Bump the all group with 7 updates

[dependabot]

Bumps the all group with 7 updates:

Package	From	To
org.jetbrains.kotlin.jvm	2.3.10	2.3.20
com.diffplug.spotless	8.2.1	8.4.0
org.sonarqube	7.2.2.6593	7.2.3.7755
io.ktor:ktor-server-netty	3.4.0	3.4.2
com.gradleup.shadow	9.3.2	9.4.1
org.projectlombok:lombok	1.18.42	1.18.44
gradle-wrapper	9.3.1	9.4.1

Updates org.jetbrains.kotlin.jvm from 2.3.10 to 2.3.20

Release notes

Sourced from org.jetbrains.kotlin.jvm's releases.

Kotlin 2.3.20

Changelog

Analysis API. FIR

New Features

• KT-78090 Implement stubs support for new conditional returns and holdsIn contracts

Fixes

• KT-82948 'FirRegularClass' expected as a containing declaration, got 'FirTypeAliasImpl'
• KT-83467 Package-level JSpecify annotations are ignored when coming from jars or libraries
• KT-82057 K2. Cannot infer type parameter 'R' in Ktor routing post() function with explicit response type
• KT-82846 AA: unresolved KtExpression.expressionType for the reference to the parameter with default value
• KT-80485 False positive UNRESOLVED_REFERENCE on nested interface from super-super class in the super type position inside an anonymous object
• KT-82772 Flaky false positive deprecation warning on PersistentMap.put in Kotlin repo in IDE mode
• KT-76487 StdLibSourcesLazyDeclarationResolveTestGenerated.testWrappedInt is unstable
• KT-82618 Various tests are failing with NPE in kt-master after updating the compiler on 19.11.25
• KT-82076 Error querying members of JavaClass created for SymbolLightClassForAnnotationClass during library analysis
• KT-71596 Include Js/Wasi checkers in AbstractLLFirDiagnosticsCollector
• KT-82085 No OUTER_CLASS_ARGUMENTS_REQUIRED on type parameter bound in IDE
• KT-81873 Provide a way of including traces in phase JFR events
• KT-71929 Consider leaving the non-post-compute version at EnhancementSymbolsCache.enhancedFunctions

Analysis API. Infrastructure

• KT-83173 Analysis API Tests: Library names with RC versions aren't sanitised
• KT-65140 LL FIR: Implement AbstractFirPsiJsDiagnosticTest for LL FIR
• KT-82212 [Analysis API, LL FIR] Implement AbstractDiagnosticsFirWasmTest and AbstractDiagnosticsFirWasmWasiTest for LL FIR

Analysis API. Light Classes

• KT-82227 Value classes should expose regular static methods

Analysis API. PSI

• KT-81710 'KtTypeReference.getTypeText' does not account for 'suspend' modifier on suspend lambdas
• KT-82258 Prepare PSI for migration from context receivers to context parameters
• KT-81074 KDoc: List rendering is broken

Analysis API. Providers and Caches

• KT-82449 K2 IDE Analysis Freezes During Gradle Sync (Recursive Module Dependency Computation in KotlinModuleDependentsProviderBase.computeTransitiveDependents)
• KT-82629 'collectDiagnostics' returns stale syntax error after editor fix
• KT-74907 Analysis API: Apply platform-based library module content restrictions consistently

Analysis API. Standalone

• KT-81107 AA: KtSourceModuleBuilder.sourceRoots doesn't works with symbolic links

... (truncated)

Changelog

Sourced from org.jetbrains.kotlin.jvm's changelog.

