Bump the all group with 6 updates

[dependabot]

Bumps the all group with 6 updates:

Package	From	To
org.jetbrains.kotlin.jvm	2.3.20	2.3.21
org.sonarqube	7.2.3.7755	7.3.0.8198
com.github.ben-manes.versions	0.53.0	0.54.0
io.ktor:ktor-server-netty	3.4.2	3.4.3
org.projectlombok:lombok	1.18.44	1.18.46
gradle-wrapper	9.4.1	9.5.0

Updates org.jetbrains.kotlin.jvm from 2.3.20 to 2.3.21

Release notes

Sourced from org.jetbrains.kotlin.jvm's releases.

Kotlin 2.3.21

Changelog

Backend. Wasm

• KT-84610 [Wasm] Failed to compile klibs in IC mode

Compiler

• KT-84566 Prevent launching Default dispatcher threads from IJ SDK in kotlin compiler
• KT-85358 Native: roll back the workaround for KT-84678 once MapLibre has been properly fixed
• KT-85626 @JvmRecord in commonMain breaks compileCommonMainKotlinMetadata with "Cannot access 'java.lang.Record'"
• KT-85405 Postpone/Revert DontIgnoreUpperBoundViolatedOnImplicitArguments
• KT-84678 K/N: Undefined symbol from SPM-added ObjC frameworks when linking iOS target
• KT-85021 False positive SUBCLASS_CANT_CALL_COMPANION_PROTECTED_NON_STATIC error in multi-module project

JavaScript

• KT-82395 Support top-level declarations from compiler plugins in JS incremental compilation
• KT-84475 K/JS: false-positive exportability warnings in multi-module project
• KT-84633 Kotlin/JS: "Serializer for class not found" error when IR output granularity is whole-program
• KT-85047 Kotlin/JS: @JsStatic on suspend fun of class companion generates incorrect d.ts
• KT-84517 K/JS: bad mappings data in outputted Kotlin stdlib source map

Libraries

• KT-71848 Kotlinx.metadata: Add CompilerPluginData into Km API

Native. C and ObjC Import

• KT-85399 Kotlin/Native: TypeCastException when casting ObjC Protocol MetaClass with genericSafeCasts enabled
• KT-85508 K/N: TypeCastException when using nw_parameters_create_secure_tcp block parameter on 2.3.20

Tools. Gradle

• KT-84729 Update Gradle plugin-publish version to enable configuration cache badge on Gradle plugins portal

Tools. Gradle. Compiler plugins

• KT-85257 AGP/Compose: MergeMappingFileTask clears R8 artifacts due to @OutputDirectory annotation on AGP 9.1+

Tools. Scripts

• KT-85105 Scripts: JVM backend internal error (IR lowering) when scratch file contains anonymous object
• KT-85103 Exception while generating code when explain destructuring decls
• KT-84842 scriptCompilationClasspathFromContext behavior changed from 2.3.10 to 2.3.20
• KT-85029 Kotlin Scripting: ScriptDiagnostic reports "at null" instead of error location

Tools. Statistics (FUS)

... (truncated)

Changelog

Sourced from org.jetbrains.kotlin.jvm's changelog.

2.3.21

Backend. Wasm

• KT-84610 [Wasm] Failed to compile klibs in IC mode

Compiler

• KT-84566 Prevent launching Default dispatcher threads from IJ SDK in kotlin compiler
• KT-85358 Native: roll back the workaround for KT-84678 once MapLibre has been properly fixed
• KT-85626 @JvmRecord in commonMain breaks compileCommonMainKotlinMetadata with "Cannot access 'java.lang.Record'"
• KT-85405 Postpone/Revert DontIgnoreUpperBoundViolatedOnImplicitArguments
• KT-84678 K/N: Undefined symbol from SPM-added ObjC frameworks when linking iOS target
• KT-85021 False positive SUBCLASS_CANT_CALL_COMPANION_PROTECTED_NON_STATIC error in multi-module project

JavaScript

• KT-82395 Support top-level declarations from compiler plugins in JS incremental compilation
• KT-84475 K/JS: false-positive exportability warnings in multi-module project
• KT-84633 Kotlin/JS: "Serializer for class not found" error when IR output granularity is whole-program
• KT-85047 Kotlin/JS: @JsStatic on suspend fun of class companion generates incorrect d.ts
• KT-84517 K/JS: bad mappings data in outputted Kotlin stdlib source map

Libraries

• KT-71848 Kotlinx.metadata: Add CompilerPluginData into Km API

Native. C and ObjC Import

• KT-85399 Kotlin/Native: TypeCastException when casting ObjC Protocol MetaClass with genericSafeCasts enabled
• KT-85508 K/N: TypeCastException when using nw_parameters_create_secure_tcp block parameter on 2.3.20

Tools. Gradle

• KT-84729 Update Gradle plugin-publish version to enable configuration cache badge on Gradle plugins portal

Tools. Gradle. Compiler plugins

• KT-85257 AGP/Compose: MergeMappingFileTask clears R8 artifacts due to @OutputDirectory annotation on AGP 9.1+

Tools. Scripts

• KT-85105 Scripts: JVM backend internal error (IR lowering) when scratch file contains anonymous object
• KT-85103 Exception while generating code when explain destructuring decls
• KT-84842 scriptCompilationClasspathFromContext behavior changed from 2.3.10 to 2.3.20
• KT-85029 Kotlin Scripting: ScriptDiagnostic reports "at null" instead of error location

Tools. Statistics (FUS)

• KT-85628 KGP: composite build FUS metrics fail on access of 'configurationTimeMetrics'

Commits

• fea1ad8 Add ChangeLog for 2.3.21-RC2
• 09c341e disable swift export execution tests in order to update macos
• 67a0868 Avoid accessing KotlinNativeLink taskProvider when task was not executed
• f89e5db [K/N] Disable TSAN in runtime tests
• 45d6c85 [K/N] Don't generate generic safe casts for Objective-C types
• 9261a6f [K/N][tests] Add a reproducer for KT-85508
• c9ab9db [K/N][tests] Add a reproducer for KT-85399
• 502e844 Explain: fix for destructuring declarations
• 0c26485 Explain: fix for object literals
• 68a9e3f [minor] fix testdata name in explain test
• Additional commits viewable in compare view

Updates org.sonarqube from 7.2.3.7755 to 7.3.0.8198

Updates com.github.ben-manes.versions from 0.53.0 to 0.54.0

Updates io.ktor:ktor-server-netty from 3.4.2 to 3.4.3

Release notes

Sourced from io.ktor:ktor-server-netty's releases.

3.4.3

Published 22 April 2026

Bugfixes

• KTOR-9451 OpenAPI schema inference not working for custom nested generics
• KTOR-9490 OpenAPI: Self-referential schema $ref uses FQN while schema is registered with a simple name
• KTOR-9463 OpenAPI: schema inference StackOverflow
• KTOR-8938 WebSockets: WebSockets handler does not inherit server coroutine context
• KTOR-8989 Shared engine is closed when a client created with config method is closed
• KTOR-9485 Apache5: FutureCallback never called, breaking Java agent instrumentation
• KTOR-9497 Darwin: SIGABRT crash when close() races with in-flight execute() since 3.4.2
• KTOR-9431 SuspendFunctionGun: ThreadContextElement leaks across requests when interceptor suspends
• KTOR-9423 CannotTransformContentToTypeException leaks internal class names in response body
• KTOR-9461 Incorrect link to the OWASP cheatsheet in the KDoc for CSRF plugin
• KTOR-9476 Unable to update/remove session data if no response content
• KTOR-9343 HttpRequestLifecycle plugin with cancelCallOnClose on, cancels subsequent requests when CallLogging plugin with callIdMdc is installed

Changelog

Sourced from io.ktor:ktor-server-netty's changelog.

3.4.3

Published 22 April 2026

Bugfixes

• KTOR-9451 OpenAPI schema inference not working for custom nested generics
• KTOR-9490 OpenAPI: Self-referential schema $ref uses FQN while schema is registered with a simple name
• KTOR-9463 OpenAPI: schema inference StackOverflow
• KTOR-8938 WebSockets: WebSockets handler does not inherit server coroutine context
• KTOR-8989 Shared engine is closed when a client created with config method is closed
• KTOR-9485 Apache5: FutureCallback never called, breaking Java agent instrumentation
• KTOR-9497 Darwin: SIGABRT crash when close() races with in-flight execute() since 3.4.2
• KTOR-9431 SuspendFunctionGun: ThreadContextElement leaks across requests when interceptor suspends
• KTOR-9423 CannotTransformContentToTypeException leaks internal class names in response body
• KTOR-9461 Incorrect link to the OWASP cheatsheet in the KDoc for CSRF plugin
• KTOR-9476 Unable to update/remove session data if no response content
• KTOR-9343 HttpRequestLifecycle plugin with cancelCallOnClose on, cancels subsequent requests when CallLogging plugin with callIdMdc is installed

Commits

• 5d9a998 Release 3.4.3 (#5547)
• 6a11a76 KTOR-8989 Close or cancel engine only when the client reference count… (#5525)
• 3acb8ea KTOR-8938 Inherit server coroutine context in WebSocket session (#5426)
• cec7d38 Fix flaky test failures on native platforms (#5485)
• bd8bea1 KTOR-9507 Update Jackson to 2.21 and 3.1.0
• 5e29515 KTOR-9507 Update netty to 4.2.12
• 733b8e1 KTOR-9373 Make ConcurrentMap iteration safe on Native (#5407)
• 1f83f21 KTOR-9451 Support nested generic types (#5500)
• 2440990 Apache 5 Client. Don't ignore resultCallback (#5526)
• 430f320 Follow-up: KTOR-9497 Preventing a fatal crash in DarwinSession on close (#5533)
• Additional commits viewable in compare view

Updates org.projectlombok:lombok from 1.18.44 to 1.18.46

Changelog

Sourced from org.projectlombok:lombok's changelog.

v1.18.46 (April 22nd, 2026)

• PLATFORM: JDK26 support added #4019.
• PLATFORM: Spring Tools Suite 5 supported #3985.
• BUGFIX: @Jacksonized no longer stops generating @JsonProperty once an explicit @JsonIgnore annotations is encountered #4022.
• BUGFIX: In eclipse, mixing @Jacksonized and fluent = true no longer causes the error com.fasterxml.jackson.annotation.JsonProperty is not a repeatable annotation interface. #3934.
• BUGFIX: Some finishing touches for v1.18.44's support of Jackson3 #4004.

Commits

• 936ca59 [build] lombok's launcher is still intended to be 1.4 compatible, or at least...
• fcdab3f [version] pre-release version bump
• 1cb7d49 [changelog]#4004 Mention Jackson3 final touches in changelog.
• 12a15b0 Fix: Bump EA_JDK to 27 (25 and 26 have been released)
• 2be766c Merge branch 'jackson3-final-touches'
• 290fa4c [trivial] constantize the warning we spit out for ambiguous jackson2/3, and m...
• e6567b6 test: Add Jackson 3 test cases and version ambiguity warnings
• 45e72e2 feat: Add Jackson 3 databind/dataformat annotations to HandlerUtil copy lists
• 184d423 feat: Add Jackson 3 support to @​Jacksonized handlers
• e027ad0 refactored to ShadowClassLoader use Collections::enumeration instead of Vector
• Additional commits viewable in compare view

Updates gradle-wrapper from 9.4.1 to 9.5.0

Release notes

Sourced from gradle-wrapper's releases.

9.5.0

The Gradle team is excited to announce Gradle 9.5.0.

Here are the highlights of this release:

• Task provenance in reports and failure messages
• Type-safe accessors for precompiled Kotlin Settings plugins

Read the Release Notes

We would like to thank the following community members for their contributions to this release of Gradle: atm1020, mataha, Adam, Attila Kelemen, Benedikt Ritter, Björn Kautler, Caro Silva Rode, CHANHAN, Dmitry Nezavitin, Eng Zer Jun, KugelLibelle, Madalin Valceleanu, Markus Gaisbauer, Oliver Kopp, Philip Wedemann, ploober, Roberto Perez Alcolea, Rohit Anand, Suvrat Acharya, Ujwal Suresh Vanjare, Victor Merkulov

Upgrade instructions

Switch your build to use Gradle 9.5.0 by updating your wrapper:

./gradlew wrapper --gradle-version=9.5.0 && ./gradlew wrapper

See the Gradle 9.x upgrade guide to learn about deprecations, breaking changes and other considerations when upgrading.

For Java, Groovy, Kotlin and Android compatibility, see the full compatibility notes.

Reporting problems

If you find a problem with this release, please file a bug on GitHub Issues adhering to our issue guidelines. If you're not sure you're encountering a bug, please use the forum.

We hope you will build happiness with Gradle, and we look forward to your feedback via Twitter or on GitHub.

9.5.0 RC4

... (truncated)

Commits

• 3fe117d Update jdks.yaml (#37703)
• 33d145a Update jdks.yaml
• f7a05d1 Update Gradle wrapper to version 9.5.0-rc-4 (#37654)
• 266facd Update Gradle wrapper to version 9.5.0-rc-4
• 0ad6dd8 Suppress OSC taskbar reset on plain/piped stdout (#37646)
• 966025d Suppress OSC taskbar reset on plain/piped stdout
• e745573 Polish IP docs (#37642)
• d5cfd07 Ensure BuildOperationQueue will progress without extra leases (#37629)
• acdf0c3 Ensure BuildOperationQueue will progress without extra leases
• f7d0e4f Rename anchor
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud