Bump the production-dependencies group across 1 directory with 16 updates

[dependabot]

Bumps the production-dependencies group with 16 updates in the / directory:

Package	From	To
tools.jackson.core:jackson-databind	3.1.0	3.1.3
tools.jackson.module:jackson-module-kotlin	3.1.0	3.1.3
org.jetbrains.kotlinx:kotlinx-serialization-json	1.10.0	1.11.0
commons-codec:commons-codec	1.21.0	1.22.0
org.slf4j:slf4j-api	2.0.17	2.0.18
org.projectlombok:lombok	1.18.44	1.18.46
org.apache.logging.log4j:log4j-api	2.25.4	2.26.0
org.apache.logging.log4j:log4j-slf4j2-impl	2.25.4	2.26.0
org.apache.logging.log4j:log4j-core	2.25.4	2.26.0
joda-time:joda-time	2.14.1	2.14.2
commons-io:commons-io	2.21.0	2.22.0
com.sun.xml.bind:jaxb-impl	4.0.7	4.0.8
com.google.guava:guava	33.5.0-jre	33.6.0-jre
org.threeten:threetenbp	1.7.2	1.7.3
org.jetbrains.kotlinx:kotlinx-datetime-jvm	0.7.1-0.6.x-compat	0.8.0-0.6.x-compat
org.jetbrains.dokka:dokka-maven-plugin	2.1.0	2.2.0

Updates tools.jackson.core:jackson-databind from 3.1.0 to 3.1.3

Commits

• See full diff in compare view

Updates tools.jackson.module:jackson-module-kotlin from 3.1.0 to 3.1.3

Commits

• 29d5f87 [maven-release-plugin] prepare release jackson-module-kotlin-3.1.3
• a3ca6cd Prep for 3.1.3 release
• 71420eb Post-release dep version bump
• af0d552 [maven-release-plugin] prepare for next development iteration
• c68f674 [maven-release-plugin] prepare release jackson-module-kotlin-3.1.2
• a4a6936 Prep for 3.1.2 release
• 1fbe167 Merge branch '2.x' into 3.1
• 1da9201 Merge pull request #1147 from FasterXML/2.21
• 6bc10e7 Merge pull request #1146 from k163377/ci
• d75eba0 Update versions for ci
• Additional commits viewable in compare view

Updates tools.jackson.module:jackson-module-kotlin from 3.1.0 to 3.1.3

Commits

• 29d5f87 [maven-release-plugin] prepare release jackson-module-kotlin-3.1.3
• a3ca6cd Prep for 3.1.3 release
• 71420eb Post-release dep version bump
• af0d552 [maven-release-plugin] prepare for next development iteration
• c68f674 [maven-release-plugin] prepare release jackson-module-kotlin-3.1.2
• a4a6936 Prep for 3.1.2 release
• 1fbe167 Merge branch '2.x' into 3.1
• 1da9201 Merge pull request #1147 from FasterXML/2.21
• 6bc10e7 Merge pull request #1146 from k163377/ci
• d75eba0 Update versions for ci
• Additional commits viewable in compare view

Updates org.jetbrains.kotlinx:kotlinx-serialization-json from 1.10.0 to 1.11.0

Release notes

Sourced from org.jetbrains.kotlinx:kotlinx-serialization-json's releases.

1.11.0

This release is based on Kotlin 2.3.20 and provides a new Json exceptions API and some bugfixes and improvements.

Expose Json exceptions structure

To make working with exceptions easier and providing proper error codes in e.g., REST APIs, classes JsonException, JsonDecodingException, and JsonEncodingException are now public. They have relevant public properties, such as shortMessage, path, offset, and others. This API is currently experimental, and we're going to improve it further in the subsequent releases. See the linked issues for the details: #1930, #1877.

Ability to hide user input from exception messages for security/privacy reasons.