2.3.20

Analysis API. FIR

New Features

• KT-78090 Implement stubs support for new conditional returns and holdsIn contracts

Fixes

• KT-82948 'FirRegularClass' expected as a containing declaration, got 'FirTypeAliasImpl'
• KT-83467 Package-level JSpecify annotations are ignored when coming from jars or libraries
• KT-82057 K2. Cannot infer type parameter 'R' in Ktor routing post() function with explicit response type
• KT-82846 AA: unresolved KtExpression.expressionType for the reference to the parameter with default value
• KT-80485 False positive UNRESOLVED_REFERENCE on nested interface from super-super class in the super type position inside an anonymous object
• KT-82772 Flaky false positive deprecation warning on PersistentMap.put in Kotlin repo in IDE mode
• KT-76487 StdLibSourcesLazyDeclarationResolveTestGenerated.testWrappedInt is unstable
• KT-82618 Various tests are failing with NPE in kt-master after updating the compiler on 19.11.25
• KT-82076 Error querying members of JavaClass created for SymbolLightClassForAnnotationClass during library analysis
• KT-71596 Include Js/Wasi checkers in AbstractLLFirDiagnosticsCollector
• KT-82085 No OUTER_CLASS_ARGUMENTS_REQUIRED on type parameter bound in IDE
• KT-81873 Provide a way of including traces in phase JFR events
• KT-71929 Consider leaving the non-post-compute version at EnhancementSymbolsCache.enhancedFunctions

Analysis API. Infrastructure

• KT-83173 Analysis API Tests: Library names with RC versions aren't sanitised
• KT-65140 LL FIR: Implement AbstractFirPsiJsDiagnosticTest for LL FIR
• KT-82212 [Analysis API, LL FIR] Implement AbstractDiagnosticsFirWasmTest and AbstractDiagnosticsFirWasmWasiTest for LL FIR

Analysis API. Light Classes

• KT-82227 Value classes should expose regular static methods

Analysis API. PSI

• KT-81710 'KtTypeReference.getTypeText' does not account for 'suspend' modifier on suspend lambdas
• KT-82258 Prepare PSI for migration from context receivers to context parameters
• KT-81074 KDoc: List rendering is broken

Analysis API. Providers and Caches

• KT-82449 K2 IDE Analysis Freezes During Gradle Sync (Recursive Module Dependency Computation in KotlinModuleDependentsProviderBase.computeTransitiveDependents)
• KT-82629 'collectDiagnostics' returns stale syntax error after editor fix
• KT-74907 Analysis API: Apply platform-based library module content restrictions consistently

Analysis API. Standalone

• KT-81107 AA: KtSourceModuleBuilder.sourceRoots doesn't works with symbolic links

... (truncated)

Commits

• d57eb4a Add ChangeLog for 2.3.20-RC3
• 41886bb [Gradle] Update KGP npm tooling dependency versions
• 210a9bd [Native] Do not mark iosX64 target as deprecate in DSL
• 7ed446e Add ChangeLog for 2.3.20-RC2
• 520eade [K/JVM] Fix incorrect optimization of local delegation
• 7ef8bcc Reflection: add LazyKProperty to fix recent performance regression
• 9fa7cf2 [Gradle] Link NoActiveThreadsAfterCompilerInvocationIT with KT-84566
• d410596 [Gradle] Shutdown coroutines dispatcher threads after compiler invocation
• 348430b [BTA] Fix compatibility between API 2.3.20 and KC 2.3.10
• 4058f3c [CMP] HiddenFromObjC remove outdated offset check
• Additional commits viewable in compare view

Updates com.diffplug.spotless from 8.2.1 to 8.4.0

Updates org.sonarqube from 7.2.2.6593 to 7.2.3.7755

Updates io.ktor:ktor-server-netty from 3.4.0 to 3.4.2

Release notes

Sourced from io.ktor:ktor-server-netty's releases.

3.4.2

Published 27 March 2026

Improvements

• KTOR-9327 Curl: The WebSockets maxFrameSize option does not have an effect
• KTOR-9383 CaseInsensitiveString: reduce allocations
• KTOR-9385 Netty: Allocation micro-optimizations
• KTOR-9403 Darwin: Unnecessary ByteArray copy for each received response chunk
• KTOR-9412 KDoc for formFieldLimit documents incorrect default value (64 KB instead of 50 MiB)

