fix(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	Age	Confidence
github/codeql-action	action	patch	v4.31.2 -> v4.31.4
gradle (source)		patch	9.2.0 -> 9.2.1
com.vanniktech.maven.publish	plugin	minor	0.34.0 -> 0.35.0
com.diffplug.spotless	plugin	minor	8.0.0 -> 8.1.0
com.pinterest.ktlint:ktlint-cli	dependencies	minor	1.7.1 -> 1.8.0
org.springframework.boot:spring-boot-starter-test (source)	dependencies	patch	3.5.7 -> 3.5.8
org.springframework.boot:spring-boot-autoconfigure (source)	dependencies	patch	3.5.7 -> 3.5.8
org.springframework.boot:spring-boot-starter (source)	dependencies	patch	3.5.7 -> 3.5.8
io.quarkus	plugin	minor	3.29.2 -> 3.30.0
io.quarkus:quarkus-junit5	dependencies	minor	3.29.2 -> 3.30.0
io.quarkus:quarkus-arc	dependencies	minor	3.29.2 -> 3.30.0
io.quarkus:quarkus-bom	dependencies	minor	3.29.2 -> 3.30.0
io.kotest:kotest-assertions-table	dependencies	patch	6.0.4 -> 6.0.5
io.kotest:kotest-assertions-core	dependencies	patch	6.0.4 -> 6.0.5
io.kotest:kotest-framework-engine	dependencies	patch	6.0.4 -> 6.0.5
io.kotest:kotest-runner-junit5	dependencies	patch	6.0.4 -> 6.0.5

---

Release Notes

github/codeql-action (github/codeql-action)

v4.31.4

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.4 - 18 Nov 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v4.31.3

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.3 - 13 Nov 2025

• CodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see Upcoming deprecation of CodeQL Action v3.
• Update default CodeQL bundle version to 2.23.5. #​3288

See the full CHANGELOG.md for more information.

gradle/gradle (gradle)

v9.2.1: 9.2.1

Compare Source

The Gradle team is excited to announce Gradle 9.2.1.

Here are the highlights of this release:

• Windows ARM support
• Improved publishing APIs
• Better guidance for dependency verification failures

Read the Release Notes

We would like to thank the following community members for their contributions to this release of Gradle:
Adam,
Björn Kautler,
hasunzo,
HYEON,
Hyunjoon Park,
HYUNJUN SON,
Jendrik Johannes,
Kirill Gavrilov,
Madalin Valceleanu,
Martin Bonnin,
Matthew Haughton,
Mikhail Polivakha,
Na Minhyeok,
Philip Wedemann,
Philipp Schneider,
Róbert Papp,
Simon Marquis,
TheGoesen,
Vincent Potucek,
Xin Wang.

Upgrade instructions

Switch your build to use Gradle 9.2.1 by updating your wrapper:

./gradlew wrapper --gradle-version=9.2.1 && ./gradlew wrapper

See the Gradle 9.x upgrade guide to learn about deprecations, breaking changes and other considerations when upgrading.

For Java, Groovy, Kotlin and Android compatibility, see the full compatibility notes.

Reporting problems

If you find a problem with this release, please file a bug on GitHub Issues adhering to our issue guidelines.
If you're not sure you're encountering a bug, please use the forum.

We hope you will build happiness with Gradle, and we look forward to your feedback via Twitter or on GitHub.

vanniktech/gradle-maven-publish-plugin (com.vanniktech.maven.publish)

v0.35.0

Compare Source

• Add support for publishing Kotlin Multiplatform libraries that use com.android.kotlin.multiplatform.library.
• Add support for validating deployments to Central Portal
• Raise minimum Gradle version to 8.13
• Raise minimum Android Gradle Plugin version to 8.2.2
• Do not unconditionally disable DocLint
• Fail publishing if SONATYPE_HOST is not set to CENTRAL_PORTAL.
• Fix misleading error message when Android library variant is not found.
• Downgrade transitive OkHttp version.
• Don't check project heirarchy for POM properties when Isolated proejcts is enabled.

Thanks to @​joshfriend, @​Flowdalic and @​Goooler for their contributions to this release.