Historically, exception messages in kotlinx.serialization often included the input Json itself for debuggability reason. Such behavior may pose additional challenges for logging, analytics, and other systems, since a system is not always allowed to store user data due to privacy/security reasons, which imposes additional sanitation logic. To address this issue, a new property exceptionsWithDebugInfo is added to JsonConfiguration. Disable it to hide user input from exception messages. IMPORTANT: This behavior will be enabled by default when this property becomes stable. See #2590 for more details.

Bugfixes and improvements

• CBOR: Relax value range check when decoding numbers (#3167)
• Use a specialized writeDecimalLong method for IO stream integrations in Json (#3152)

Changelog

Sourced from org.jetbrains.kotlinx:kotlinx-serialization-json's changelog.

1.11.0 / 2026-04-10

This release is based on Kotlin 2.3.20 and provides new Json exceptions API and some bugfixes and improvements.

Expose Json exceptions structure

To make working with exceptions easier and providing proper error codes in e.g., REST APIs, classes JsonException, JsonDecodingException, and JsonEncodingException are now public. They have relevant public properties, such as shortMessage, path, offset, and others. This API is currently experimental, and we're going to improve it further in the subsequent releases. See the linked issues for the details: #1930, #1877.

Ability to hide user input from exception messages for security/privacy reasons.

Historically, exception messages in kotlinx.serialization often included the input Json itself for debuggability reason. Such behavior may pose additional challenges for logging, analytics, and other systems, since a system is not always allowed to store user data due to privacy/security reasons, which imposes additional sanitation logic. To address this issue, a new property exceptionsWithDebugInfo is added to JsonConfiguration. Disable it to hide user input from exception messages. IMPORTANT: This behavior will be enabled by default when this property becomes stable. See #2590 for more details.

Bugfixes and improvements

• CBOR: Relax value range check when decoding numbers (#3167)
• Use a specialized writeDecimalLong method for IO stream integrations in Json (#3152)

Commits

• 6956af2 Prepare 1.11 release
• 390d84c Merge remote-tracking branch 'origin/master' into dev
• 431fe2d Use local repo for publishing (#3171)
• 05c12b6 Add usage attribute to "testRepositories" configuration
• a4e1f08 Bump Kover version to 0.9.8 release (#3174)
• 304e858 Expose Json exceptions structure (#3145)
• 4a0338e Included G Play SDK verification file for core-jvm (#3169)
• 421f64c CBOR: Relax value range check when decoding numbers (#3167)
• 85a4f12 KT-84955: mark apple x64 tagets as deprecated error
• bd38b0e Remove dead code
• Additional commits viewable in compare view

Updates commons-codec:commons-codec from 1.21.0 to 1.22.0

Changelog

Sourced from commons-codec:commons-codec's changelog.

Apache Commons Codec 1.22.0 Release Notes

The Apache Commons Codec team is pleased to announce the release of Apache Commons Codec 1.22.0.

The Apache Commons Codec component contains encoders and decoders for formats such as Base16, Base32, Base64, digest, and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.

This is a feature and maintenance release. Java 8 or later is required.

New features

• CODEC-326: Add Base58 support. Thanks to Inkeet, Gary Gregory, Wolff Bock von Wuelfingen.

•         Add BaseNCodecInputStream.AbstracBuilder.setByteArray(byte[]). Thanks to Gary Gregory.
  

• CODEC-335: Add GitIdentifiers to compute Git blob and tree object identifiers. Thanks to Piotr P. Karwasz, Gary Gregory.

Fixed Bugs

• CODEC-249: Fix Incorrect transform of CH digraph according Metaphone basic rules #423. Thanks to Shalu Jha, Andrey, Gary Gregory.
• CODEC-317: ColognePhonetic can create duplicate consecutive codes in some cases. Thanks to DRUser123, Shalu Jha, Gary Gregory.

•         Add boundary tests for BinaryCodec.fromAscii partial-bit inputs [#425](https://github.com/apache/commons-codec/issues/425). Thanks to fancying, Gary Gregory.
  

