Bump the gradle-dependencies group across 1 directory with 10 updates

[dependabot]

Bumps the gradle-dependencies group with 10 updates in the / directory:

Package	From	To
commons-io:commons-io	2.19.0	2.21.0
com.squareup.okio:okio	3.11.0	3.16.4
org.spockframework:spock-core	2.3-groovy-3.0	2.4-groovy-5.0
org.spockframework:spock-junit4	2.3-groovy-3.0	2.4-groovy-5.0
org.junit.jupiter:junit-jupiter	5.12.2	6.0.1
org.codehaus.groovy:groovy-json	3.0.24	3.0.25
com.networknt:json-schema-validator	1.5.6	3.0.0
org.jetbrains:annotations	26.0.2	26.0.2-1
com.google.code.gson:gson	2.13.0	2.13.2
com.gradle.plugin-publish	1.3.1	2.0.0

Updates commons-io:commons-io from 2.19.0 to 2.21.0

Changelog

Sourced from commons-io:commons-io's changelog.

Apache Commons IO 2.21.0 Release Notes

The Apache Commons IO team is pleased to announce the release of Apache Commons IO 2.21.0.

Introduction

The Apache Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more.

Version 2.21.0: Java 8 or later is required.

New features

o FileUtils#byteCountToDisplaySize() supports Zettabyte, Yottabyte, Ronnabyte and Quettabyte #763. Thanks to strangelookingnerd, Gary Gregory. o Add org.apache.commons.io.FileUtils.ONE_RB #763. Thanks to strangelookingnerd, Gary Gregory. o Add org.apache.commons.io.FileUtils.ONE_QB #763. Thanks to strangelookingnerd, Gary Gregory. o Add org.apache.commons.io.output.ProxyOutputStream.writeRepeat(byte[], int, int, long). Thanks to Gary Gregory. o Add org.apache.commons.io.output.ProxyOutputStream.writeRepeat(byte[], long). Thanks to Gary Gregory. o Add org.apache.commons.io.output.ProxyOutputStream.writeRepeat(int, long). Thanks to Gary Gregory. o Add length unit support in FileSystem limits. Thanks to Piotr P. Karwasz. o Add IOUtils.toByteArray(InputStream, int, int) for safer chunked reading with size validation. Thanks to Piotr P. Karwasz. o Add org.apache.commons.io.file.PathUtils.getPath(String, String). Thanks to Gary Gregory. o Add org.apache.commons.io.channels.ByteArraySeekableByteChannel. Thanks to Gary Gregory. o Add IOIterable.asIterable(). Thanks to Gary Gregory. o Add NIO channel support to AbstractStreamBuilder. Thanks to Piotr P. Karwasz. o Add CloseShieldChannel to close-shielded NIO Channels #786. Thanks to Piotr P. Karwasz. o Added IOUtils.checkFromIndexSize as a Java 8 backport of Objects.checkFromIndexSize #790. Thanks to Piotr P. Karwasz.

Fixed Bugs

o When testing on Java 21 and up, enable -XX:+EnableDynamicAgentLoading. Thanks to Gary Gregory. o When testing on Java 24 and up, don't fail FileUtilsListFilesTest for a different behavior in the JRE. Thanks to Gary Gregory. o ValidatingObjectInputStream does not validate dynamic proxy interfaces. Thanks to Stanislav Fort, Gary Gregory. o BoundedInputStream.getRemaining() now reports Long.MAX_VALUE instead of 0 when no limit is set. Thanks to Piotr P. Karwasz. o BoundedInputStream.available() correctly accounts for the maximum read limit. Thanks to Piotr P. Karwasz. o Deprecate IOUtils.readFully(InputStream, int) in favor of toByteArray(InputStream, int). Thanks to Gary Gregory, Piotr P. Karwasz. o IOUtils.toByteArray(InputStream) now throws IOException on byte array overflow. Thanks to Piotr P. Karwasz. o Javadoc general improvements. Thanks to Gary Gregory, Piotr P. Karwasz. o IOUtils.toByteArray() now throws EOFException when not enough data is available #796. Thanks to Piotr P. Karwasz. o Fix IOUtils.skip() usage in concurrent scenarios. Thanks to Piotr P. Karwasz. o [javadoc] Fix XmlStreamReader Javadoc to indicate the correct class that is built #806. Thanks to J Hawkins.

Changes

o Bump org.apache.commons:commons-parent from 85 to 91 #774, #783, #808. Thanks to Gary Gregory, Dependabot.

... (truncated)

Commits

• 54073d3 Prepare for the release candidate 2.21.0 RC1
• f141f09 Prepare for the next release candidate
• adcf135 Add license header
• 0f499d0 Use new oak logo
• 34a961c Use HTTPS in URL
• 9e51118 Use HTTPS in URL
• d715865 Add dependabot email [skip ci]
• 3d6a7e1 Javadoc
• ad875d5 Bump actions/upload-artifact from 4.6.2 to 5.0.0 (#810)
• bc01dee Bump github/codeql-action from 4.30.9 to 4.31.2 (#811)
• Additional commits viewable in compare view

Updates com.squareup.okio:okio from 3.11.0 to 3.16.4

Changelog

Sourced from com.squareup.okio:okio's changelog.

Version 3.16.4

2025-11-17

• Fix: Don't delay triggering timeouts. In 3.16.0 we introduced a regression that caused timeouts to fire later than they were supposed to.

Version 3.16.3

2025-11-14

This release is the same as 3.16.2. We forgot to cherry-pick a commit before we released!

Version 3.16.2

2025-10-14

• Fix: okio-assetfilesystem APIs now correctly restored as visible to Kotlin.

Version 3.16.1

2025-10-09

• Fix: Don't crash when calling Socket.shutdownOutput() or shutdownInput() on an SSLSocket on Android API 21. This method throws an UnsupportedOperationException, so we now catch that and close the underlying stream instead.

Version 3.16.0

2025-07-29

• Fix: Change Socket.asOkioSocket() to resolve its source InputStream and OutputStream eagerly. This will throw a SocketException immediately if the socket isn’t connected. This behavior is consistent with our similar APIs, Socket.source() and Socket.sink().

• Fix: Optimize AsyncTimeout on systems with a very large number of active timeouts. This class originally kept active timeouts in a linked list; with this update the internal data structure is a binary heap. The old runtime was 𝑂(𝑛²) to activate 𝑛 timeouts; with this optimization the runtime is 𝑂(𝑛 log 𝑛).

• Upgrade: [Kotlin 2.2.0][kotlin_2_2_0].

Version 3.15.0

2025-07-01

... (truncated)

Commits

• 74b87c8 Prepare for release 3.16.4.
• 5cffb11 Fix compareTo function for priority queue in Asynctimeout (#1738)
• c869a7b Prepare next development version.
• 06289cc Prepare for release 3.16.3.
• 42ed971 Prepare version 3.16.2
• 855f632 Update dependency com.android.tools.build:gradle to v9.0.0-alpha10 (#1715)
• d8f54b5 Prepare next development version.
• 6328c9c Prepare for release 3.16.1.
• 3df8719 Recover from an SSLSocket crash (#1714)
• d2897ad Update dependency com.android.tools.build:gradle to v9.0.0-alpha09 (#1713)
• Additional commits viewable in compare view

Updates org.spockframework:spock-core from 2.3-groovy-3.0 to 2.4-groovy-5.0

Release notes

Sourced from org.spockframework:spock-core's releases.

Spock 2.4

https://spockframework.org/spock/docs/2.4/release_notes.html

Spock 2.4-M7

https://spockframework.org/spock/docs/2.4-M7/index.html

Spock 2.4-M6

https://spockframework.org/spock/docs/2.4-M6/index.html

Spock 2.4-M5

https://spockframework.org/spock/docs/2.4-M5/index.html

Spock 2.4-M4

https://spockframework.org/spock/docs/2.4-M4/index.html

Spock 2.4-M3

https://spockframework.org/spock/docs/2.4-M3/index.html

Spock 2.4-M2

https://spockframework.org/spock/docs/2.4-M2/release_notes.html

Spock 2.4-M1

https://spockframework.org/spock/docs/2.4-M1/release_notes.html

Commits

• See full diff in compare view

Updates org.spockframework:spock-junit4 from 2.3-groovy-3.0 to 2.4-groovy-5.0

Release notes

Sourced from org.spockframework:spock-junit4's releases.

Spock 2.4

https://spockframework.org/spock/docs/2.4/release_notes.html

Spock 2.4-M7

https://spockframework.org/spock/docs/2.4-M7/index.html

Spock 2.4-M6

https://spockframework.org/spock/docs/2.4-M6/index.html

Spock 2.4-M5

https://spockframework.org/spock/docs/2.4-M5/index.html

Spock 2.4-M4

https://spockframework.org/spock/docs/2.4-M4/index.html

Spock 2.4-M3

https://spockframework.org/spock/docs/2.4-M3/index.html

Spock 2.4-M2

https://spockframework.org/spock/docs/2.4-M2/release_notes.html

Spock 2.4-M1

https://spockframework.org/spock/docs/2.4-M1/release_notes.html

Commits

• See full diff in compare view

Updates org.junit.jupiter:junit-jupiter from 5.12.2 to 6.0.1

Release notes

Sourced from org.junit.jupiter:junit-jupiter's releases.

JUnit 6.0.1 = Platform 6.0.1 + Jupiter 6.0.1 + Vintage 6.0.1

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.0.0...r6.0.1

JUnit 6.0.0 = Platform 6.0.0 + Jupiter 6.0.0 + Vintage 6.0.0

See Release Notes.

New Contributors

• @​2897robo made their first contribution in junit-team/junit-framework#4525
• @​strangelookingnerd made their first contribution in junit-team/junit-framework#4683
• @​eric6iese made their first contribution in junit-team/junit-framework#4717
• @​raccoonback made their first contribution in junit-team/junit-framework#4822
• @​currenjin made their first contribution in junit-team/junit-framework#4823
• @​mehulimukherjee made their first contribution in junit-team/junit-framework#4913
• @​lslonina made their first contribution in junit-team/junit-framework#4629

Full Changelog: junit-team/junit-framework@r5.14.0...r6.0.0

JUnit 6.0.0-RC3 = Platform 6.0.0-RC3 + Jupiter 6.0.0-RC3 + Vintage 6.0.0-RC3

See Release Notes.

New Contributors

• @​mehulimukherjee made their first contribution in junit-team/junit-framework#4913
• @​lslonina made their first contribution in junit-team/junit-framework#4629

Full Changelog: junit-team/junit-framework@r6.0.0-RC2...r6.0.0-RC3

JUnit 6.0.0-RC2 = Platform 6.0.0-RC2 + Jupiter 6.0.0-RC2 + Vintage 6.0.0-RC2

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.0.0-RC1...r6.0.0-RC2

JUnit 6.0.0-RC1 = Platform 6.0.0-RC1 + Jupiter 6.0.0-RC1 + Vintage 6.0.0-RC1

See Release Notes.

New Contributors

• @​raccoonback made their first contribution in junit-team/junit-framework#4822
• @​currenjin made their first contribution in junit-team/junit-framework#4823

Full Changelog: junit-team/junit-framework@r6.0.0-M2...r6.0.0-RC1

JUnit 6.0.0-M2 = Platform 6.0.0-M2 + Jupiter 6.0.0-M2 + Vintage 6.0.0-M2

See Release Notes.

... (truncated)

Commits

• d774b9c Release 6.0.1 (second attempt)
• 8178545 Mark module as deprecated for removal
• 7b43fcc Back to snapshots for further development
• a5ef746 Release 6.0.1
• 008be8d Finalize 5.14.1 release notes
• b2c55a8 Finalize 6.0.1 release notes
• 866c01a Add note about duplicate test execution with @​Suite (#5080)
• de88e88 Fix broken links in documentation
• 9dd132d Add Valhalla EA to workflow matrix
• fedda88 Make jdk.jfr import optional in OSGi manifest (#5092)
• Additional commits viewable in compare view

Updates org.codehaus.groovy:groovy-json from 3.0.24 to 3.0.25

Commits

• See full diff in compare view

Updates com.networknt:json-schema-validator from 1.5.6 to 3.0.0

Release notes

Sourced from com.networknt:json-schema-validator's releases.

3.0.0- 2025-12-13

Added

Changed

• Upgrade to Jackson 3 and JDK 17 (#1219) Thanks @​justin-tay

2.0.1- 2025-12-11

Added

Changed

• Skip processing of properties keyword if not an object (#1217) Thanks @​justin-tay
• Allow for default dialect id not to be specified and throw an exception (#1212) Thanks @​justin-tay
• Fix multipleOf error message for fractional digits greater than 3 (#1210) Thanks @​justin-tay

2.0.0- 2025-10-25

Added

Changed

• Fix ref with sibling id from 2019-09 (#1203) Thanks @​justin-tay
• Refactor walk and update docs (#1202) Thanks @​justin-tay
• Fix matching of $ when there are trailing newlines (#1201) Thanks @​justin-tay
• Refactor evaluation context out from validator state (#1199) Thanks @​justin-tay
• Main refactor for 2.x (#1198) Thanks @​justin-tay
• Refactor set to list in execution context (#1197) Thanks @​justin-tay
• Refactor and remove validation message handler (#1196) Thanks @​justin-tay
• Add benchmark for performance regression testing (#1195) Thanks @​justin-tay

1.5.9- 2025-09-13

Added

Changed

• Fix idn-hostname format and update json schema test suite (#1191) Thanks @​justin-tay
• Fix JoniRegularExpression compatibility issues with ECMA-262 (#1193) Thanks @​justin-tay
• Fix time format validation (#1188) Thanks @​justin-tay
• Fix eclipse junit issue due to m2e-core (#1189) Thanks @​justin-tay
• Support readOnly and writeOnly for required validation (#1186) Thanks @​justin-tay
• Spanish translations (#1183) Thanks @​MickMonaghanGW
• Upgrade to ITU 1.14.0 (#1184) Thanks @​ethlo
• Add mpenet/legba to list of librairies (#1181) Thanks @​mpenet

1.5.8- 2025-06-27

... (truncated)

Changelog

Sourced from com.networknt:json-schema-validator's changelog.

Change Log

All notable changes to this project will be documented in this file.

This format is based on Keep a Changelog.

This project does not adhere to Semantic Versioning and minor version changes can have incompatible API changes. These incompatible API changes will largely affect those who have custom validator or walker implementations. Those who just use the library to validate using the standard JSON Schema Draft specifications may not need changes.

[Unreleased]

Added

Changed

Changed

3.0.0- 2025-12-13

Added

Changed

• Upgrade to Jackson 3 and JDK 17 (#1219) Thanks @​justin-tay

2.0.1- 2025-12-11

Added

Changed

• Skip processing of properties keyword if not an object (#1217) Thanks @​justin-tay
• Allow for default dialect id not to be specified and throw an exception (#1212) Thanks @​justin-tay
• Fix multipleOf error message for fractional digits greater than 3 (#1210) Thanks @​justin-tay

2.0.0- 2025-10-25

Added

Changed

• Fix ref with sibling id from 2019-09 (#1203) Thanks @​justin-tay
• Refactor walk and update docs (#1202) Thanks @​justin-tay
• Fix matching of $ when there are trailing newlines (#1201) Thanks @​justin-tay
• Refactor evaluation context out from validator state (#1199) Thanks @​justin-tay
• Main refactor for 2.x (#1198) Thanks @​justin-tay
• Refactor set to list in execution context (#1197) Thanks @​justin-tay
• Refactor and remove validation message handler (#1196) Thanks @​justin-tay
• Add benchmark for performance regression testing (#1195) Thanks @​justin-tay

1.5.9- 2025-09-13

... (truncated)

Commits

• 2621edc upgrade to 3.0.0 and update changelog
• c485230 Upgrade to Jackson 3 and JDK 17 (#1219)
• ad0f41b Merge branch 'master' of github.com:networknt/json-schema-validator
• 54d1b71 upgrade to 2.0.1 and update changelog
• b044361 Skip processing of properties keyword if not an object (#1217)
• cbc4caa Allow for default dialect id not to be specified and throw an exception (#1212)
• 3f419f4 Fix multipleOf error message for fractional digits greater than 3 (#1210)
• 0dde00c upgrade to 2.0.0 and update changelog
• b4abbc2 Fix ref with sibling id from 2019-09 (#1203)
• 7bebfeb Refactor walk and update docs (#1202)
• Additional commits viewable in compare view

Updates org.jetbrains:annotations from 26.0.2 to 26.0.2-1

Release notes

Sourced from org.jetbrains:annotations's releases.

26.0.2-1

A technical release to employ new Maven publishing machinery

Changelog

Sourced from org.jetbrains:annotations's changelog.

Version 26.0.2-1

• A technical release using the new Sonatype publication mechanism, see https://central.sonatype.org/publish/publish-portal-guide/

Commits

• 20ff2b3 Merge pull request #130 from DmPanov/dmpanov/allworknoplay
• 21116cc the version is bumped to 26.0.2-1 to test the Maven Central publication
• b44ce8d Maven Central artifacts task
• 5fb050c legacy Sonatype publishing removed
• 2a28eab Merge pull request #120 from JojOatXGME/override-only-static
• dd44b5b OverrideOnly: Update documentation to exclude static methods
• See full diff in compare view

Updates com.google.code.gson:gson from 2.13.0 to 2.13.2

Release notes

Sourced from com.google.code.gson:gson's releases.

Gson 2.13.2

The main changes in this release are just newer dependencies.

What's Changed

• Improved packaging of JPMS module declaration in Gson jar
  This fixes an issue where Eclipse and VS Code users could not refer to the Gson module name com.google.gson. See issue google/gson#2679.
• Remove internal class GsonPreconditions by @​Marcono1234 in google/gson#2879
• Switch to using central-publishing-maven-plugin by @​eamonnmcmanus in google/gson#2900

New Contributors

• @​MukjepScarlet made their first contribution in google/gson#2852
• @​ChrisCraik made their first contribution in google/gson#2856

Full Changelog: google/gson@gson-parent-2.13.1...gson-parent-2.13.2

Gson 2.13.1

What's Changed

• Give FieldNamingStrategy the ability to return multiple String names by @​mfriesen in google/gson#2776
• Remove outdated android-proguard-example by @​Goooler in google/gson#2843
• Adjust Troubleshooting Guide ProGuard / R8 section by @​Marcono1234 in google/gson#2844
• Update dependencies, including the problematic com.google.errorprone:error_prone_annotations:2.37.0.

New Contributors

• @​mfriesen made their first contribution in google/gson#2776
• @​Goooler made their first contribution in google/gson#2843

Full Changelog: google/gson@gson-parent-2.13.0...gson-parent-2.13.1

Commits

• 686fad7 [maven-release-plugin] prepare release gson-parent-2.13.2
• c2d252a Switch to using central-publishing-maven-plugin. (#2900)
• 69cb755 Bump the github-actions group with 5 updates (#2894)
• ea552c2 Bump the maven group across 1 directory with 3 updates (#2898)
• fdc616d Set top-level permissions for CodeQL workflow (#2889)
• 9334715 Create scorecard.yml (#2888)
• f7de5c2 Bump the maven group with 8 updates (#2885)
• 8c23cd3 Update sources to satisfy a new Error Prone check. (#2887)
• 5eab3ed Bump the github-actions group with 2 updates (#2886)
• 5f5c200 Bump the maven group across 1 directory with 10 updates (#2872)
• Additional commits viewable in compare view

Updates com.gradle.plugin-publish from 1.3.1 to 2.0.0

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
org.spockframework:spock-core	[>= 2.3-groovy-4.a, < 2.4]
org.spockframework:spock-junit4	[>= 2.3-groovy-4.a, < 2.4]
org.spockframework:spock-core	[< 3, > 2.3-groovy-3.0]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions