Gradle platform to have all versions of dependencies aligned (#​2865).
• Default CoroutineExceptionHandler is loaded eagerly and does not invoke ServiceLoader on its exception-handling path (#​2552).
• Fixed the R8 rules for ServiceLoader optimization (#​2880).
• Fixed BlockHound integration false-positives (#​2894, #​2866, #​2937).
• Fixed the exception handler being invoked several times on Android, thanks to @​1zaman (#​3056).
• SendChannel.trySendBlocking is now available on Kotlin/Native (#​3064).
• The exception recovery mechanism now uses ClassValue when available (#​2997).
• JNA is updated to 5.9.0 to support Apple M1 (#​3001).
• Obsolete method on internal Delay interface is deprecated (#​2979).
• Support of deprecated CommonPool is removed.
• @ExperimentalTime is no longer needed for methods that use Duration (#​3041).
• JDK 1.6 is no longer required for building the project (#​3043).
• New version of Dokka is used, fixing the memory leak when building the coroutines and providing brand new reference visuals (https://kotlin.github.io/kotlinx.coroutines/) (#​3051, #​3054).

v1.5.2

Compare Source

• Kotlin is updated to 1.5.30.
• New native targets for Apple Silicon are introduced.
• Fixed a bug when onUndeliveredElement was incorrectly called on properly received elements on JS (#​2826).
• Fixed Dispatchers.Default on React Native, it now fully relies on setTimeout instead of stub process.nextTick. Thanks to @​Legion2 (#​2843).
• Optimizations of Mutex implementation (#​2581).
• Mutex implementation is made completely lock-free as stated ([#​2590](https://redirect.github.com/K

---

Configuration

📅 Schedule: (in timezone CET)

• Branch creation
  • "before 4am on Monday"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Never, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update artifacts related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: gradle.properties

Command failed: ./gradlew -Dorg.gradle.jvmargs=-Xms512m -Xmx512m --console=plain --dependency-verification lenient -q --write-verification-metadata sha256 dependencies

FAILURE: Build completed with 2 failures.

1: Task failed with an exception.
-----------
* Where:
Build file '/tmp/renovate/repos/github/SonarSource/sonar-kotlin/build.gradle.kts' line: 6

* What went wrong:
Plugin [id: 'org.jetbrains.kotlin.jvm', version: '2.4.20-neptune-246', apply: false] was not found in any of the following sources:

- Gradle Core Plugins (plugin is not in 'org.gradle' namespace)
- Included Builds (No included builds contain this plugin)
- Plugin Repositories (could not resolve plugin artifact 'org.jetbrains.kotlin.jvm:org.jetbrains.kotlin.jvm.gradle.plugin:2.4.20-neptune-246')
  Searched in the following repositories:
    Gradle Central Plugin Repository

* Try:
> Run with --stacktrace option to get the stack trace.
> Run with --info or --debug option to get more log output.
> Get more help at https://help.gradle.org.
==============================================================================

2: Task failed with an exception.
-----------
* Where:
Build file '/tmp/renovate/repos/github/SonarSource/sonar-kotlin/build.gradle.kts' line: 6

* What went wrong:
Plugin [id: 'org.jetbrains.kotlin.jvm', version: '2.4.20-neptune-246', apply: false] was not found in any of the following sources:

- Gradle Core Plugins (plugin is not in 'org.gradle' namespace)
- Included Builds (No included builds contain this plugin)
- Plugin Repositories (could not resolve plugin artifact 'org.jetbrains.kotlin.jvm:org.jetbrains.kotlin.jvm.gradle.plugin:2.4.20-neptune-246')
  Searched in the following repositories:
    Gradle Central Plugin Repository

* Try:
> Run with --stacktrace option to get the stack trace.
> Run with --info or --debug option to get more log output.
> Get more help at https://help.gradle.org.
==============================================================================

BUILD FAILED in 3m 25s

File name: build.gradle.kts

Command failed: ./gradlew -Dorg.gradle.jvmargs=-Xms512m -Xmx512m --console=plain --dependency-verification lenient -q --write-verification-metadata sha256 dependencies

FAILURE: Build completed with 2 failures.