Bugfixes

• KTOR-9351 OpenAPI: Incorrect schema generated for nested classes with lists
• KTOR-9361 WebSockets: JsWebSocketSession._closeReason is completed twice
• KTOR-9437 Fix GraalVM Compatibility
• KTOR-9424 Logging: OkHttp format should log the full requested URL
• KTOR-8540 Logging: IllegalStateException is thrown when response is cached and deserialization fails
• KTOR-9370 OpenAPI: NoSuchMethodError - getLOCAL_FUNCTION_FOR_LAMBDA with Kotlin 2.3.20-*
• KTOR-9421 Netty: active SSE connection blocks HTTP/2 response flushing for other requests
• KTOR-3390 JS browser: "Failed to execute 'digest' on 'SubtleCrypto'" error when using digest auth
• KTOR-5977 Compression: The encoders buffer streaming response
• KTOR-9393 Certificate pinning matches against all pins instead of hostname-scoped pins
• KTOR-8751 DI: AmbiguousDependencyException when named dependency is overridden in testApplication
• KTOR-9039 Bearer Auth: Request body transformed with jsonIO isn't sent over again after refreshToken request
• KTOR-9404 Darwin: Memory leak in KtorNSURLSessionDelegate
• KTOR-9399 LinkageError when running Ktor app with development mode inside Spring Boot / Amper fat-JAR
• KTOR-9402 NoSuchMethodError on RawWebSocket after 3.4.0
• KTOR-9372 Frame.Text.readText() causes infinite loop and 100% CPU on Kotlin/Native when WebSocket frame data is malformed or connection drops unexpectedly
• KTOR-9387 ZstdEncoder decode fails when source data is split into multiple Zstd frames

3.4.1

Published 3 March 2026

Improvements

• KTOR-9382 HttpProtocolVersion.parse: fast path for common versions
• KTOR-9381 GMTDate: reduce allocations
• KTOR-8971 Support "operationId" in Kdoc for OpenAPI spec. gen.
• KTOR-9333 WebSockets: Infinite spin and potential OOM vulnerabilities in the Inflater.inflateFully method
• KTOR-5616 Ktor always adds by default an Accept-Charset header
• KTOR-9291 OpenAPI: handle atypical route functions
• KTOR-9293 OpenAPI describe needs defaults
• KTOR-9304 OpenAPI: Order of path parameters is not preserved in the spec
• KTOR-9353 Routing: TailcardSelector missing toString(), which clutters the logs

Bugfixes

• KTOR-9281 OpenApi code inference misses lambda argument bodies
• KTOR-9273 OpenAPI static content path appears in resulting model
• KTOR-9004 OpenAPI: No respective formats detected for serializable types like UUID or Instant
• KTOR-9305 OpenAPI: "No mapping for symbol: VAR FOR_LOOP_VARIABLE" error with codeInferenceEnabled=true
• KTOR-9279 OpenAPI: UnsupportedOperationException for a function with a reified type parameter codeInferenceEnabled = true
• KTOR-9289 OpenAPI: Resource routes are missing inferred and comment-based documentation

... (truncated)

Changelog

Sourced from io.ktor:ktor-server-netty's changelog.

3.4.2

Published 27 March 2026

Improvements

• KTOR-9327 Curl: The WebSockets maxFrameSize option does not have an effect
• KTOR-9383 CaseInsensitiveString: reduce allocations
• KTOR-9385 Netty: Allocation micro-optimizations
• KTOR-9403 Darwin: Unnecessary ByteArray copy for each received response chunk
• KTOR-9412 KDoc for formFieldLimit documents incorrect default value (64 KB instead of 50 MiB)