• CODEC-336: Base64.Builder.setUrlSafe(boolean) Javadoc incorrectly states null is accepted for primitive boolean parameter. Thanks to Partha Paul, Gary Gregory.

Changes

•         Bump org.apache.commons:commons-parent from 96 to 98. Thanks to Gary Gregory.
  

For complete information on Apache Commons Codec, including instructions on how to submit bug reports, patches, or suggestions for improvement, see the Apache Commons Codec website:

https://commons.apache.org/proper/commons-codec/

Download page: https://commons.apache.org/proper/commons-codec/download_codec.cgi

---

Commits

• 81a6295 Prepare for the release candidate 1.22.0 RC1
• 73104b0 Prepare for the next release candidate
• 8e36214 In-line single use test local variables
• 9bd67e7 Use vararg syntax
• 25e52b0 Use vararg syntax
• e2ebaca Bump github/codeql-action from 4.35.1 to 4.35.2
• 33998a0 Bump actions/upload-artifact from 7.0.0 to 7.0.1
• 50c6583 Bump actions/cache from 5.0.4 to 5.0.5
• b2be3a8 Add @​Override
• 20f09bf Use final.
• Additional commits viewable in compare view

Updates org.slf4j:slf4j-api from 2.0.17 to 2.0.18

Updates org.projectlombok:lombok from 1.18.44 to 1.18.46

Changelog

Sourced from org.projectlombok:lombok's changelog.

v1.18.46 (April 22nd, 2026)

• PLATFORM: JDK26 support added #4019.
• PLATFORM: Spring Tools Suite 5 supported #3985.
• BUGFIX: @Jacksonized no longer stops generating @JsonProperty once an explicit @JsonIgnore annotations is encountered #4022.
• BUGFIX: In eclipse, mixing @Jacksonized and fluent = true no longer causes the error com.fasterxml.jackson.annotation.JsonProperty is not a repeatable annotation interface. #3934.
• BUGFIX: Some finishing touches for v1.18.44's support of Jackson3 #4004.

Commits

• 936ca59 [build] lombok's launcher is still intended to be 1.4 compatible, or at least...
• fcdab3f [version] pre-release version bump
• 1cb7d49 [changelog]#4004 Mention Jackson3 final touches in changelog.
• 12a15b0 Fix: Bump EA_JDK to 27 (25 and 26 have been released)
• 2be766c Merge branch 'jackson3-final-touches'
• 290fa4c [trivial] constantize the warning we spit out for ambiguous jackson2/3, and m...
• e6567b6 test: Add Jackson 3 test cases and version ambiguity warnings
• 45e72e2 feat: Add Jackson 3 databind/dataformat annotations to HandlerUtil copy lists
• 184d423 feat: Add Jackson 3 support to @​Jacksonized handlers
• e027ad0 refactored to ShadowClassLoader use Collections::enumeration instead of Vector
• Additional commits viewable in compare view

Updates org.apache.logging.log4j:log4j-api from 2.25.4 to 2.26.0

Updates org.apache.logging.log4j:log4j-slf4j2-impl from 2.25.4 to 2.26.0

Updates org.apache.logging.log4j:log4j-core from 2.25.4 to 2.26.0

Updates org.apache.logging.log4j:log4j-slf4j2-impl from 2.25.4 to 2.26.0

Updates org.apache.logging.log4j:log4j-core from 2.25.4 to 2.26.0

Updates joda-time:joda-time from 2.14.1 to 2.14.2

Release notes

Sourced from joda-time:joda-time's releases.

Release v2.14.2

See the change notes for more information.

