Update all dependencies

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	Age	Confidence
gradle (source)		minor	9.4.1 → 9.5.1
gradle/actions	action	major	v5 → v6
io.github.takahirom.roborazzi	plugin	minor	1.59.0 → 1.63.0
io.github.takahirom.roborazzi:roborazzi-junit-rule	dependencies	minor	1.59.0 → 1.63.0
io.github.takahirom.roborazzi:roborazzi-compose	dependencies	minor	1.59.0 → 1.63.0
io.github.takahirom.roborazzi:roborazzi	dependencies	minor	1.59.0 → 1.63.0
org.jetbrains.kotlinx:kotlinx-coroutines-test	dependencies	minor	1.10.2 → 1.11.0
org.mockito.kotlin:mockito-kotlin	dependencies	minor	6.2.3 → 6.3.0
org.jetbrains.kotlin.plugin.compose	plugin	patch	2.3.20 → 2.3.21
com.google.devtools.ksp (source)	plugin	patch	2.3.6 → 2.3.9
com.google.protobuf:protobuf-javalite (source)	dependencies	minor	4.34.0 → 4.35.0
androidx.navigation:navigation-compose (source)	dependencies	patch	2.9.7 → 2.9.8
androidx.navigation:navigation-runtime-ktx (source)	dependencies	patch	2.9.7 → 2.9.8
androidx.compose:compose-bom	dependencies	minor	2026.03.00 → 2026.05.01
com.google.protobuf:protoc (source)	dependencies	minor	4.34.0 → 4.35.0
org.jetbrains.kotlinx:kotlinx-serialization-json	dependencies	minor	1.10.0 → 1.11.0
org.jetbrains.kotlin.plugin.serialization	plugin	patch	2.3.20 → 2.3.21
org.jetbrains.kotlin.android	plugin	patch	2.3.20 → 2.3.21
androidx.compose.foundation:foundation (source)	dependencies	minor	1.10.5 → 1.11.2
com.google.protobuf	plugin	minor	0.9.6 → 0.10.0
com.android.library (source)	plugin	minor	9.1.0 → 9.2.1
com.android.application (source)	plugin	minor	9.1.0 → 9.2.1

---

Release Notes

gradle/gradle (gradle)

v9.5.1

Compare Source

v9.5.0

Compare Source

gradle/actions (gradle/actions)

v6.1.0

Compare Source

New: Basic Cache Provider

A new MIT-licensed Basic Caching provider is now available as an alternative to the proprietary Enhanced Caching provided by gradle-actions-caching. Choose Basic Caching by setting cache-provider: basic on setup-gradle or dependency-submission actions.

• Built on @actions/cache -- fully open source
• Caches ~/.gradle/caches and ~/.gradle/wrapper directories
• Cache key derived from build files (*.gradle*, gradle-wrapper.properties, etc.)
• Clean cache on build file changes (no restore keys, preventing stale entry accumulation)

Limitations vs Enhanced Caching: No cache cleanup, no deduplication of cached content, cached content is fixed unless build files change.

Revamped Licensing & Distribution Documentation

• New DISTRIBUTION.md documents the licensing of each component (particularly Basic Caching vs Enhanced Caching)
• Simplified licensing notices in README, docs, and runtime log output
• Clear usage tiers: Enhanced Caching is free for public repos and in Free Preview for private repos

What's Changed

• Use a unique cache entry for wrapper-validation test by @​bigdaz in #​921
• Update Dependencies by @​bigdaz in #​922
• Update dependencies and resolve npm vulnerabilities by @​bigdaz in #​933
• Add open-source 'basic' cache provider and revamp licensing documentation by @​bigdaz in #​930
• Restructure caching documentation for basic and enhanced providers by @​bigdaz in #​934

Full Changelog: gradle/actions@v6.0.1...v6.1.0

v6.0.1

Compare Source

[!IMPORTANT]
The release of gradle/actions@v6 contains important changes to the license terms. More details in this blog post.
TL;DR: By upgrading to v6, you accept the Terms of Use for the gradle-actions-caching component.

Summary

The license changes in v6 introduced a gradle-actions-caching license notice that is printed in logs and in each job summary.

With this release, the license notice will be muted if build-scan terms have been accepted, or if a Develocity access key is provided.

What's Changed

• Bump actions used in docs by @​Goooler in #​792
• Add typing information for use by typesafegithub by @​bigdaz in #​910
• Mute license warning when terms are accepted by @​bigdaz in #​911
• Mention explicit license acceptance in notice by @​bigdaz in #​912
• Bump com.fasterxml.jackson.dataformat:jackson-dataformat-smile from 2.21.1 to 2.21.2 in /sources/test/init-scripts in the gradle group across 1 directory by @​dependabot[bot] in #​907

Full Changelog: gradle/actions@v6.0.0...v6.0.1

v6.0.0

Compare Source

[!IMPORTANT]
The release of gradle/actions@v6 contains important changes to the license terms. More details in this blog post.
TL;DR: By upgrading to v6, you accept the Terms of Use for the gradle-actions-caching component.

Summary

• Caching functionality of 'gradle-actions' has been extracted into a separate gradle-actions-caching library, and is no longer open-source. See this blog post for more context.
• Existing, rudimentary, configuration-cache support has been removed, pending a fully functional implementation in gradle-actions-caching.
• Dependencies updated to address security vulnerabilities

[!IMPORTANT]

Licensing notice

The caching functionality in `gradle-actions` has been extracted into `gradle-actions-caching`, a proprietary commercial component that is not covered by the MIT License.
The bundled `gradle-actions-caching` component is licensed and governed by a separate license, available at https://gradle.com/legal/terms-of-use/.

The `gradle-actions-caching` component is used only when caching is enabled and is not loaded or used when caching is disabled.

Use of the `gradle-actions-caching` component is subject to a separate license, available at https://gradle.com/legal/terms-of-use/.
If you do not agree to these license terms, do not use the `gradle-actions-caching` component.

What's Changed

• Bump the npm-dependencies group in /sources with 2 updates by @​dependabot[bot] in #​866
• Update known wrapper checksums by @​github-actions[bot] in #​868
• Dependency updates by @​bigdaz in #​876
• Update known wrapper checksums by @​github-actions[bot] in #​878
• Bump @​types/node from 25.3.3 to 25.3.5 in /sources in the npm-dependencies group across 1 directory by @​dependabot[bot] in #​877
• Bump the github-actions group across 3 directories with 3 updates by @​dependabot[bot] in #​867
• Update known wrapper checksums by @​github-actions[bot] in #​881
• Bump the npm-dependencies group in /sources with 6 updates by @​dependabot[bot] in #​879
• Bump the github-actions group across 3 directories with 5 updates by @​dependabot[bot] in #​880
• Remove configuration-cache support by @​bigdaz in #​884
• Extract caching logic into a separate gradle-actions-caching component by @​bigdaz in #​885
• Update gradle-actions-caching library to v0.3.0 by @​bot-githubaction in #​899
• Avoid windows shutdown bug by @​bigdaz in #​900
• Dependency updates by @​bigdaz in #​905
• Fix critical and high npm vulnerabilities by @​bigdaz in #​904
• Fix rendering of job-disabled message by @​bigdaz in #​909

Full Changelog: gradle/actions@v5.0.2...v6.0.0

v6

Compare Source

takahirom/roborazzi (io.github.takahirom.roborazzi)

v1.63.0

Compare Source

Fixing a race condition that causes us to see old images

We don't have a reproducing project for this. But there is a report that says we can see old images. It seems to be a race condition, so we've attempted to fix it using the BuildService Gradle API.
Thanks, @​zacharee, for reporting this issue and attempting to fix it!

What's Changed

• Use BuildService to gate finalize task intermediates copy by @​takahirom in #​838

Full Changelog: takahirom/roborazzi@1.62.0...1.63.0

v1.62.0

Compare Source

Updating to Gradle 9

To investigate an issue with Gradle 9 KMP, Roborazzi now uses Gradle 9. This should not affect your project.
I'm planning several releases to fix build problems over the next few weeks. The reason I'll release a few versions is to make them easier to debug.

What's Changed

• Bump Gradle wrapper to 9.5.1 and migrate KMP+Android to com.android.kotlin.multiplatform.library by @​takahirom in #​835

Full Changelog: takahirom/roborazzi@1.61.0...1.62.0

v1.61.0

Compare Source

Heads-up: dependency updates for Gradle 9 investigation

I don't want to interrupt you by updating other dependency versions in Roborazzi. But we are investigating a KMP Gradle 9 issue and are going to update to Gradle 9.0. Before that, we should update the Kotlin version and AGP. To minimize the impact, we don't change the Kotlin version in Roborazzi's POM (except for the iOS version), so it should not affect projects using Roborazzi. But if you find anything, please let me know.

What's Changed

• Name roborazzi image input to clarify Gradle 9 errors by @​takahirom in #​831
• Enable strict plugin validation and annotate tasks by @​takahirom in #​832
• Name test task output properties for clearer Gradle 9 errors by @​takahirom in #​833
• Bump Kotlin 2.3.21, AGP 8.13.2, mavenPublish 0.34.0 by @​takahirom in #​834

Full Changelog: takahirom/roborazzi@1.60.0...1.61.0

v1.60.0

Compare Source

Bugfix: Fix Roborazzi cache path sensitivity

When we use Roborazzi in a different path with the same repository, Roborazzi used to invalidate the cache. Though I think it is not critical because we frequently use test filters(--tests) when we run tests, which also invalidate the cache. But it's better to support the cache.
Thanks @​Link184 for the contribution!

What's Changed

• Update composable.preview.scanner to v0.8.1 by @​renovate[bot] in #​765
• Add integrity check for configuration cache by @​takahirom in #​819
• Make roborazzi gradle remote cache friendly by @​Link184 in #​824

New Contributors

• @​Link184 made their first contribution in #​824

Full Changelog: takahirom/roborazzi@1.59.0...1.60.0

Kotlin/kotlinx.coroutines (org.jetbrains.kotlinx:kotlinx-coroutines-test)

v1.11.0

Compare Source

Various

• Kotlin was updated to 2.2.20 (#​4545).
• Improved the published jar files (#​3842, #​4599).
• Various documentation improvements, including complete rewrites of structured concurrency and error handling-related KDoc (#​4433, #​4596).

Breaking changes and deprecations

• Moved Promise-related functions from JS and Wasm/JS to the new web target. On Wasm/JS, this is a breaking change. Before the change, Promise on Wasm/JS could work with arbitrary Kotlin types, but now, only JsAny subtypes are accepted (#​4563).
• Changed handling of coroutine exceptions that can't be propagated on JS and Wasm/JS. Before, exceptions were logged, but now, they are reported to the JS runtime (#​4451, #​4631).
• Deprecated using CoroutineDispatcher as the coroutine context key; now, ContinuationInterceptor has to be used instead (#​4333).
• Advanced the deprecation levels on kotlinx-coroutines-test APIs (#​4604).
• Added lint functions that mark passing a Job to coroutine builders as deprecated (#​4435).

Bug fixes and improvements

• Added a callsInPlace(EXACTLY_ONCE) contract to runBlocking in code shared between JVM and Native (#​4368).
• Added a callsInPlace(EXACTLY_ONCE) contract to suspendCancellableCoroutine (#​4574).
• Fixed flowOn incorrectly handling ThreadContextElement updates (#​4403).
• Fixed exceptions in user-supplied Thread.UncaughtExceptionHandler instances causing the internal coroutines machinery to fail (#​4516).
• Fixed CoroutineDispatcher.asScheduler in the RxJava integration not cancelling outstanding work when a Worker gets cancelled, which led to memory leaks in some scenarios (#​4615).
• Fixed SharedFlow entering an invalid state when a subscriber and an emitter are cancelled simultaneously (#​4583).
• Fixed an R8 optimization leading to shareIn/stateIn coroutines getting garbage-collected (#​4646). Thanks, @​solevic!

Small additions

• Added CompletableDeferred.asDeferred for obtaining a read-only Deferred view (#​4408).
• Added SharedFlow.asFlow for obtaining a Flow view with hidden hot flow semantics (#​4530). Thanks, @​g000sha256!
• Added a StateFlow.collectLatest overload returning Nothing to assist with finding unreachable code (#​4454).
• Added ReceiveChannel.consumeTo for consuming a ReceiveChannel into a MutableCollection (#​4520).
• Added a StateFlow<T>.onSubscription overload returning a StateFlow<T>, similar to SharedFlow<T>.onSubscription returning SharedFlow<T> (#​4275). Thanks, @​xit0c!
• Added terminal Flow operators for collecting a Flow to a Map (#​1541).

Changelog relative to version 1.11.0

No changes, only the version is increased.

mockito/mockito-kotlin (org.mockito.kotlin:mockito-kotlin)

v6.3.0

Compare Source

^{Changelog generated by Shipkit Changelog Gradle Plugin}

6.3.0

• 2026-03-19 - 2 commit(s) by Joshua Selbo
• Add first-class support for mocking object singletons (#​587)
• Add helper to mock module-level extension functions (#​586)

google/ksp (com.google.devtools.ksp)

v2.3.9

Compare Source

What's Changed

• Cleaned up native cross-compilation support checks to prevent Gradle Configuration Cache invalidation (#​2953)
• Fixed a compilation performance regression in in PsiResolutionStrategy introduced in 2.3.8 (#​2948)

Contributors

• Thanks to everyone who reported bugs and participated in discussions!

Full Changelog: google/ksp@2.3.8...2.3.9

v2.3.8

Compare Source

What's Changed

• Enabled new default annotation use-site rules in Kotlin's Analysis API (see KEEP 402) for more information. Note: KSP was already mostly compatible with KEEP 402, so there shouldn't be any visible changes for users. (#​2888)
• Enabled ksp.project.isolation by default when Gradle isolated projects are enabled (#​2866)
• Improved getSymbolsWithAnnotation performance by implementing a new PSI-based resolution strategy (#​2816)

Contributors

• Thanks to @​hugoncosta and everyone who reported bugs and participated in discussions!

Full Changelog: google/ksp@2.3.7...2.3.8

v2.3.7

Compare Source

What's Changed

• Bumped Kotlin target language version to 2.3 (#​2821)
• Fixed crash caused by upstream dependency (#​2856)
• Fixed support for Gradle Isolated Projects (#​2844)

Contributors

• Thanks to everyone who reported bugs and participated in discussions!

Full Changelog: google/ksp@2.3.6...2.3.7

Kotlin/kotlinx.serialization (org.jetbrains.kotlinx:kotlinx-serialization-json)

v1.11.0

==================

This release is based on Kotlin 2.3.20 and provides new Json exceptions API and some bugfixes and improvements.

Expose Json exceptions structure

To make working with exceptions easier and providing proper error codes in e.g., REST APIs,
classes JsonException, JsonDecodingException, and JsonEncodingException are now public.
They have relevant public properties, such as shortMessage, path, offset, and others.
This API is currently experimental, and we're going to improve it further in the subsequent releases.
See the linked issues for the details: #​1930, #​1877.

Ability to hide user input from exception messages for security/privacy reasons.

Historically, exception messages in kotlinx.serialization often included the input Json itself for debuggability reason.
Such behavior may pose additional challenges for logging, analytics, and other systems, since
a system is not always allowed to store user data due to privacy/security reasons, which imposes additional sanitation logic.
To address this issue, a new property exceptionsWithDebugInfo is added to JsonConfiguration.
Disable it to hide user input from exception messages.
IMPORTANT: This behavior will be enabled by default when this property becomes stable.
See #​2590 for more details.

Bugfixes and improvements

• CBOR: Relax value range check when decoding numbers (#​3167)
• Use a specialized writeDecimalLong method for IO stream integrations in Json (#​3152)

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • Between 12:00 AM and 03:59 AM (* 0-3 * * *)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.