Bugfixes

• KTOR-9351 OpenAPI: Incorrect schema generated for nested classes with lists
• KTOR-9361 WebSockets: JsWebSocketSession._closeReason is completed twice
• KTOR-9437 Fix GraalVM Compatibility
• KTOR-9424 Logging: OkHttp format should log the full requested URL
• KTOR-8540 Logging: IllegalStateException is thrown when response is cached and deserialization fails
• KTOR-9370 OpenAPI: NoSuchMethodError - getLOCAL_FUNCTION_FOR_LAMBDA with Kotlin 2.3.20-*
• KTOR-9421 Netty: active SSE connection blocks HTTP/2 response flushing for other requests
• KTOR-3390 JS browser: "Failed to execute 'digest' on 'SubtleCrypto'" error when using digest auth
• KTOR-5977 Compression: The encoders buffer streaming response
• KTOR-9393 Certificate pinning matches against all pins instead of hostname-scoped pins
• KTOR-8751 DI: AmbiguousDependencyException when named dependency is overridden in testApplication
• KTOR-9039 Bearer Auth: Request body transformed with jsonIO isn't sent over again after refreshToken request
• KTOR-9404 Darwin: Memory leak in KtorNSURLSessionDelegate
• KTOR-9399 LinkageError when running Ktor app with development mode inside Spring Boot / Amper fat-JAR
• KTOR-9402 NoSuchMethodError on RawWebSocket after 3.4.0
• KTOR-9372 Frame.Text.readText() causes infinite loop and 100% CPU on Kotlin/Native when WebSocket frame data is malformed or connection drops unexpectedly
• KTOR-9387 ZstdEncoder decode fails when source data is split into multiple Zstd frames

3.4.1

Published 3 March 2026

Improvements

• KTOR-9382 HttpProtocolVersion.parse: fast path for common versions
• KTOR-9381 GMTDate: reduce allocations
• KTOR-8971 Support "operationId" in Kdoc for OpenAPI spec. gen.
• KTOR-9333 WebSockets: Infinite spin and potential OOM vulnerabilities in the Inflater.inflateFully method
• KTOR-5616 Ktor always adds by default an Accept-Charset header
• KTOR-9291 OpenAPI: handle atypical route functions
• KTOR-9293 OpenAPI describe needs defaults
• KTOR-9304 OpenAPI: Order of path parameters is not preserved in the spec
• KTOR-9353 Routing: TailcardSelector missing toString(), which clutters the logs

Bugfixes

• KTOR-9281 OpenApi code inference misses lambda argument bodies
• KTOR-9273 OpenAPI static content path appears in resulting model
• KTOR-9004 OpenAPI: No respective formats detected for serializable types like UUID or Instant
• KTOR-9305 OpenAPI: "No mapping for symbol: VAR FOR_LOOP_VARIABLE" error with codeInferenceEnabled=true
• KTOR-9279 OpenAPI: UnsupportedOperationException for a function with a reified type parameter codeInferenceEnabled = true

... (truncated)

Commits

• 245774a Release 3.4.2 (#5493)
• 7c6c33a KTOR-9361 Fix JsWebSocketSession._closeReason completed twice (#5457)
• 453e739 KTOR-9437 Server. Add GraalVM metadata. (#5491)
• 7146fd7 KTOR-9424 Log full URLs with OkHttp format (#5488)
• 52b5981 KTOR-8540 Fix IllegalStateException by creating a new instance of HttpClientC...
• 12de7fb KTOR-9408 Update atomicfu with performance fix
• 58837ad KTOR-9419 Fix vulnerability in swagger endpoint
• 69e55ce Remove CurlWebSocketTests (#5483)
• 5dfbe51 fixup! KTOR-9421 Track streaming responses separately to fix SSE blocking flu...
• e784ed7 fixup! Server. Update KDocs for that may set status. (#5233)
• Additional commits viewable in compare view

Updates com.gradleup.shadow from 9.3.2 to 9.4.1

Release notes

Sourced from com.gradleup.shadow's releases.

9.4.1

Changed

• Update Kotlin to 2.3.20. (#1978)

9.4.0

Added

• Support Isolated Projects. (#1139)

Changed

• Allow opting out of adding shadowJar into assemble lifecycle. (#1939)

  shadow {
    // Disable making `assemble` task depend on `shadowJar`. This is enabled by default.
    addShadowJarToAssembleLifecycle = false
  }

• Stop catching ZipException when writing entries. (#1970)

Fixed

• Fix interaction with Gradle artifact transforms. (#1345)
• Fix skipStringConstants per-relocator behavior in mapName. (#1968)
• Fix failing for non-existent class directories. (#1976)

Commits

• f98d8f2 Prepare version 9.4.1
• 7cf1ac5 Note #1978 in changelog
• 539d532 Update plugin jetbrains-dokka to v2.2.0 (#1994)
• 0fb99ca Update actions/deploy-pages action to v5 (#1993)
• 38ec3e2 Update Develocity to v4.4.0 (#1992)
• e519072 Update gradle/actions action to v6 (#1990)
• ca0dd71 Update pluginPublish to v2.1.1 (#1989)
• 5a1ab58 Update Gradle to v9.4.1 (#1988)
• 69dfdfc Improve file type check for AAR (#1987)
• 1395087 Document excluding non-JAR transitive dependencies (#1986)
• Additional commits viewable in compare view

Updates org.projectlombok:lombok from 1.18.42 to 1.18.44

Changelog

Sourced from org.projectlombok:lombok's changelog.

v1.18.44 (March 11th, 2026)

• FEATURE: @Jacksonized now supports both Jackson2 and Jackson3; you'll get a warning until you configure which one (or even both!) you want lombok to generate. #3950.
• BUGFIX: On JDK25, val and @ExtensionMethod could sometimes cause erroneous errors (in that you see errors but compilation succeeds anyway) using javac. #3947.
• BUGFIX: @Jacksonized + fields marked transient would result in those transient fields being serialised which is surprising (and thus undesired) behaviour. #3936.

Commits

• 17c78fe [version] pre-release version bump
• 1edca70 [test][@Jacksonized] Test emission of warning when not choosing jackson ver...
• e789e82 [test] Update the generation of eclipse test targets from JDK14 to JDK25.
• a54cecd [trivial][changelog]
• 3db0a6c [bugfix][@Jacksonized] javac handler of jacksonized checked for existing ja...
• 12572fc [test] Adjusted tests to the new 'jackson version is a list' config key setup.
• 0e9699c [changelog] Document implementation of Jackson3 support: #3950.
• d441be1 [jacksonized] infrastructure for previous merge resolution: Changed to the co...
• d62b2d5 Merge branch 'master' into cachescrubber-gh-3950
• f49f0fe [test] Remove tests for deprecated @Logger(access = MODULE). They're deprec...
• Additional commits viewable in compare view

Updates gradle-wrapper from 9.3.1 to 9.4.1

Release notes

Sourced from gradle-wrapper's releases.

9.4.1

The Gradle team is excited to announce Gradle 9.4.1.

Here are the highlights of this release:

• Java 26 support
• Non-class-based JVM tests
• Enhanced console progress bar

Read the Release Notes

We would like to thank the following community members for their contributions to this release of Gradle: akankshaa-00, Attila Kelemen, Björn Kautler, dblood, Dennis Rieks, duvvuvenkataramana, John Burns, Julian, kevinstembridge, Niels Doucet, Philip Wedemann, ploober, Richard Hernandez, Roberto Perez Alcolea, Sebastian Lövdahl, stephan2405, Stephane Landelle, Ujwal Suresh Vanjare, Victor Merkulov, Vincent Potuček, Vladimir Sitnikov.

Upgrade instructions

Switch your build to use Gradle 9.4.1 by updating your wrapper:

./gradlew wrapper --gradle-version=9.4.1 && ./gradlew wrapper

See the Gradle 9.x upgrade guide to learn about deprecations, breaking changes and other considerations when upgrading.

For Java, Groovy, Kotlin and Android compatibility, see the full compatibility notes.

Reporting problems

If you find a problem with this release, please file a bug on GitHub Issues adhering to our issue guidelines. If you're not sure you're encountering a bug, please use the forum.

We hope you will build happiness with Gradle, and we look forward to your feedback via Twitter or on GitHub.

... (truncated)

Commits

• 2d63270 Ignore test (#37180)
• 4c15906 Ignore test
• 9759ac1 Make console/SIGINT test deterministic (#37178)
• aaf6ed4 Make console/SIGINT test deterministic
• 47cb783 Fix OSC 9;4 progress bar not cleared on SIGINT (#37038)
• ef03f1d Fix order-dependent assertion in CrossBuildScriptCachingIntegrationSpec
• fd26fd3 Fix OSC 9;4 taskbar progress bar not cleared on build end or SIGINT
• 0a84d67 Release notes for 9.4.1 (#37148)
• e569c31 cleanup
• 9f227de cleanup
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud