Bump the gradle-dependencies group across 1 directory with 6 updates

[dependabot]

Bumps the gradle-dependencies group with 5 updates in the / directory:

Package	From	To
com.squareup.okhttp3:okhttp	4.12.0	5.1.0
org.junit:junit-bom	5.13.0	5.13.4
com.squareup.okio:okio	3.12.0	3.16.0
com.fasterxml.jackson.core:jackson-databind	2.19.0	2.19.2
com.diffplug.spotless	6.13.0	7.2.1

Updates com.squareup.okhttp3:okhttp from 4.12.0 to 5.1.0

Changelog

Sourced from com.squareup.okhttp3:okhttp's changelog.

Version 5.1.0

2025-07-07

• New: Response.peekTrailers(). When we changed Response.trailers() to block instead of throwing in 5.0.0, we inadvertently removed the ability for callers to peek the trailers (by catching the IllegalStateException if they weren't available). This new API restores that capability.

• Fix: Don't crash on trailers() if the response doesn't have a body. We broke [Retrofit] users who read the trailers on the raw() OkHttp response, after its body was decoded.

Version 5.0.0

2025-07-02

This is our first stable release of OkHttp since 2023. Here's the highlights if you're upgrading from OkHttp 4.x:

OkHttp is now packaged as separate JVM and Android artifacts. This allows us to offer platform-specific features and optimizations. If your build system handles [Gradle module metadata], this change should be automatic.

MockWebServer has a new coordinate and package name. We didn’t like that our old artifact depends on JUnit 4 so the new one doesn’t. It also has a better API built on immutable values. (We intend to continue publishing the old okhttp3.mockwebserver artifact so there’s no urgency to migrate.)

Coordinate	Package Name	Description
com.squareup.okhttp3:mockwebserver3:5.0.0	mockwebserver3	Core module. No JUnit dependency!
com.squareup.okhttp3:mockwebserver3-junit4:5.0.0	mockwebserver3.junit4	Optional JUnit 4 integration.
com.squareup.okhttp3:mockwebserver3-junit5:5.0.0	mockwebserver3.junit5	Optional JUnit 5 integration.
com.squareup.okhttp3:mockwebserver:5.0.0	okhttp3.mockwebserver	Obsolete. Depends on JUnit 4.

OkHttp now supports Happy Eyeballs ([RFC 8305][rfc_8305]) for IPv4+IPv6 networks. It attempts both IPv6 and IPv4 connections concurrently, keeping whichever connects first.

We’ve improved our Kotlin APIs. You can skip the builder:

val request = Request(
  url = "https://cash.app/".toHttpUrl(),
)

OkHttp now supports [GraalVM].

Here’s what has changed since 5.0.0-alpha.17:

... (truncated)

Commits

• d2dd180 Prepare for release 5.1.0.
• 61a8735 New Response.peekTrailers() API (#8921)
• 6684401 Update dependency gradle to v8.14.3 (#8915)
• 7adb2b6 Update junit-framework monorepo (#8914)
• e41ff18 Link to new mockwebserver artifacts (#8911)
• 0ff8751 Remove Graal init tracing (#8909)
• b9a2560 Run graal on master (#8907)
• 8339524 Remove ExperimentalOkHttpApi references (#8908)
• ce29ef6 Fix graal tests (#8906)
• 8579689 Don't force a response body read on all trailers (#8904)
• Additional commits viewable in compare view

Updates org.junit:junit-bom from 5.13.0 to 5.13.4

Release notes

Sourced from org.junit:junit-bom's releases.

JUnit 5.13.4 = Platform 1.13.4 + Jupiter 5.13.4 + Vintage 5.13.4

See Release Notes.

Full Changelog: junit-team/junit-framework@r5.13.3...r5.13.4

JUnit 5.13.3 = Platform 1.13.3 + Jupiter 5.13.3 + Vintage 5.13.3

See Release Notes.

Full Changelog: junit-team/junit-framework@r5.13.2...r5.13.3

JUnit 5.13.2 = Platform 1.13.2 + Jupiter 5.13.2 + Vintage 5.13.2

See Release Notes.

Full Changelog: junit-team/junit-framework@r5.13.1...r5.13.2

JUnit 5.13.1 = Platform 1.13.1 + Jupiter 5.13.1 + Vintage 5.13.1

See Release Notes.

Full Changelog: junit-team/junit-framework@r5.13.0...r5.13.1

Commits

• 8a21048 Release 5.13.4
• 9a38789 Finalize 5.13.4 release notes
• 458325c Log only once per implementation type for CloseableResource types
• 976a110 Protect against potential problems when converting file-based selectors
• e94f728 Allow default package for PackageSource
• b60fecf Fail on classpath resource names that are blank after removing leading /
• 6378c88 Remove java.* packages from Import-Package headers in all jars (#4738)
• 1a360f3 Create initial 5.13.4 release notes from template
• 806fc9a Document #4689 in release notes
• 1653839 Document #4686 in release notes
• Additional commits viewable in compare view

Updates org.junit.jupiter:junit-jupiter from 5.13.0 to 5.13.4

Release notes

Sourced from org.junit.jupiter:junit-jupiter's releases.

JUnit 5.13.4 = Platform 1.13.4 + Jupiter 5.13.4 + Vintage 5.13.4

See Release Notes.

Full Changelog: junit-team/junit-framework@r5.13.3...r5.13.4

JUnit 5.13.3 = Platform 1.13.3 + Jupiter 5.13.3 + Vintage 5.13.3

See Release Notes.

Full Changelog: junit-team/junit-framework@r5.13.2...r5.13.3

JUnit 5.13.2 = Platform 1.13.2 + Jupiter 5.13.2 + Vintage 5.13.2

See Release Notes.

Full Changelog: junit-team/junit-framework@r5.13.1...r5.13.2

JUnit 5.13.1 = Platform 1.13.1 + Jupiter 5.13.1 + Vintage 5.13.1

See Release Notes.

Full Changelog: junit-team/junit-framework@r5.13.0...r5.13.1

Commits

• 8a21048 Release 5.13.4
• 9a38789 Finalize 5.13.4 release notes
• 458325c Log only once per implementation type for CloseableResource types
• 976a110 Protect against potential problems when converting file-based selectors
• e94f728 Allow default package for PackageSource
• b60fecf Fail on classpath resource names that are blank after removing leading /
• 6378c88 Remove java.* packages from Import-Package headers in all jars (#4738)
• 1a360f3 Create initial 5.13.4 release notes from template
• 806fc9a Document #4689 in release notes
• 1653839 Document #4686 in release notes
• Additional commits viewable in compare view

Updates com.squareup.okio:okio from 3.12.0 to 3.16.0

Changelog

Sourced from com.squareup.okio:okio's changelog.

Version 3.16.0

2025-07-29

• Fix: Change Socket.asOkioSocket() to resolve its source InputStream and OutputStream eagerly. This will throw a SocketException immediately if the socket isn’t connected. This behavior is consistent with our similar APIs, Socket.source() and Socket.sink().

• Fix: Optimize AsyncTimeout on systems with a very large number of active timeouts. This class originally kept active timeouts in a linked list; with this update the internal data structure is a binary heap. The old runtime was 𝑂(𝑛²) to activate 𝑛 timeouts; with this optimization the runtime is 𝑂(𝑛 log 𝑛).

• Upgrade: [Kotlin 2.2.0][kotlin_2_2_0].

Version 3.15.0

2025-07-01

• Upgrade: [kotlinx-datetime 0.7.0-0.6.x-compat][datetime_0_7_0_compat]. The previous 3.14.0 release, FakeFileSystem broke binary-compatibility for calls to FakeFileSystem(). This restores that compatibility.

• Breaking: Change FakeFileSystem.clock from a JVM field to a property. This avoids a crash running Okio in a Gradle 8.x plugin. This change is not binary-compatible.

Version 3.14.0

2025-06-28

• Upgrade: [kotlinx-datetime 0.7.0][datetime_0_7_0]. This impacts the okio-fakefilesystem artifact only. This is a binary-incompatible backwards-incompatible change that cannot co-exist with previous releases of okio-fakefilesystem! If you observe a NoSuchMethodError calling FakeFileSystem.init, update the calling code to this release (or newer) and recompile. We don't like imposing backwards-incompatible changes like this on you and do so regretfully.

Version 3.13.0

2025-06-13

• New: okio.Socket interface. This is a first step towards low-level streaming networking support for Kotlin/Multiplatform. This release provides two JVM-only implementations: asOkioSocket() adapts a java.net.Socket to our new interface, and inMemorySocketPair() returns a pair of mutually-connected sockets. We also anticipate that this interface will be a useful abstraction for proxies and tunnels.
• New: In-development snapshots are now published to the [Central Portal Snapshots repository].

Commits

• 8259b1d Prepare for release 3.16.0.
• a0d0c5e Upgrade to Kotlin 2.2.0 (#1670)
• 9e25e03 Get Socket.inputStream and outputStream eagerly (#1669)
• 0e48b0d Add heap implementation for AsyncTimeout (#1658)
• d9e59b6 Update dependency com.diffplug.spotless:spotless-plugin-gradle to v7.2.1 (#1667)
• 0cccd61 Update dependency com.diffplug.spotless:spotless-plugin-gradle to v7.2.0 (#1665)
• 5355bcc Update dependency com.vanniktech:gradle-maven-publish-plugin to v0.34.0 (#1659)
• 4e88847 Update dependency com.google.jimfs:jimfs to v1.3.1 (#1657)
• 7edbfd3 Update dependency com.android.tools.build:gradle to v8.11.1 (#1655)
• a96af6f Update dependency org.jetbrains.kotlinx.binary-compatibility-validator:org.je...
• Additional commits viewable in compare view

Updates com.fasterxml.jackson.core:jackson-databind from 2.19.0 to 2.19.2

Commits

• See full diff in compare view

Updates com.diffplug.spotless from 6.13.0 to 7.2.1

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
com.diffplug.spotless	[>= 6.16.a, < 6.17]

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Join our Discord community for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore or @coderabbit ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[curquiza]

@dependabot recreate

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.