1: Task failed with an exception.
-----------
* Where:
Build file '/tmp/renovate/repos/github/SonarSource/sonar-kotlin/build.gradle.kts' line: 6

* What went wrong:
Plugin [id: 'org.jetbrains.kotlin.jvm', version: '2.4.20-neptune-246', apply: false] was not found in any of the following sources:

- Gradle Core Plugins (plugin is not in 'org.gradle' namespace)
- Included Builds (No included builds contain this plugin)
- Plugin Repositories (could not resolve plugin artifact 'org.jetbrains.kotlin.jvm:org.jetbrains.kotlin.jvm.gradle.plugin:2.4.20-neptune-246')
  Searched in the following repositories:
    Gradle Central Plugin Repository

* Try:
> Run with --stacktrace option to get the stack trace.
> Run with --info or --debug option to get more log output.
> Get more help at https://help.gradle.org.
==============================================================================

2: Task failed with an exception.
-----------
* Where:
Build file '/tmp/renovate/repos/github/SonarSource/sonar-kotlin/build.gradle.kts' line: 6

* What went wrong:
Plugin [id: 'org.jetbrains.kotlin.jvm', version: '2.4.20-neptune-246', apply: false] was not found in any of the following sources:

- Gradle Core Plugins (plugin is not in 'org.gradle' namespace)
- Included Builds (No included builds contain this plugin)
- Plugin Repositories (could not resolve plugin artifact 'org.jetbrains.kotlin.jvm:org.jetbrains.kotlin.jvm.gradle.plugin:2.4.20-neptune-246')
  Searched in the following repositories:
    Gradle Central Plugin Repository

* Try:
> Run with --stacktrace option to get the stack trace.
> Run with --info or --debug option to get more log output.
> Get more help at https://help.gradle.org.
==============================================================================

BUILD FAILED in 38s

File name: kotlin-checks-test-sources/build.gradle.kts

Command failed: ./gradlew -Dorg.gradle.jvmargs=-Xms512m -Xmx512m --console=plain --dependency-verification lenient -q --write-verification-metadata sha256 dependencies

FAILURE: Build completed with 2 failures.

1: Task failed with an exception.
-----------
* Where:
Build file '/tmp/renovate/repos/github/SonarSource/sonar-kotlin/build.gradle.kts' line: 6

* What went wrong:
Plugin [id: 'org.jetbrains.kotlin.jvm', version: '2.4.20-neptune-246', apply: false] was not found in any of the following sources:

- Gradle Core Plugins (plugin is not in 'org.gradle' namespace)
- Included Builds (No included builds contain this plugin)
- Plugin Repositories (could not resolve plugin artifact 'org.jetbrains.kotlin.jvm:org.jetbrains.kotlin.jvm.gradle.plugin:2.4.20-neptune-246')
  Searched in the following repositories:
    Gradle Central Plugin Repository

* Try:
> Run with --stacktrace option to get the stack trace.
> Run with --info or --debug option to get more log output.
> Get more help at https://help.gradle.org.
==============================================================================

2: Task failed with an exception.
-----------
* Where:
Build file '/tmp/renovate/repos/github/SonarSource/sonar-kotlin/build.gradle.kts' line: 6

* What went wrong:
Plugin [id: 'org.jetbrains.kotlin.jvm', version: '2.4.20-neptune-246', apply: false] was not found in any of the following sources:

- Gradle Core Plugins (plugin is not in 'org.gradle' namespace)
- Included Builds (No included builds contain this plugin)
- Plugin Repositories (could not resolve plugin artifact 'org.jetbrains.kotlin.jvm:org.jetbrains.kotlin.jvm.gradle.plugin:2.4.20-neptune-246')
  Searched in the following repositories:
    Gradle Central Plugin Repository

* Try:
> Run with --stacktrace option to get the stack trace.
> Run with --info or --debug option to get more log output.
> Get more help at https://help.gradle.org.
==============================================================================

BUILD FAILED in 35s

File name: sonar-kotlin-api/build.gradle.kts

Command failed: ./gradlew -Dorg.gradle.jvmargs=-Xms512m -Xmx512m --console=plain --dependency-verification lenient -q --write-verification-metadata sha256 dependencies

FAILURE: Build completed with 2 failures.

1: Task failed with an exception.
-----------
* Where:
Build file '/tmp/renovate/repos/github/SonarSource/sonar-kotlin/build.gradle.kts' line: 6

* What went wrong:
Plugin [id: 'org.jetbrains.kotlin.jvm', version: '2.4.20-neptune-246', apply: false] was not found in any of the following sources:

- Gradle Core Plugins (plugin is not in 'org.gradle' namespace)
- Included Builds (No included builds contain this plugin)
- Plugin Repositories (could not resolve plugin artifact 'org.jetbrains.kotlin.jvm:org.jetbrains.kotlin.jvm.gradle.plugin:2.4.20-neptune-246')
  Searched in the following repositories:
    Gradle Central Plugin Repository

* Try:
> Run with --stacktrace option to get the stack trace.
> Run with --info or --debug option to get more log output.
> Get more help at https://help.gradle.org.
==============================================================================

2: Task failed with an exception.
-----------
* Where:
Build file '/tmp/renovate/repos/github/SonarSource/sonar-kotlin/build.gradle.kts' line: 6

* What went wrong:
Plugin [id: 'org.jetbrains.kotlin.jvm', version: '2.4.20-neptune-246', apply: false] was not found in any of the following sources:

- Gradle Core Plugins (plugin is not in 'org.gradle' namespace)
- Included Builds (No included builds contain this plugin)
- Plugin Repositories (could not resolve plugin artifact 'org.jetbrains.kotlin.jvm:org.jetbrains.kotlin.jvm.gradle.plugin:2.4.20-neptune-246')
  Searched in the following repositories:
    Gradle Central Plugin Repository

* Try:
> Run with --stacktrace option to get the stack trace.
> Run with --info or --debug option to get more log output.
> Get more help at https://help.gradle.org.
==============================================================================

BUILD FAILED in 31s

File name: sonar-kotlin-plugin/build.gradle.kts

Command failed: ./gradlew -Dorg.gradle.jvmargs=-Xms512m -Xmx512m --console=plain --dependency-verification lenient -q --write-verification-metadata sha256 dependencies

FAILURE: Build completed with 2 failures.

1: Task failed with an exception.
-----------
* Where:
Build file '/tmp/renovate/repos/github/SonarSource/sonar-kotlin/build.gradle.kts' line: 6

* What went wrong:
Plugin [id: 'org.jetbrains.kotlin.jvm', version: '2.4.20-neptune-246', apply: false] was not found in any of the following sources:

- Gradle Core Plugins (plugin is not in 'org.gradle' namespace)
- Included Builds (No included builds contain this plugin)
- Plugin Repositories (could not resolve plugin artifact 'org.jetbrains.kotlin.jvm:org.jetbrains.kotlin.jvm.gradle.plugin:2.4.20-neptune-246')
  Searched in the following repositories:
    Gradle Central Plugin Repository

* Try:
> Run with --stacktrace option to get the stack trace.
> Run with --info or --debug option to get more log output.
> Get more help at https://help.gradle.org.
==============================================================================

2: Task failed with an exception.
-----------
* Where:
Build file '/tmp/renovate/repos/github/SonarSource/sonar-kotlin/build.gradle.kts' line: 6

* What went wrong:
Plugin [id: 'org.jetbrains.kotlin.jvm', version: '2.4.20-neptune-246', apply: false] was not found in any of the following sources:

- Gradle Core Plugins (plugin is not in 'org.gradle' namespace)
- Included Builds (No included builds contain this plugin)
- Plugin Repositories (could not resolve plugin artifact 'org.jetbrains.kotlin.jvm:org.jetbrains.kotlin.jvm.gradle.plugin:2.4.20-neptune-246')
  Searched in the following repositories:
    Gradle Central Plugin Repository

* Try:
> Run with --stacktrace option to get the stack trace.
> Run with --info or --debug option to get more log output.
> Get more help at https://help.gradle.org.
==============================================================================

BUILD FAILED in 31s

[sonar-review-alpha]

Summary

⚠️ The PR description exceeded the analysis limit and was truncated. The review may not reflect all context.

This PR updates 12 dependencies to newer versions, primarily minor and patch releases managed by Renovate. The most significant change is Kotlin itself, updating to 2.4.20-neptune-246 (a pre-release version marked as "neptune"), which also cascades to updates in kotlin-reflect, kotlin-test, and related libraries. Other notable updates include spotless (code formatter) from 6.11.0 → 6.25.0, commons libraries (codec, lang, net), okhttp, Spring Security patches, and ProGuard. All changes are non-major version bumps.

What reviewers should know

Key areas to review:

1. Kotlin pre-release version: The change to Kotlin 2.4.20-neptune-246 is a beta/pre-release, not a stable release. Verify:

   • All tests pass with this version
   • No compiler warnings or unexpected behavior introduced
   • Any known issues with this pre-release are acceptable for the project's goals

2. Version jump magnitudes: Several dependencies jump multiple minor versions at once:

   • commons-codec: 1.13 → 1.21.0 (8 minor versions)
   • commons-lang3: 3.17.0 → 3.20.0 (3 minor versions)
   • spotless: 6.11.0 → 6.25.0 (14 minor versions)

   Check changelogs for any breaking behavioral changes, even though they're not major version bumps.

3. Test coverage: Since this affects core language/compiler and testing libraries, verify the test suite runs successfully end-to-end.

4. Security patches: Spring Security libraries have patches applied (crypto 5.7.2 → 5.8.16, core 4.2.17 → 4.2.20) — verify any security vulnerabilities are indeed addressed if relevant to this project.

---

• Generate Walkthrough
• Generate Diagram

🗣️ Give feedback

[sonar-review-alpha]

Routine Renovate dependency update. All the security-sensitive libraries (Spring Security, commons-codec, commons-net, okhttp) are updated only in kotlin-checks-test-sources, which compiles sample Kotlin code used by security rule tests — none of these land in the production plugin JAR.

One structural issue worth fixing before merge: the Kotlin artifact versions in kotlin-checks-test-sources/build.gradle.kts are hardcoded to 2.4.20-neptune-246 as literal strings, while every other module reads the version from the kotlinVersion project property (val kotlinVersion: String by project.ext). This PR updates them correctly today, but the pattern guarantees drift on the next Kotlin bump unless someone remembers to also touch this file.

🗣️ Give feedback

[sonar-review-alpha]

These three Kotlin library versions are hardcoded literals while every other module reads them from the kotlinVersion project property (e.g. sonar-kotlin-api/build.gradle.kts uses val kotlinVersion: String by project.ext). Next time kotlinVersion is bumped in gradle.properties, these lines won't be updated automatically — causing a mismatch between the Kotlin compiler the rest of the build uses and the libraries this test-sources module compiles against.

Suggested change

	implementation("org.jetbrains.kotlin:kotlin-reflect:2.4.20-neptune-246")
	implementation("org.jetbrains.kotlin:kotlin-test:2.4.20-neptune-246")
	implementation("org.jetbrains.kotlin:kotlin-test-junit5:2.4.20-neptune-246")
	val kotlinVersion: String by project.ext
	implementation("org.jetbrains.kotlin:kotlin-reflect:$kotlinVersion")
	implementation("org.jetbrains.kotlin:kotlin-test:$kotlinVersion")
	implementation("org.jetbrains.kotlin:kotlin-test-junit5:$kotlinVersion")

• Mark as noise

[petertrr]

Needs #705 to have correct scope of updates