Minimum supported versions

• JDK 11
• Gradle 8.13
• Android Gradle Plugin 8.2.2
• Kotlin Gradle Plugin 1.9.20

Compatibility tested up to

• JDK 24
• Gradle 9.2.0
• Gradle 9.3.0-milestone-1
• Android Gradle Plugin 8.13.1
• Android Gradle Plugin 9.0.0-alpha14
• Kotlin Gradle Plugin 2.2.21
• Kotlin Gradle Plugin 2.3.0-Beta2

pinterest/ktlint (com.pinterest.ktlint:ktlint-cli)

v1.8.0

Compare Source

🆕 Features

• Set languageVersion to KOTLIN_2_0 to ensure metadata compatibility with Kotlin 2.0 - #​3110, by @​hugoncosta

• Simplify creation of a custom ruleset - #​3118, by @​paul-dingemans

• Add rule then-spacing - #​3129, by @​paul-dingemans

• Add CLI option '--ignore-autocorrect-failures' - #​3157, by @​paul-dingemans

• Allow _ as backing property name (needed for KEEP-412) - #​3166, by @​serras

• Promote experimental rules to standard rules - #​3171, by @​paul-dingemans:

  • blank-line-between-when-conditions
  • kdoc
  • "mixed-condition-operators"
  • square-brackets-spacing
  • when-entry-bracing

🔧 Fixes

• Fix link to maven wrapper - #​3112, by @​paul-dingemans

• Fix links in documentation, and fix some typo's/formatting - #​3127, by @​paul-dingemans

• Fix indent of function parameter with multiline expression in android_studio - #​3131, by @​paul-dingemans

• fix(deps): update dependency com.vanniktech:gradle-maven-publish-plugin to v0.35.0 - #​3169, by @​renovate[bot]

💬 Other

• Validate @​SinceKtlint annotations with test and uniformize existing rules - #​3101, by @​hugoncosta

• Fix snapshot repository location - #​3106, by @​paul-dingemans

• Add code vulnerability scanning with CodeQL - #​3113, by @​paul-dingemans

• Disable gradle build cache in code scanning workflow - #​3116, by @​paul-dingemans

• Restrict access to GitHub token to "contents: read" - #​3115, by @​paul-dingemans

• Change language for code-scanning workflow to 'kotlin' - #​3117, by @​paul-dingemans

• Allow publication documents workflow to write to Github pages - #​3121, by @​paul-dingemans

• Allow manual dispatch of workflow for publishing documentation - #​3122, by @​paul-dingemans

• Set contents write permission on workflows for publishing documentation - #​3123, by @​paul-dingemans

• Switch publication config to vanniktech's maven-publish plugin - #​3068, by @​mateuszkwiecinski

• Add SECURITY.md file - #​3114, by @​paul-dingemans

• Add public key to GitHub - #​3139, by @​shashachu

• Ignore renovate updates for JUnit v6 as it requires Java17+ - #​3146, by @​paul-dingemans

spring-projects/spring-boot (org.springframework.boot:spring-boot-starter-test)

v3.5.8

quarkusio/quarkus (io.quarkus:quarkus-junit5)

v3.30.0

Compare Source

v3.29.4

Compare Source

Complete changelog

• #​50955 - Entity not found?
• #​51001 - Add information about how to put realm config file into target/classes
• #​51052 - Prevent multiple contributions to Panache's "entityToPersistenceUnit" from overriding each other
• #​51054 - Make it clearer in OIDC bearer token tutorial when to copy the realm file
• #​51057 - Correct comments and descriptions in Hibernate Feature
• #​51095 - TestContainers fail to run on Docker 24.x (3.29.3)
• #​51100 - Respect docker api version when present

v3.29.3

Compare Source

Complete changelog

• #​50804 - Explicit null string in json payload is treated as string "null" when reflection-free-serializers enabled
• #​50886 - Closing in gRPC interceptor causes double close in Vert.x gRPC implementation
• #​50890 - Account for random order of DevservicesElasticsearchBuildItems when comparing versions/distributions
• #​50913 - Duplicate Key in Kafka Message crashes Dev UI
• #​50933 - gRPC: Avoid repeatedly starting call and closing call on a server call closed by custom interceptor
• #​50945 - Bump version of Hibernate Reactive to 3.1.8.Final
• #​50951 - ReactiveRoutesProcessor works in 3.25.4, fails in 3.29.2
• #​50953 - Recognize null value in json payload using the reflection free serializer
• #​50961 - Bump org.cyclonedx:cyclonedx-core-java from 9.0.5 to 11.0.1 in /bom/application
• #​50969 - rest-link: Links not added to header for type List
• #​50970 - Ensure that @InjectRestLinks works correctly on lists of entities
• #​50971 - Fix Kafka consumer group.id to default to quarkus.application.name in production
• #​50972 - Reactive Routes: fix usage of the Gizmo 2 API
• #​50974 - Fix Quotes for Kotlin example in gradle-tooling.adoc
• #​50983 - Upgrade to Narayana 7.3.3
• #​50984 - Jandex: upgrade to 3.5.2
• #​50985 - Update Oracle JDBC version to 23.26.0.0.0
• #​50988 - Fix Dev UI crash when Kafka messages contain duplicate headers
• #​51002 - Quarkus 3.29.2 - Testcontainers version: 1.21.3 - Docker environment not found Linux Fedora
• #​51009 - Manually set api.version for TestContainers

kotest/kotest (io.kotest:kotest-assertions-table)

v6.0.5

Compare Source

What's Changed

• Fix: InstancePerLeaf tests fail when a test leaf has siblings by @​T45K in #​5139
• fix(arrow): collect clues on failures by @​RafeArnold in #​5140
• add max timeout bounds to continually and retry by @​alfonsoristorato in #​5145
• Move spring.boot.starter.web dependency from jvmMain to jvmTest. by @​sksamuel in #​5146
• Remove uuid usage to fix JS on certain version of node by @​sksamuel in #​5150
• Remove periods from test names only at TCSM stage by @​sksamuel in #​5149
• Fix wasmJS support for browser tests by @​sksamuel in #​5148
• Fix PR workflow for windows by @​sksamuel in #​5151
• Expand behavior spec tags to given and when by @​sksamuel in #​5152
• update to kotlin 2.2.20 by @​nhajratw in #​5153
• update to gradle 9.1.0 by @​nhajratw in #​5158
• docs: Update Maven links and badges in Extensions docs by @​noojung in #​5173
• allow to verify if json schema prop is null (addresses #​5172) by @​alfonsoristorato in #​5175
• allow to verify if Boolean property in jsonSchema is true or false (addresses #​5171) by @​alfonsoristorato in #​5174
• fix(deps): update dependency com.zaxxer:hikaricp to v6.3.3 by @​renovate[bot] in #​5179
• fix(deps): update dependency dev.reformator.stacktracedecoroutinator:stacktrace-decoroutinator-jvm to v2.5.8 by @​renovate[bot] in #​5180
• fix-data-class-eq by @​AlexCue987 in #​5178
• Alex/reproduce race conditions (#​5162) by @​AlexCue987 in #​5163
• shouldBeEqualToUsingFields with different types by @​alfonsoristorato in #​5124
• Fix pr builds by @​tKe in #​5187
• add shouldBeEqualToDifferentTypeIgnoringFields by @​alfonsoristorato in #​5194
• Use deprecated overloads to highlight non-determinstic arbitrary usage by @​tKe in #​5186
• chore: fix master builds by @​tKe in #​5198
• make shouldCompile/shouldNotCompile support multiple files by @​mirror-kt in #​5182
• Make SpringExtension open and introduce variants by @​sksamuel in #​5195
• Support duplicated spec names in separate packages for KSP by @​sksamuel in #​5197
• Skip modules in PR on !linux when JVM only by @​sksamuel in #​5199
• use atLeast and atMost for Double (#​5191) by @​AlexCue987 in #​5192
• Fix StackOverflowError on cyclic maps/collections (fixes #​5105) by @​sksamuel in #​5154

New Contributors

• @​RafeArnold made their first contribution in #​5140
• @​mirror-kt made their first contribution in #​5182

Full Changelog: kotest/kotest@6.0.4...v6.0.5

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.