What's Changed

• Update time zone data to 2026bgtz by @​jodastephen in JodaOrg/joda-time#831

Full Changelog: JodaOrg/joda-time@v2.14.1...v2.14.2

Commits

• d6ba4f0 Release v2.14.2
• 43ea40b Update time zone data to 2026bgtz (#831)
• See full diff in compare view

Updates commons-io:commons-io from 2.21.0 to 2.22.0

Updates com.sun.xml.bind:jaxb-impl from 4.0.7 to 4.0.8

Updates com.google.guava:guava from 33.5.0-jre to 33.6.0-jre

Release notes

Sourced from com.google.guava:guava's releases.

33.6.0

Maven

<dependency>
  <groupId>com.google.guava</groupId>
  <artifactId>guava</artifactId>
  <version>33.6.0-jre</version>
  <!-- or, for Android: -->
  <version>33.6.0-android</version>
</dependency>

Jar files

• 33.6.0-jre.jar
• 33.6.0-android.jar

Guava requires one runtime dependency, which you can download here:

• failureaccess-1.0.3.jar

Javadoc

• 33.6.0-jre
• 33.6.0-android

JDiff

• 33.6.0-jre vs. 33.5.0-jre
• 33.6.0-android vs. 33.5.0-android
• 33.6.0-android vs. 33.6.0-jre

Changelog

• Migrated some classes from finalize() to PhantomReference in preparation for the removal of finalization. (786b619dd6, 7c6b17c, aeef90988d)
• cache: Deprecated CacheBuilder APIs that use TimeUnit in favor of those that use Duration. (73f8b0bb84)
• collect: Added toImmutableSortedMap collectors that use the natural comparator. (64d70b9f94)
• collect: Changed ConcurrentHashMultiset, ImmutableMap and TreeMultiset deserialization to avoid mutating final fields. In extremely unlikely scenarios in which an instance of that type contains an object that refers back to that instance, this could lead to a broken instance that throws NullPointerException when used. (8240c7e596, 046468055f)
• graph: Removed @Beta from all APIs in the package. (dae9566b73)
• graph: Added support to Graphs.transitiveClosure() for different strategies for adding self-loops. (2e13df25b2)
• graph: Added an asNetwork() view to Graph and ValueGraph. (909c593c61)
• hash: Added BloomFilter.serializedSize(). (df9bcc251a)
• net: Added HttpHeaders.CDN_CACHE_CONTROL. (75331b5030)

Commits

• See full diff in compare view

Updates org.threeten:threetenbp from 1.7.2 to 1.7.3

Release notes

Sourced from org.threeten:threetenbp's releases.

Release v1.7.3

See the change notes for more information.

Commits

• 629f9b3 [maven-release-plugin] prepare release v1.7.3
• ba1b8b1 Support GH Actions workflow dispatch
• 6ac58c7 Prepare for release v1.7.3
• f7b1582 Update time zone data to 2026bgtz (#209)
• 096fcf2 Update time zone data to 2026agtz (#208)
• 943bc2e Update time zone data to 2025cgtz (#207)
• 8ef16e4 Fix website commit message
• 506c31a Waiting for deployment might timeout
• 7165427 [maven-release-plugin] prepare for next development iteration
• See full diff in compare view

Updates org.jetbrains.kotlinx:kotlinx-datetime-jvm from 0.7.1-0.6.x-compat to 0.8.0-0.6.x-compat

Release notes

Sourced from org.jetbrains.kotlinx:kotlinx-datetime-jvm's releases.

v0.8.0

Breaking changes:

• Deprecate TimeZone serialization (#576).

Additions:

• Add orNull functions for non-throwing construction of datetime entities (#68).
• Add parseOrNull extension functions for non-throwing attempts at parsing (#508).
• Introduce LocalIsoWeekDate for representing ISO week dates (#603).
• Introduce functions for finding the next or previous date with the given day-of-week (#129).

Tweaks and fixes:

• Fix bugs in Instant.until and Instant.periodUntil (#534).
• Always output seconds in the DateTimeComponents.Formats.RFC_1123 format (#608).
• On Kotlin/Native for Windows, whenever DST transitions are turned off by the user, the current system time zone is now fixed-offset (#575).

