chore(deps): bump the gradle-dependencies group across 1 directory with 7 updates

[dependabot]

Bumps the gradle-dependencies group with 7 updates in the / directory:

Package	From	To
gradle-wrapper	9.6.0	9.6.1
com.google.dagger:hilt-android	2.59.2	2.60
com.google.dagger:hilt-android-compiler	2.59.2	2.60
io.ktor:ktor-server-core-jvm	3.5.0	3.5.1
io.ktor:ktor-server-netty-jvm	3.5.0	3.5.1
io.ktor:ktor-server-cio-jvm	3.5.0	3.5.1
com.google.dagger.hilt.android	2.59.2	2.60

Updates gradle-wrapper from 9.6.0 to 9.6.1

Release notes

Sourced from gradle-wrapper's releases.

9.6.1

The Gradle team is excited to announce Gradle 9.6.1.

Here are the highlights of this release:

• Improved Configuration Cache hit rates
• Additional CLI rendering options
• Important project hierarchy lookup deprecations

Read the Release Notes

We would like to thank the following community members for their contributions to this release of Gradle: Aharnish Solanki, Benedikt Johannes, Devendra Reddy Pennabadi, Dmytro Rodionov, Dreeam, Elías Hernández Rodríguez, Eng Zer Jun, FinlayRJW, Kamal Kansal, Marcono1234, Nelson Osacky, Philip Wedemann, Ravi, Roberto Perez Alcolea, Ryan Schmitt, Sebastian Schuberth, seunghun.ham, sk-reddy17, Suvrat Acharya, Vedant Madane.

Upgrade instructions

Switch your build to use Gradle 9.6.1 by updating your wrapper:

./gradlew :wrapper --gradle-version=9.6.1 && ./gradlew :wrapper

See the Gradle 9.x upgrade guide to learn about deprecations, breaking changes and other considerations when upgrading.

For Java, Groovy, Kotlin and Android compatibility, see the full compatibility notes.

Reporting problems

If you find a problem with this release, please file a bug on GitHub Issues adhering to our issue guidelines. If you're not sure you're encountering a bug, please use the forum.

We hope you will build happiness with Gradle, and we look forward to your feedback via Twitter or on GitHub.

Commits

• 309d128 Update fixed issues in release notes for 9.6.1 (#38328)
• 040a978 Update fixed issues in release notes for 9.6.1
• e0b8325 Restore --non-interactive flag instead of --interactive/--no-interactive (#38...
• 946f3e6 Limit explicit temp file permission setting to intended use case (#38300)
• 65f8224 Restore --non-interactive flag instead of --interactive/--no-interactive
• e346a5e Adjust CLI flag to configure non-interactive console (#38301)
• 9b53be9 Adjust CLI flag to configure non-interactive console
• 0dd3b53 Limit explicit temp file permission setting to intended use case
• 48e5ac2 Add reproducers
• 25598fd Prepare 9.6.1 patch release (#38293)
• Additional commits viewable in compare view

Updates com.google.dagger:hilt-android from 2.59.2 to 2.60

Release notes

Sourced from com.google.dagger:hilt-android's releases.

Dagger 2.60

New features:

• Fixes #5165: Support nullable type annotations when using the flag -Adagger.nullableTypeAnnotations=enabled. For more details see https://dagger.dev/dev-guide/compiler-options#nullable-type-annotations. (4bedb4b64)
• Fixes #5087: When using the Hilt Gradle plugin, you can now disable fastInit mode from the command line, e.g. -Pdagger.hilt.fastInit=false. For more details see https://dagger.dev/hilt/flags#fast-init. (0f7642ba1)
• Introduced parameterless @Binds methods to explicitly bind @Inject constructors. For more details see https://dagger.dev/dev-guide/#parameterless-binds. (4c81e9416)

Potential breaking changes:

• When using the Hilt Gradle plugin, an error is now reported if a user sets a plugin-controlled flag (previously the plugin just ignored the user’s input). (a119ba68c)
• Multidex support is removed. minSDK for Hilt is now 23, matching AndroidX (https://issuetracker.google.com/380448311) (1990bd1c4)

Bug fixes:

• Fixes #1290: Enabled Guava BetaApi checks (5b8b2bdbe)
• Fixes #5190, #5180, #5177: Updated Kotlin version ton 2.3.21 (7daaec5a9)
• Fixes #5160: Deferred ViewModelMetadata processing on error types or missing @​AssistedFactory (59827c699)
• Fixes missing originating element attachments in a few Hilt processors to ensure correct incremental compilation tracking. (2930ca837)
• Fixes Dagger multibinding duplicate masking across Map components (compile-time validation) Adds strict compile-time detection for duplicate map multibinding keys across component boundaries. This is enabled via the -Adagger.mapMultibindingDuplicateDetectionFix=ENABLED. This option is DISABLED by default to maintain backward compatibility. See Compiler Options for more details. (504397ebe)

Commits

• d9ccdc7 2.60 release
• 7451e37 Add dependenciesRequested to ProducerMonitor
• e820a70 Refactor: Inline library sources directly within MembersInjectionValidationTest
• 4bedb4b Support nullable type annotations with a flag.
• 445e6f0 Fix wording on ProducerMonitor methodStarting and ready javadocs
• 5b8b2bd Enable Guava BetaApi checks in Dagger's Bazel build.
• 639cd2b Temporarily disable a few KSP tests before updating XProcessing artifacts.
• 5988296 Handle RuntimeExceptions in DaggerSuperficialValidation getMessage / trac...
• 2227e70 Remove unused ProcessorErrors methods.
• 7daaec5 Update Kotlin and KSP versions to 2.3.
• Additional commits viewable in compare view

Updates com.google.dagger:hilt-android-compiler from 2.59.2 to 2.60

Release notes

Sourced from com.google.dagger:hilt-android-compiler's releases.

Dagger 2.60

New features:

• Fixes #5165: Support nullable type annotations when using the flag -Adagger.nullableTypeAnnotations=enabled. For more details see https://dagger.dev/dev-guide/compiler-options#nullable-type-annotations. (4bedb4b64)
• Fixes #5087: When using the Hilt Gradle plugin, you can now disable fastInit mode from the command line, e.g. -Pdagger.hilt.fastInit=false. For more details see https://dagger.dev/hilt/flags#fast-init. (0f7642ba1)
• Introduced parameterless @Binds methods to explicitly bind @Inject constructors. For more details see https://dagger.dev/dev-guide/#parameterless-binds. (4c81e9416)

Potential breaking changes:

• When using the Hilt Gradle plugin, an error is now reported if a user sets a plugin-controlled flag (previously the plugin just ignored the user’s input). (a119ba68c)
• Multidex support is removed. minSDK for Hilt is now 23, matching AndroidX (https://issuetracker.google.com/380448311) (1990bd1c4)

Bug fixes:

• Fixes #1290: Enabled Guava BetaApi checks (5b8b2bdbe)
• Fixes #5190, #5180, #5177: Updated Kotlin version ton 2.3.21 (7daaec5a9)
• Fixes #5160: Deferred ViewModelMetadata processing on error types or missing @​AssistedFactory (59827c699)
• Fixes missing originating element attachments in a few Hilt processors to ensure correct incremental compilation tracking. (2930ca837)
• Fixes Dagger multibinding duplicate masking across Map components (compile-time validation) Adds strict compile-time detection for duplicate map multibinding keys across component boundaries. This is enabled via the -Adagger.mapMultibindingDuplicateDetectionFix=ENABLED. This option is DISABLED by default to maintain backward compatibility. See Compiler Options for more details. (504397ebe)

Commits

• d9ccdc7 2.60 release
• 7451e37 Add dependenciesRequested to ProducerMonitor
• e820a70 Refactor: Inline library sources directly within MembersInjectionValidationTest
• 4bedb4b Support nullable type annotations with a flag.
• 445e6f0 Fix wording on ProducerMonitor methodStarting and ready javadocs
• 5b8b2bd Enable Guava BetaApi checks in Dagger's Bazel build.
• 639cd2b Temporarily disable a few KSP tests before updating XProcessing artifacts.
• 5988296 Handle RuntimeExceptions in DaggerSuperficialValidation getMessage / trac...
• 2227e70 Remove unused ProcessorErrors methods.
• 7daaec5 Update Kotlin and KSP versions to 2.3.
• Additional commits viewable in compare view

Updates com.google.dagger:hilt-android-compiler from 2.59.2 to 2.60

Release notes

Sourced from com.google.dagger:hilt-android-compiler's releases.

Dagger 2.60

New features:

• Fixes #5165: Support nullable type annotations when using the flag -Adagger.nullableTypeAnnotations=enabled. For more details see https://dagger.dev/dev-guide/compiler-options#nullable-type-annotations. (4bedb4b64)
• Fixes #5087: When using the Hilt Gradle plugin, you can now disable fastInit mode from the command line, e.g. -Pdagger.hilt.fastInit=false. For more details see https://dagger.dev/hilt/flags#fast-init. (0f7642ba1)
• Introduced parameterless @Binds methods to explicitly bind @Inject constructors. For more details see https://dagger.dev/dev-guide/#parameterless-binds. (4c81e9416)

Potential breaking changes:

• When using the Hilt Gradle plugin, an error is now reported if a user sets a plugin-controlled flag (previously the plugin just ignored the user’s input). (a119ba68c)
• Multidex support is removed. minSDK for Hilt is now 23, matching AndroidX (https://issuetracker.google.com/380448311) (1990bd1c4)

Bug fixes:

• Fixes #1290: Enabled Guava BetaApi checks (5b8b2bdbe)
• Fixes #5190, #5180, #5177: Updated Kotlin version ton 2.3.21 (7daaec5a9)
• Fixes #5160: Deferred ViewModelMetadata processing on error types or missing @​AssistedFactory (59827c699)
• Fixes missing originating element attachments in a few Hilt processors to ensure correct incremental compilation tracking. (2930ca837)
• Fixes Dagger multibinding duplicate masking across Map components (compile-time validation) Adds strict compile-time detection for duplicate map multibinding keys across component boundaries. This is enabled via the -Adagger.mapMultibindingDuplicateDetectionFix=ENABLED. This option is DISABLED by default to maintain backward compatibility. See Compiler Options for more details. (504397ebe)

Commits

• d9ccdc7 2.60 release
• 7451e37 Add dependenciesRequested to ProducerMonitor
• e820a70 Refactor: Inline library sources directly within MembersInjectionValidationTest
• 4bedb4b Support nullable type annotations with a flag.
• 445e6f0 Fix wording on ProducerMonitor methodStarting and ready javadocs
• 5b8b2bd Enable Guava BetaApi checks in Dagger's Bazel build.
• 639cd2b Temporarily disable a few KSP tests before updating XProcessing artifacts.
• 5988296 Handle RuntimeExceptions in DaggerSuperficialValidation getMessage / trac...
• 2227e70 Remove unused ProcessorErrors methods.
• 7daaec5 Update Kotlin and KSP versions to 2.3.
• Additional commits viewable in compare view

Updates io.ktor:ktor-server-core-jvm from 3.5.0 to 3.5.1

Changelog

Sourced from io.ktor:ktor-server-core-jvm's changelog.

3.5.1

Published 25 June 2026

Improvements

• KTOR-9492 OpenAPI plugin: handle requireXxx functions in compiler plugin
• KTOR-9569 Add more details for KDoc of BearerAuthConfig.sendWithoutRequest
• KTOR-9571 Add KDoc for BearerAuthConfig.realm
• KTOR-9570 Add Kdoc for BearerAuthConfig.refreshTokens

Bugfixes

• KTOR-9646 Fix Kotlin 2.4.0 compiler plugin breaking changes
• KTOR-9585 OpenAPI: JsonSchema title is truncated when it contains a dot
• KTOR-9591 OpenAPI: @JsonClassDiscriminator on sealed types is ignored when generating OpenAPI discriminator schema
• KTOR-9597 OpenAPI: Schema name collisions because@SerialName of sealed subtypes is used as components.schemas key
• KTOR-9601 OpenAPI: nullable @​JvmInline value class loses nullability in generated schema
• KTOR-9620 Some issues related to digest authentication in 3.5.0
• KTOR-9623 Digest Auth: server must respond with one WWW-Authenticate header for each supported algorithm
• KTOR-9624 Digest Auth: "Unsupported charset in digest authentication header" for a charset name in lowercase
• KTOR-9630 Digest Auth: The plugin sends incorrect nonce when server responds with multiple WWW-Authenticate headers
• KTOR-9565 WebRTC: Peer stops receiving messages after a while on iOS
• KTOR-9610 WebRtcPeerConnection::close causes ClosedReceiveChannelException for other peer
• KTOR-9633 WebRTC statistics fetching race condition
• KTOR-9603 Structured concurrency is violated in WebRTC tests
• KTOR-9671 Darwin: Semicolons in URL path are sanitized
• KTOR-9639 Darwin: WebSocket client crashes the process when a PONG arrives after the session is closed
• KTOR-9575 Darwin: findCharset("UTF-16") maps to NSUTF16LittleEndianStringEncoding causing decoding failure for UTF-16 content with BOM
• KTOR-9661 HttpCache: InvalidCacheStateException is thrown on 304 when no cached entry matches varyKeys
• KTOR-9673 Caching always missing with Content Negotiation
• KTOR-9596 HttpTimeout: HttpRequestTimeoutException on any request with runTest and request timeout defined since 3.5.0
• KTOR-9632 HttpRequestBuilder.timeout call removes capabilities set in DefaultRequest
• KTOR-9252 ContentEncoding: Incomplete gzip response causes client/server to hang indefinitely
• KTOR-9670 Compression: The plugin ignores Accept-Encoding q=0 and most-specific matching
• KTOR-9614 Zstd Compression: "Destination buffer is too small" exception for a particular sequence of bytes
• KTOR-9636 CORS plugin drops OPTIONS preflight requests when allowSameOrigin is on
• KTOR-9659 CORS is skipped when the Origin header contains an IPv6 address
• KTOR-9574 ContentNegotiation: The charset of Accept-Charset header is used for response deserialization
• KTOR-9606 KotlinxSerializationConverter: it fails to deserialize an empty channel closed with a delay
• KTOR-9617 OutputStreamContent and WriterContent can exhaust Dispatchers.IO
• KTOR-9629 RawSourceChannel: coroutine cancellation is not propagated to the RawSource
• KTOR-8870 File.readChannel: do not close a non-opened file and ignore closing exceptions
• KTOR-9460 Curl: Can't build shared library with Ktor 3.4.2
• KTOR-9607 Crash on Android 7: NoSuchMethodError getInstanceStrong() since 3.5.0
• KTOR-9595 CIO: The engine imports node:net statically and breaks wasmJsBrowser webpack build
• KTOR-9615 Apache5: The underlying request is not aborted when coroutine Job is cancelled
• KTOR-8443 RoutingBuilder.contentType does not use parameters when matching
• KTOR-9425 SessionTransportTransformerEncrypt init block uses wrong IV size for AES-256 (regression of KTOR-661)
• KTOR-9621 RateLimit plugin is bypassed when the nested authenticate block rejects the request
• KTOR-8766 DI: The close method is called twice on cleanup of AutoCloseable
• KTOR-8695 GMTDate() being offset by 369 years on Windows
• KTOR-9589 Duplicate PROPERTY_SETTER target in @​InternalAPI annotation

... (truncated)

Commits

• 5ba9d6f Release 3.5.1 (#5719)
• a4f145d KTOR-9661 HttpCache: InvalidCacheStateException is thrown on 304 when… (#5701)
• 2caf278 Fix failing :ktor-io:compileDarwinMainKotlinMetadata (#5716)
• 257de90 KTOR-8766 Fix multiple invocations of close from DI
• e77a168 Fix cache misses with content negotiation 3x (#5714)
• ed22950 Make huge post test less huge
• f329069 Update dependency com.github.luben:zstd-jni to v1.5.7-11
• 6ecd072 Update dependency io.swagger.parser.v3:swagger-parser to v2.1.44
• a0534cd Update dependency io.pebbletemplates:pebble to v4.1.2
• 8647e53 Update dependency com.typesafe:config to v1.4.9
• Additional commits viewable in compare view

Updates io.ktor:ktor-server-netty-jvm from 3.5.0 to 3.5.1

Changelog

Sourced from io.ktor:ktor-server-netty-jvm's changelog.

3.5.1

Published 25 June 2026

Improvements

• KTOR-9492 OpenAPI plugin: handle requireXxx functions in compiler plugin
• KTOR-9569 Add more details for KDoc of BearerAuthConfig.sendWithoutRequest
• KTOR-9571 Add KDoc for BearerAuthConfig.realm
• KTOR-9570 Add Kdoc for BearerAuthConfig.refreshTokens

Bugfixes

• KTOR-9646 Fix Kotlin 2.4.0 compiler plugin breaking changes
• KTOR-9585 OpenAPI: JsonSchema title is truncated when it contains a dot
• KTOR-9591 OpenAPI: @JsonClassDiscriminator on sealed types is ignored when generating OpenAPI discriminator schema
• KTOR-9597 OpenAPI: Schema name collisions because@SerialName of sealed subtypes is used as components.schemas key
• KTOR-9601 OpenAPI: nullable @​JvmInline value class loses nullability in generated schema
• KTOR-9620 Some issues related to digest authentication in 3.5.0
• KTOR-9623 Digest Auth: server must respond with one WWW-Authenticate header for each supported algorithm
• KTOR-9624 Digest Auth: "Unsupported charset in digest authentication header" for a charset name in lowercase
• KTOR-9630 Digest Auth: The plugin sends incorrect nonce when server responds with multiple WWW-Authenticate headers
• KTOR-9565 WebRTC: Peer stops receiving messages after a while on iOS
• KTOR-9610 WebRtcPeerConnection::close causes ClosedReceiveChannelException for other peer
• KTOR-9633 WebRTC statistics fetching race condition
• KTOR-9603 Structured concurrency is violated in WebRTC tests
• KTOR-9671 Darwin: Semicolons in URL path are sanitized
• KTOR-9639 Darwin: WebSocket client crashes the process when a PONG arrives after the session is closed
• KTOR-9575 Darwin: findCharset("UTF-16") maps to NSUTF16LittleEndianStringEncoding causing decoding failure for UTF-16 content with BOM
• KTOR-9661 HttpCache: InvalidCacheStateException is thrown on 304 when no cached entry matches varyKeys
• KTOR-9673 Caching always missing with Content Negotiation
• KTOR-9596 HttpTimeout: HttpRequestTimeoutException on any request with runTest and request timeout defined since 3.5.0
• KTOR-9632 HttpRequestBuilder.timeout call removes capabilities set in DefaultRequest
• KTOR-9252 ContentEncoding: Incomplete gzip response causes client/server to hang indefinitely
• KTOR-9670 Compression: The plugin ignores Accept-Encoding q=0 and most-specific matching
• KTOR-9614 Zstd Compression: "Destination buffer is too small" exception for a particular sequence of bytes
• KTOR-9636 CORS plugin drops OPTIONS preflight requests when allowSameOrigin is on
• KTOR-9659 CORS is skipped when the Origin header contains an IPv6 address
• KTOR-9574 ContentNegotiation: The charset of Accept-Charset header is used for response deserialization
• KTOR-9606 KotlinxSerializationConverter: it fails to deserialize an empty channel closed with a delay
• KTOR-9617 OutputStreamContent and WriterContent can exhaust Dispatchers.IO
• KTOR-9629 RawSourceChannel: coroutine cancellation is not propagated to the RawSource
• KTOR-8870 File.readChannel: do not close a non-opened file and ignore closing exceptions
• KTOR-9460 Curl: Can't build shared library with Ktor 3.4.2
• KTOR-9607 Crash on Android 7: NoSuchMethodError getInstanceStrong() since 3.5.0
• KTOR-9595 CIO: The engine imports node:net statically and breaks wasmJsBrowser webpack build
• KTOR-9615 Apache5: The underlying request is not aborted when coroutine Job is cancelled
• KTOR-8443 RoutingBuilder.contentType does not use parameters when matching
• KTOR-9425 SessionTransportTransformerEncrypt init block uses wrong IV size for AES-256 (regression of KTOR-661)
• KTOR-9621 RateLimit plugin is bypassed when the nested authenticate block rejects the request
• KTOR-8766 DI: The close method is called twice on cleanup of AutoCloseable
• KTOR-8695 GMTDate() being offset by 369 years on Windows
• KTOR-9589 Duplicate PROPERTY_SETTER target in @​InternalAPI annotation

... (truncated)

Commits

• 5ba9d6f Release 3.5.1 (#5719)
• a4f145d KTOR-9661 HttpCache: InvalidCacheStateException is thrown on 304 when… (#5701)
• 2caf278 Fix failing :ktor-io:compileDarwinMainKotlinMetadata (#5716)
• 257de90 KTOR-8766 Fix multiple invocations of close from DI
• e77a168 Fix cache misses with content negotiation 3x (#5714)
• ed22950 Make huge post test less huge
• f329069 Update dependency com.github.luben:zstd-jni to v1.5.7-11
• 6ecd072 Update dependency io.swagger.parser.v3:swagger-parser to v2.1.44
• a0534cd Update dependency io.pebbletemplates:pebble to v4.1.2
• 8647e53 Update dependency com.typesafe:config to v1.4.9
• Additional commits viewable in compare view

Updates io.ktor:ktor-server-cio-jvm from 3.5.0 to 3.5.1

Changelog

Sourced from io.ktor:ktor-server-cio-jvm's changelog.

3.5.1

Published 25 June 2026

Improvements

• KTOR-9492 OpenAPI plugin: handle requireXxx functions in compiler plugin
• KTOR-9569 Add more details for KDoc of BearerAuthConfig.sendWithoutRequest
• KTOR-9571 Add KDoc for BearerAuthConfig.realm
• KTOR-9570 Add Kdoc for BearerAuthConfig.refreshTokens

Bugfixes

• KTOR-9646 Fix Kotlin 2.4.0 compiler plugin breaking changes
• KTOR-9585 OpenAPI: JsonSchema title is truncated when it contains a dot
• KTOR-9591 OpenAPI: @JsonClassDiscriminator on sealed types is ignored when generating OpenAPI discriminator schema
• KTOR-9597 OpenAPI: Schema name collisions because@SerialName of sealed subtypes is used as components.schemas key
• KTOR-9601 OpenAPI: nullable @​JvmInline value class loses nullability in generated schema
• KTOR-9620 Some issues related to digest authentication in 3.5.0
• KTOR-9623 Digest Auth: server must respond with one WWW-Authenticate header for each supported algorithm
• KTOR-9624 Digest Auth: "Unsupported charset in digest authentication header" for a charset name in lowercase
• KTOR-9630 Digest Auth: The plugin sends incorrect nonce when server responds with multiple WWW-Authenticate headers
• KTOR-9565 WebRTC: Peer stops receiving messages after a while on iOS
• KTOR-9610 WebRtcPeerConnection::close causes ClosedReceiveChannelException for other peer
• KTOR-9633 WebRTC statistics fetching race condition
• KTOR-9603 Structured concurrency is violated in WebRTC tests
• KTOR-9671 Darwin: Semicolons in URL path are sanitized
• KTOR-9639 Darwin: WebSocket client crashes the process when a PONG arrives after the session is closed
• KTOR-9575 Darwin: findCharset("UTF-16") maps to NSUTF16LittleEndianStringEncoding causing decoding failure for UTF-16 content with BOM
• KTOR-9661 HttpCache: InvalidCacheStateException is thrown on 304 when no cached entry matches varyKeys
• KTOR-9673 Caching always missing with Content Negotiation
• KTOR-9596 HttpTimeout: HttpRequestTimeoutException on any request with runTest and request timeout defined since 3.5.0
• KTOR-9632 HttpRequestBuilder.timeout call removes capabilities set in DefaultRequest
• KTOR-9252 ContentEncoding: Incomplete gzip response causes client/server to hang indefinitely
• KTOR-9670 Compression: The plugin ignores Accept-Encoding q=0 and most-specific matching
• KTOR-9614 Zstd Compression: "Destination buffer is too small" exception for a particular sequence of bytes
• KTOR-9636 CORS plugin drops OPTIONS preflight requests when allowSameOrigin is on
• KTOR-9659 CORS is skipped when the Origin header contains an IPv6 address
• KTOR-9574 ContentNegotiation: The charset of Accept-Charset header is used for response deserialization
• KTOR-9606 KotlinxSerializationConverter: it fails to deserialize an empty channel closed with a delay
• KTOR-9617 OutputStreamContent and WriterContent can exhaust Dispatchers.IO
• KTOR-9629 RawSourceChannel: coroutine cancellation is not propagated to the RawSource
• KTOR-8870 File.readChannel: do not close a non-opened file and ignore closing exceptions
• KTOR-9460 Curl: Can't build shared library with Ktor 3.4.2
• KTOR-9607 Crash on Android 7: NoSuchMethodError getInstanceStrong() since 3.5.0
• KTOR-9595 CIO: The engine imports node:net statically and breaks wasmJsBrowser webpack build
• KTOR-9615 Apache5: The underlying request is not aborted when coroutine Job is cancelled
• KTOR-8443 RoutingBuilder.contentType does not use parameters when matching
• KTOR-9425 SessionTransportTransformerEncrypt init block uses wrong IV size for AES-256 (regression of KTOR-661)
• KTOR-9621 RateLimit plugin is bypassed when the nested authenticate block rejects the request
• KTOR-8766 DI: The close method is called twice on cleanup of AutoCloseable
• KTOR-8695 GMTDate() being offset by 369 years on Windows
• KTOR-9589 Duplicate PROPERTY_SETTER target in @​InternalAPI annotation

... (truncated)

Commits

• 5ba9d6f Release 3.5.1 (#5719)
• a4f145d KTOR-9661 HttpCache: InvalidCacheStateException is thrown on 304 when… (#5701)
• 2caf278 Fix failing :ktor-io:compileDarwinMainKotlinMetadata (#5716)
• 257de90 KTOR-8766 Fix multiple invocations of close from DI
• e77a168 Fix cache misses with content negotiation 3x (#5714)
• ed22950 Make huge post test less huge
• f329069 Update dependency com.github.luben:zstd-jni to v1.5.7-11
• 6ecd072 Update dependency io.swagger.parser.v3:swagger-parser to v2.1.44
• a0534cd Update dependency io.pebbletemplates:pebble to v4.1.2
• 8647e53 Update dependency com.typesafe:config to v1.4.9
• Additional commits viewable in compare view

Updates io.ktor:ktor-server-netty-jvm from 3.5.0 to 3.5.1

Changelog

Sourced from io.ktor:ktor-server-netty-jvm's changelog.

3.5.1

Published 25 June 2026

Improvements

• KTOR-9492 OpenAPI plugin: handle requireXxx functions in compiler plugin
• KTOR-9569 Add more details for KDoc of BearerAuthConfig.sendWithoutRequest
• KTOR-9571 Add KDoc for BearerAuthConfig.realm
• KTOR-9570 Add Kdoc for BearerAuthConfig.refreshTokens

Bugfixes

• KTOR-9646 Fix Kotlin 2.4.0 compiler plugin breaking changes
• KTOR-9585 OpenAPI: JsonSchema title is truncated when it contains a dot
• KTOR-9591 OpenAPI: @JsonClassDiscriminator on sealed types is ignored when generating OpenAPI discriminator schema
• KTOR-9597 OpenAPI: Schema name collisions because@SerialName of sealed subtypes is used as components.schemas key
• KTOR-9601 OpenAPI: nullable @​JvmInline value class loses nullability in generated schema
• KTOR-9620 Some issues related to digest authentication in 3.5.0
• KTOR-9623 Digest Auth: server must respond with one WWW-Authenticate header for each supported algorithm
• KTOR-9624 Digest Auth: "Unsupported charset in digest authentication header" for a charset name in lowercase
• KTOR-9630 Digest Auth: The plugin sends incorrect nonce when server responds with multiple WWW-Authenticate headers
• KTOR-9565 WebRTC: Peer stops receiving messages after a while on iOS
• KTOR-9610 WebRtcPeerConnection::close causes ClosedReceiveChannelException for other peer
• KTOR-9633 WebRTC statistics fetching race condition
• KTOR-9603 Structured concurrency is violated in WebRTC tests
• KTOR-9671 Darwin: Semicolons in URL path are sanitized
• KTOR-9639 Darwin: WebSocket client crashes the process when a PONG arrives after the session is closed
• KTOR-9575 Darwin: findCharset("UTF-16") maps to NSUTF16LittleEndianStringEncoding causing decoding failure for UTF-16 content with BOM
• KTOR-9661 HttpCache: InvalidCacheStateException is thrown on 304 when no cached entry matches varyKeys
• KTOR-9673 Caching always missing with Content Negotiation
• KTOR-9596 HttpTimeout: HttpRequestTimeoutException on any request with runTest and request timeout defined since 3.5.0
• KTOR-9632 HttpRequestBuilder.timeout call removes capabilities set in DefaultRequest
• KTOR-9252 ContentEncoding: Incomplete gzip response causes client/server to hang indefinitely
• KTOR-9670 Compression: The plugin ignores Accept-Encoding q=0 and most-specific matching
• KTOR-9614 Zstd Compression: "Destination buffer is too small" exception for a particular sequence of bytes
• KTOR-9636 CORS plugin drops OPTIONS preflight requests when allowSameOrigin is on
• KTOR-9659 CORS is skipped when the Origin header contains an IPv6 address
• KTOR-9574 ContentNegotiation: The charset of Accept-Charset header is used for response deserialization
• KTOR-9606 KotlinxSerializationConverter: it fails to deserialize an empty channel closed with a delay
• KTOR-9617 OutputStreamContent and WriterContent can exhaust Dispatchers.IO
• KTOR-9629 RawSourceChannel: coroutine cancellation is not propagated to the RawSource
• KTOR-8870 File.readChannel: do not close a non-opened file and ignore closing exceptions
• KTOR-9460 Curl: Can't build shared library with Ktor 3.4.2
• KTOR-9607 Crash on Android 7: NoSuchMethodError getInstanceStrong() since 3.5.0
• KTOR-9595 CIO: The engine imports node:net statically and breaks wasmJsBrowser webpack build
• KTOR-9615 Apache5: The underlying request is not aborted when coroutine Job is cancelled
• KTOR-8443 RoutingBuilder.contentType does not use parameters when matching
• KTOR-9425 SessionTransportTransformerEncrypt init block uses wrong IV size for AES-256 (regression of KTOR-661)
• KTOR-9621 RateLimit plugin is bypassed when the nested authenticate block rejects the request
• KTOR-8766 DI: The close method is called twice on cleanup of AutoCloseable
• KTOR-8695 GMTDate() being offset by 369 years on Windows
• KTOR-9589 Duplicate PROPERTY_SETTER target in @​InternalAPI annotation

... (truncated)

Commits

• 5ba9d6f Release 3.5.1 (#5719)
• a4f145d KTOR-9661 HttpCache: InvalidCacheStateException is thrown on 304 when… (#5701)
• 2caf278 Fix failing :ktor-io:compileDarwinMainKotlinMetadata (#5716)
• 257de90 KTOR-8766 Fix multiple invocations of close from DI
• e77a168 Fix cache misses with content negotiation 3x (#5714)
• ed22950 Make huge post test less huge
• f329069 Update dependency com.github.luben:zstd-jni to v1.5.7-11
• 6ecd072 Update dependency io.swagger.parser.v3:swagger-parser to v2.1.44
• a0534cd Update dependency io.pebbletemplates:pebble to v4.1.2
• 8647e53 Update dependency com.typesafe:config to v1.4.9
• Additional commits viewable in compare view

Updates io.ktor:ktor-server-cio-jvm from 3.5.0 to 3.5.1

Changelog

Sourced from io.ktor:ktor-server-cio-jvm's changelog.

3.5.1

Published 25 June 2026

Improvements

• KTOR-9492 OpenAPI plugin: handle requireXxx functions in compiler plugin
• KTOR-9569 Add more details for KDoc of BearerAuthConfig.sendWithoutRequest
• KTOR-9571 Add KDoc for BearerAuthConfig.realm
• KTOR-9570 Add Kdoc for BearerAuthConfig.refreshTokens

Bugfixes

• KTOR-9646 Fix Kotlin 2.4.0 compiler plugin breaking changes
• KTOR-9585 OpenAPI: JsonSchema title is truncated when it contains a dot
• KTOR-9591 OpenAPI: @JsonClassDiscriminator on sealed types is ignored when generating OpenAPI discriminator schema
• KTOR-9597 OpenAPI: Schema name collisions because@SerialName of sealed subtypes is used as components.schemas key
• KTOR-9601 OpenAPI: nullable @​JvmInline value class loses nullability in generated schema
• KTOR-9620 Some issues related to digest authentication in 3.5.0
• KTOR-9623 Digest Auth: server must respond with one WWW-Authenticate header for each supported algorithm
• KTOR-9624 Digest Auth: "Unsupported charset in digest authentication header" for a charset name in lowercase
• KTOR-9630 Digest Auth: The plugin sends incorrect nonce when server responds with multiple WWW-Authenticate headers
• KTOR-9565 WebRTC: Peer stops receiving messages after a while on iOS
• KTOR-9610 WebRtcPeerConnection::close causes ClosedReceiveChannelException for other peer
• KTOR-9633 WebRTC statistics fetching race condition
• KTOR-9603 Structured concurrency is violated in WebRTC tests
• KTOR-9671 Darwin: Semicolons in URL path are sanitized
• KTOR-9639 Darwin: WebSocket client crashes the process when a PONG arrives after the session is closed
• KTOR-9575 Darwin: findCharset("UTF-16") maps to NSUTF16LittleEndianStringEncoding causing decoding failure for UTF-16 content with BOM
• KTOR-9661 HttpCache: InvalidCacheStateException is thrown on 304 when no cached entry matches varyKeys
• KTOR-9673 Caching always missing with Content Negotiation
• KTOR-9596 HttpTimeout: HttpRequestTimeoutException on any request with runTest and request timeout defined since 3.5.0
• KTOR-9632 HttpRequestBuilder.timeout call removes capabilities set in DefaultRequest
• KTOR-9252 ContentEncoding: Incomplete gzip response causes client/server to hang indefinitely
• KTOR-9670 Compression: The plugin ignores Accept-Encoding q=0 and most-specific matching
• KTOR-9614 Zstd Compression: "Destination buffer is too small" exception for a particular sequence of bytes
• KTOR-9636 CORS plugin drops OPTIONS preflight requests when...

  Description has been truncated

[devin-ai-integration]

✅ Devin Review: No Issues Found

Devin Review analyzed this PR and found no bugs or issues to report.