Changelog relative to version 0.8.0-rc02

No changes, only the version is increased.

v0.8.0-rc02

Equivalent to rc01, but published without Instant and Clock. A separate compatibility artifact contains them for binary compatibility. Please see https://github.com/Kotlin/kotlinx-datetime/#deprecation-of-instant for details.

v0.8.0-rc01

Breaking changes:

• Deprecate TimeZone serialization (#576).

Additions:

• Add orNull functions for non-throwing construction of datetime entities (#68).
• Add parseOrNull extension functions for non-throwing attempts at parsing (#508).
• Introduce LocalIsoWeekDate for representing ISO week dates (#603).
• Introduce functions for finding the next or previous date with the given day-of-week (#129).

Tweaks and fixes:

• Fix bugs in Instant.until and Instant.periodUntil (#534).
• Always output seconds in the DateTimeComponents.Formats.RFC_1123 format (#608).
• On Kotlin/Native for Windows, whenever DST transitions are turned off by the user, the current system time zone is now fixed-offset (#575).

Changelog

Sourced from org.jetbrains.kotlinx:kotlinx-datetime-jvm's changelog.

CHANGELOG

0.8.0

Breaking changes:

• Deprecate TimeZone serialization (#576).

Additions:

• Add orNull functions for non-throwing construction of datetime entities (#68).
• Add parseOrNull extension functions for non-throwing attempts at parsing (#508).
• Introduce LocalIsoWeekDate for representing ISO week dates (#603).
• Introduce functions for finding the next or previous date with the given day-of-week (#129).

Tweaks and fixes:

• Fix bugs in Instant.until and Instant.periodUntil (#534).
• Always output seconds in the DateTimeComponents.Formats.RFC_1123 format (#608).
• On Kotlin/Native for Windows, whenever DST transitions are turned off by the user, the current system time zone is now fixed-offset (#575).

Changelog relative to version 0.8.0-rc02

No changes, only the version is increased.

0.8.0-rc02

Equivalent to rc01, but published without Instant and Clock. A separate compatibility artifact contains them for binary compatibility. Please see https://github.com/Kotlin/kotlinx-datetime/#deprecation-of-instant for details.

0.8.0-rc01

Breaking changes:

• Deprecate TimeZone serialization (#576).

Additions:

• Add orNull functions for non-throwing construction of datetime entities (#68).
• Add parseOrNull extension functions for non-throwing attempts at parsing (#508).
• Introduce LocalIsoWeekDate for representing ISO week dates (#603).
• Introduce functions for finding the next or previous date with the given day-of-week (#129).

Tweaks and fixes:

• Fix bugs in Instant.until and Instant.periodUntil (#534).
• Always output seconds in the DateTimeComponents.Formats.RFC_1123 format (#608).
• On Kotlin/Native for Windows, whenever DST transitions are turned off by the user, the current system time zone is now fixed-offset (#575).

... (truncated)

Commits

• b80a588 Version 0.8.0, compatibility artifact
• a2eb074 Version 0.8.0
• f487af4 Describe the release procedures (#562)
• edc1183 Add contribution guidelines (#587)
• 4b485b7 Added templates to the issue creation wizard (#616)
• c2854bd Updated kotlinx.team.infra plugin and regenerated publication pipeline (#619)
• ef03b19 Version 0.8.0-rc02
• a1ac46e Use IANA tzdb 2026b (#620)
• c006a0f Version 0.8.0-rc01
• 4ae47ef Small improvements to various docs (#578)
• Additional commits viewable in compare view

Updates org.jetbrains.dokka:dokka-maven-plugin from 2.1.0 to 2.2.0

Release notes

Sourced from org.jetbrains.dokka:dokka-maven-plugin's releases.

2.2.0

Dokka Gradle Plugin

Starting from Dokka 2.1.0, the new Dokka Gradle Plugin is enabled by default. The documentation on kotlinlang.org has been updated accordingly:

• See Get started with Dokka for instructions on adding Dokka to a project
• See Migrate to Dokka Gradle plugin v2 for migrating from the old plugin

Dokka 2.2.0 introduces multiple improvements and fixes:

Note: most of the following changes affect only the new Dokka Gradle Plugin, enabled by default since Dokka 2.1.0

• Compatibility with Android Gradle Plugin 9.0.0, including Built-in Kotlin. (#4231, #4295, #4412)
  • See #4472 on documenting Android projects with flavors / multiple variants
• Android Gradle Library Plugin for KMP is now properly supported. (#4359, #4366)
• Support the new Kotlin Gradle Plugin API to work with generated sources (#4402, #4410)
• Fix suppressGeneratedFiles flag was unused (#4348)
• Improve classpath resolution and platform detection logic (#4296, #4263, #4258)
• Add olderVersionsDirName to DokkaVersioningPluginParameters (#4301). Thanks to @​osipxd!
• Rework the Gradle attributes to make them integrate better with the ecosystem (#4334). Thanks to @​martinbonnin!
• Drop usages of APIs deprecated in KGP (#4271)
  • this change makes deprecated DGPv1 be compatible with KGP 1.9.0+, aligning it with DGPv2

Analysis improvements

Starting from Dokka 2.1.0, the K2 analysis is enabled by default. K2 analysis is now stable, enabled by default, and fully migrated to the new shared Analysis API. This includes the migration to the new KDoc resolution API within the Analysis API.

Dokka 2.2.0 introduces multiple improvements and fixes:

Note: most of the following changes affect only Dokka's K2 analysis, enabled by default since Dokka 2.1.0

• Allow actual declarations to automatically inherit their documentation from expect counterparts in multiplatform projects (#2493, #4245, #4351)
• Link resolution improvements:
  • Support references to declarations with quoted names (#3356)
  • Support resolution of links to extensions with type parameters according to KEEP#385 (#3555)
  • Improve handling of ambiguous KDoc links according to KEEP#389 (#3451, #3179, #3632, #4327, #3604)
    • Note: those changes are currently available only under experimental org.jetbrains.dokka.analysis.enableExperimentalKDocResolution system property
• K2/K1 compatibility improvements:
  • Fix Multiple pages associated with key (#4300)
  • Fix inconsistent constructor rendering for expect/actual annotation (#4055)
  • Fix missing abstract modifier for abstract interface method with redundant open modifier (#4144)
  • Fix working with intersected and overridden fake functions/properties (#3857)
  • Fix rendering of links in @see block (#3680)
  • Fix redundant ? on properties with a type of typealias to nullable type (#4337)
  • Fix the missing default parameter value for inherited (not overridden) members (#4320)
  • Fix duplicate source links for function overloads and properties (#4049, #4338)
  • Fix resolution of links in the second line of KDoc tags (#4332, KT-75215, KT-79783)
• Improve DRI handling for varargs and properties (#3558, #4347)
• Context parameters improvements:
  • Fix KDoc links to context parameters (#4389)

... (truncated)

Commits

• 656ca46 Update Dokka version references to 2.2.0 (#4485)
• 534e242 Update com.gradle.publish:plugin-publish-plugin and declare Gradle CC compa...
• abc048d Update the version for the 2.2.0 release
• 60062bb Detect and handle intersected source roots in Android multi-variant projects ...
• 0bd8995 Fix DGP reading all Gradle properties (#4468)
• 06dbbfd Update the version for the 2.2.0-Beta release
• a81ace7 Update AGP version in tests to stable 9.0.0 (#4420)
• fd97482 Fix minor oversight in the implemenation: missed + in enum entries (#4411)
• 8148aa2 Fix unnecesary logging for unresolved links in module documentation (#4413)
• bf3b5ee Fix suppressGeneratedFiles was unused (#4348)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions