Update all dependencies

[renovate]

Note: This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
com.ninja-squad:springmockk	4.0.2 → 5.0.1
io.mockk:mockk-jvm (source)	1.14.0 → 1.14.7
io.ktor:ktor-client-logging-jvm	2.3.12 → 3.3.3
com.expediagroup:graphql-kotlin-client-jackson	8.6.0 → 8.8.1
com.expediagroup:graphql-kotlin-ktor-client	8.6.0 → 8.8.1
com.expediagroup:graphql-kotlin-maven-plugin	8.6.0 → 8.8.1
io.github.oshai:kotlin-logging-jvm	7.0.7 → 7.0.14
org.apache.maven.plugins:maven-surefire-plugin (source)	3.5.3 → 3.5.4
org.codehaus.mojo:build-helper-maven-plugin (source)	3.6.0 → 3.6.1
org.apache.maven.plugins:maven-enforcer-plugin (source)	3.5.0 → 3.6.2
org.apache.maven.plugins:maven-compiler-plugin (source)	3.14.0 → 3.14.1
org.springframework.boot:spring-boot-starter-parent (source)	3.5.0 → 4.0.1

---

Release Notes

Ninja-Squad/springmockk (com.ninja-squad:springmockk)

v5.0.1

Compare Source

Minor refactorings and documentation fixes

v5.0.0

Compare Source

Version 5.0.0 is a rewrite, based on the Spring Framework's support for @MockitoBean and @MockitoSpyBean.

To align SpringMockK's annotations and behavior with Spring's mockito annotations and behavior, there are breaking changes.

Read the migration guide for details.

mockk/mockk (io.mockk:mockk-jvm)

v1.14.7

Compare Source

What's Changed

• fix: normalize value class arguments in EqMatcher for consistent comparison by @​edwardmp in #​1440
• Add configurable logging to withArg & withNullableArg by @​OsaSoft in #​1441
• docs(readme): document suppressing superclass calls by @​ch200203 in #​1444
• Fix for issue #​1103. by @​sdetilly in #​1449
• Fix configuration option example for restricted classes by @​TWiStErRob in #​1465
• Fix InaccessibleObjectException when spying on JDK interfaces on JDK 16+ by @​Copilot in #​1457
• Fix Java 11 compatibility: replace Random.nextLong(long, long) with Java 8 compatible alternative by @​Copilot in #​1456
• Add optional restricted mock system property by @​nishatoma in #​1454
• Fix StackOverflowError when mocking methods returning ArrayList by @​Copilot in #​1464
• Change JUnit 4/5 dependencies from implementation to compileOnly by @​Copilot in #​1455

New Contributors

• @​edwardmp made their first contribution in #​1440
• @​OsaSoft made their first contribution in #​1441
• @​sdetilly made their first contribution in #​1449
• @​Copilot made their first contribution in #​1457
• @​nishatoma made their first contribution in #​1454

Full Changelog: mockk/mockk@1.14.6...1.14.7

v1.14.6

Compare Source

What's Changed

• Fix and add clearMocks test cases by @​jmatsu in #​1419
• make captured value reference volatile by @​mmimica in #​1418
• add fail-fast guard for Kotlin inline function mocking (#​1030) by @​ch200203 in #​1421
• add test reports to GitHub actions by @​aSemy in #​994
• fix duration denormalized error by @​tigermint in #​1424
• refactor: enhance confirmVerified function to include clear option by @​felix-dolderer-el in #​1427

New Contributors

• @​jmatsu made their first contribution in #​1419
• @​mmimica made their first contribution in #​1418
• @​ch200203 made their first contribution in #​1421
• @​tigermint made their first contribution in #​1424
• @​felix-dolderer-el made their first contribution in #​1427

Full Changelog: mockk/mockk@1.14.5...1.14.6

v1.14.5

Compare Source

What's Changed

• [Feature] Implement BDD-style aliases as separate module (mockk-bdd) by @​Minseok-2001 in #​1399
• fix: downgrade byte-buddy to 1.5.11 by @​Komdosh in #​1413

New Contributors

• @​Minseok-2001 made their first contribution in #​1399

Full Changelog: mockk/mockk@1.14.4...1.14.5

v1.14.4

Compare Source

This release is functionally equivalent to v1.14.3, I just wanted to try out the new publishing process that uses Maven Central instead of OSSRH.

Full Changelog: mockk/mockk@1.14.3...1.14.4

v1.14.3

Compare Source

What's Changed

• chore: bump byte buddy version to support java 24 by @​Komdosh in #​1387
• chore: bump gradle version to 8.14 by @​Komdosh in #​1389
• chore: bump dokka, kotlinx.coroutines, slf4j, logback, junit jupiter by @​Komdosh in #​1388
• Add recursive detection of meta-annotations by @​VitalyVPinchuk in #​1393
• chore: bump kotlin to 2.1.20 by @​Komdosh in #​1390
• fix: enable confirmVerified to work with static mocks by @​happysubin in #​1396
• Add logging on failure inside withArg by @​Djaler in #​1395
• Update Android aritfacts to support 16kb page sizes by @​WhosNickDoglio in #​1394
• Use instance factory for value classes with any() matcher by @​esafak in #​1403

New Contributors

• @​Komdosh made their first contribution in #​1387
• @​happysubin made their first contribution in #​1396
• @​Djaler made their first contribution in #​1395
• @​WhosNickDoglio made their first contribution in #​1394
• @​esafak made their first contribution in #​1403

Full Changelog: mockk/mockk@1.14.2...1.14.3

v1.14.2

Compare Source

What's Changed

• Change mockk configuration paths to test sourceSet by @​TWiStErRob in #​1378
• Use redefine if mockkStatic is used (fix candidate for #​1375) by @​sgerke-1L in #​1376

Full Changelog: mockk/mockk@1.14.0...1.14.2

ktorio/ktor (io.ktor:ktor-client-logging-jvm)

v3.3.3

Compare Source

Published 26 November 2025

Improvements

• KTOR-6837 Discrepancies when parsing URL host with CIO and Darwin engines compared to the rest engines
• KTOR-9050 Logging: SimpleLogger should be an object, not a class
• KTOR-9094 Jetty Client: Support HTTP/2 over cleartext (h2c)
• KTOR-9120 OpenAPI gen: missing operationId for KDoc fields
• KTOR-3019 Improve logging for CORS plugin

Bugfixes

• KTOR-8671 Netty: RejectedExecutionException during shutdown on MacOS when dev mode is enabled
• KTOR-9096 Darwin: New SSE handlers stop responding after canceling few SSE sessions
• KTOR-9125 Double ResponseSent invocation when exception is thrown after respond
• KTOR-8878 OpenAPI: StackOverflowError when a response object has property with @​Contextual serializer
• KTOR-8947 Java, ContentEncoding: IllegalHeaderNameException is thrown for ":status" pseudo header with HTTP/2
• KTOR-9092 NettyHttp2Handler throws IllegalArgumentException: 'ktor.ApplicationCall' is already in use
• KTOR-8924 Curl: Client sends both Transfer-Encoding and Content-Length headers for DELETE requests with body
• KTOR-8838 Exception handling issue in client cache

v3.3.2

Compare Source

Published 5 November 2025

Improvements

• WebRTC Client. Remove redundant targets (KTOR-9062)
• Add Socks proxy support to Darwin engine (KTOR-8968)
• Java: Improve error message when SOCKS proxy is used (KTOR-2908)

Bugfixes

• HttpRequestRetry: SendCountExceedException when max retries is more than maxSendCount of HttpSend (KTOR-5850)
• Darwin: The maxFrameSize option has no effect (KTOR-6963)
• OpenAPI: StackOverflowError when a response object has property with @​Contextual serializer (KTOR-8878)
• OpenAPI gen: missing KDoc fields (KTOR-9021)
• Server call.request.path() returns routing selectors in path (KTOR-7639)
• StaticContent doesn't allow siblings (KTOR-9012)
• HttpCache: FileStorage doesn't use given dispatcher for all file operations (KTOR-8832)
• Curl: SOCKS proxy doesn't work (KTOR-9008)
• Netty: java.lang.VerifyError is thrown on Android since 3.3.0 (KTOR-8916)
• Response body channel is canceled while the body is being saved when having HttpRequestRetry and onDownload (KTOR-8975)
• HttpCache: InvalidCacheStateException when varyKeys stored in files contain uppercase letters since 3.3.0 (KTOR-8970)

v3.3.1

Compare Source

Published 8 October 2025

Improvements

• Add a note about SSE session lifetime in KDoc (KTOR-8440)
• Update Kotlin to 2.2.20 (KTOR-8896)

Bugfixes

• NumberFormatException when Content-Length header value contains null bytes (KTOR-4828)
• SerializationException: Serializer for class 'ClientSSESession' is not found when server responds with JSON (KTOR-7631)
• Netty: loadConfiguration missing enableHttp2 and enableH2c properties (KTOR-8898)
• Netty: EmbeddedServer.stop always blocks for twice of shutdownGracePeriod (KTOR-8770)
• shutdownGracePeriod is used instead of shutdownTimeout in EmbeddedServer.stop() (KTOR-8771)
• Support serving static resources within bootJar (KTOR-8592)

v3.3.0

Compare Source

Published 11 September 2025

Features

• Support for server side http2 without tls (h2c) (KTOR-4750)
• OpenAPI generation build extension preview (KTOR-8721)
• Serve static resources with caching headers and ETag based on sha256 of content (KTOR-6700)
• Jetty engine: Upgrade Jetty dependencies to the latest version 12 (KTOR-6734)
• Static content: Support a custom respond logic if the file is not found (KTOR-8496)
• Upgrade OkHttp to version 5.0.0 (KTOR-8652)
• WebRTC Client, Android + WASM (KTOR-7958)

Improvements

• SSE: Cannot read response body from SSEClientException (KTOR-8165)
• SSE: "SSEClientException: Content-Length mismatch" on saving response body in DefaultResponseValidation (KTOR-8753)
• var Route.staticRootFolder: File? should be deprecated (KTOR-5836)
• Add image/bmp to the ContentType (KTOR-8735)
• Add some missing image content types (KTOR-8624)
• Upgrade to Kotlin 2.2 (KTOR-8647)
• Bump Kotlin API level to 2.2 (KTOR-8637)
• CIO: The engine ignores system proxy settings (KTOR-5922)

Bugfixes

• Performance regression when using ContentEncoding and HttpRequestRetry since 3.2.0 (KTOR-8820)
• Big number of simultaneous outbound web socket connections leads to a coroutine deadlock (KTOR-8829)
• DI: JobCancellationException during cleanup (KTOR-8785)
• Autoreloading: JobCancellationException when app is reloaded in the debugger since 3.2.0 (KTOR-8810)
• HttpRedirect: The client is redirected when no Location header in response (KTOR-8697)
• SerializationException when Application.propertyOrNull() is called with type Map<String, Any?> (KTOR-8781)
• "Failed resolution of: Ljava/lang/management/ManagementFactory" on Android when JvmGcMetrics are initialized (KTOR-8714)
• HttpCache: all header values but first in HttpResponse.varyKeys() are ignored (KTOR-6402)
• HttpCache: plugin selects wrong cache entry when filtering Vary headers with different case (KTOR-7621)
• CountedByteWriteChannel: autoFlush of the source channel doesn't make the channel auto flushing (KTOR-8411)

v3.2.3

Compare Source

Published 29 July 2025

Improvements

• Server only accepts yaml as the configuration file suffix (KTOR-8712)
• JS / WASM error when process global is undefined (KTOR-8686)
• DI async duplicate resolution (KTOR-8681)

Bugfixes

• CIO: Expect 100-continue response is missing a final \r\n (KTOR-8687)
• Intermittent "ParserException: No colon in HTTP header" when parsing multipart request (KTOR-8523)
• Infinite loop in ByteReadChannel.readFully (KTOR-8682)
• ShutDownUrl: The server cannot shut down since 3.2.0 (KTOR-8674)

v3.2.2

Compare Source

Published 14 July 2025

Improvements

• SSE: Change the order of SSE field serialization: put event before data (KTOR-8627)

Bugfixes

• CORS: server replies with the 405 status code on a preflight request when the plugin is installed in a route (KTOR-4499)
• Darwin: The Content-Encoding header is removed since 3.0.3 (KTOR-8526)
• JS/WASM: response doesn't contain the Content-Length header in a browser (KTOR-8377)
• StatusPages: response headers of OutgoingContent aren't available in the status handlers (KTOR-8232)
• testApplication: The client.sse() acts like a REST call and not a stream in test environment (KTOR-7910)
• Config deserialization - default properties problem (KTOR-8654)
• kotlinx.datetime is not available transitively in 3.2.1 (KTOR-8656)
• Request builder block overrides HTTP method in specific request builders (get, post, etc) (KTOR-8636)

v3.2.1

Compare Source

Published 3 July 2025

Improvements

• Replace kotlinx.datetime APIs with kotlin.time (KTOR-8635)
• Thymeleaf: null values in template model (KTOR-8559)
• Publish Javadoc as a maven artifact (KTOR-3962)
• Netty: Invalid hex byte with malformed query string (KTOR-2934)

Bugfixes

• "Space characters in SimpleName" error when executing R8 mergeExtDex task with 3.2.0 (KTOR-8583)
• ForwardedHeaders: the plugin does not handle parameters case-insensitively (KTOR-8622)
• Potential race condition in socket.awaitClosed (hangs indefinitely) since 3.2.0 (KTOR-8618)
• Module parameter type Application.() -> kotlin.Unit is not supported in 3.2.0 (KTOR-8602)
• OkHttp: java.net.ProtocolException when sending MultiPartFormDataContent with onUpload (KTOR-6790)
• OAuth2 authentication provider breaks form-urlencoded POST requests when receiving request body (KTOR-4420)
• 404 for a link in KDoc for io.ktor.server.plugins.contentnegotiation.ContentNegotiation (KTOR-8597)
• Ktor fails to boot with default jvminline argument (KTOR-8608)
• Flow invariant is violated since 3.2.0 (KTOR-8606)
• ResponseSent hook handler of the plugin installed into a route isn't executed when an exception is thrown from the route (KTOR-6794)

v3.2.0

Compare Source

Published 12 June 2025

Features

• Dependency injection Ktor extension (KTOR-8267)
• Support Version Catalog (KTOR-8162)
• Unix domain socket support at the Ktor Engine level (KTOR-4766)
• Allow suspend Ktor modules (KTOR-8005)
• Ability to use browser cookie storage (KTOR-539)
• Configuration file deserialization (KTOR-7874)
• HttpCache: Support evicting/clearing cache (KTOR-6653)
• File configuration for dependencies (KTOR-8304)

Improvements

• Excessive allocation of ApplicationConfig when loading multiple files from CLI (KTOR-8563)
• Linux curl engine doesn't work for simultaneous websocket and http request (KTOR-8259)
• ktor-network produces ProGuard warning (KTOR-8525)
• More overloads for StringValuesBuilder.appendAll (KTOR-8573)
• HttpClientCall: Deprecate wrapWithContent and wrap (KTOR-8378)
• Add a way to create an ApplicationCall for testing (KTOR-7607)
• Configuration access API improvements (KTOR-8185)
• Application instance access in testApplication (KTOR-8215)
• The TestApplication client should be configurable and mutable (KTOR-8465)
• Support accessing resolved IP address on an instance of io.ktor.network.sockets.InetSocketAddress (KTOR-8490)
• Deprecate SaveBodyPlugin in favor of HttpClientCall.save (KTOR-8367)
• Obscure log message on server startup (KTOR-8519)
• Routing: accept should return 406 if the Accept header isn't matched (KTOR-8416)
• MicrometerMetrics: the route label can exceed length limit (KTOR-7274)
• Micrometer: Make route label configurable (KTOR-8183)
• Add more common ContentType values (KTOR-7108)

Bugfixes

• Logging/Darwin: IOException is thrown when detecting if body is a binary (KTOR-8581)
• Netty: NoSuchElementException or empty headers when responding with 204 (KTOR-8528)
• YAML configuration: NoSuchElementException when parameter is expanded with curly braces (KTOR-8575)
• ApplicationConfig: Most of the content is absent after merging configs (KTOR-8565)
• Android: "ProtocolException: TRACE does not support writing" when sending TRACE request (KTOR-8352)
• The "Content-Length: 0" header is added for GET requests sent to some servers (KTOR-6508)
• HttpRequestRetry: requests with some IOException's thrown by Java engine aren't retried (KTOR-6770)
• HttpCookies: Encoding of request cookies is not preserved in CookiesStorage (KTOR-8343)
• Url class mangles data URLs (KTOR-5708)
• SaveBodyPlugin: Logging plugin consumes response body (KTOR-6474)
• Config deserialization does not respect testApplication environment (KTOR-8436)
• Resources: Exclude a parent from query params when it is an object (KTOR-8507)
• BearerAuthProvider does not clear token if refreshTokens returns null (KTOR-8470)
• Coroutines launched from RoutingContext are not cancelled upon server shutdown (KTOR-8338)
• Application job is not joined during shutdown (KTOR-8291)
• HttpCache: InvalidCacheStateException thrown when Vary header has different entries is overly severe (KTOR-8345)
• Fix socket channel close handling (KTOR-8201)

v3.1.3

Compare Source

Published 5 May 2025

Improvements

• Implement toString for staticContentRoute (KTOR-8451)
• Don't send Authorization header for requests marked with markAsRefreshTokenRequest (KTOR-8107)
• ByteChannel single-byte operations are slow (KTOR-8412)
• Receiving multipart without Content-Length is very slow (KTOR-8407)
• MicrometerMetrics: different path 404s requests can be abused to trigger OOM (KTOR-8276)
• Compression & Static Content: No Vary Header when serving a compressed resource (KTOR-8326)
• HttpTimeout: Reference to nonexistent INFINITE_TIMEOUT_MS in the exception message (KTOR-8358)

Bugfixes

• Websockets: Unable to send a frame when ktor-serialization-kotlinx-json-jvm dependency is defined in Maven build (KTOR-7662)
• OkHttp: Cancelling of SSE request job doesn't cancel the connection (KTOR-8409)
• OkHttp: Exceptions are not propagated to flow collectors (KTOR-7947)
• OOM in CountedByteReadChannel while copying from multipart/form-data part channel (KTOR-8317)
• Apache5: "ProtocolException: OPTIONS request must have Content-Type header" is thrown when body isn't set (KTOR-8318)
• Netty/Websockets: server processes hanging in CLOSE_WAIT state after many concurrent requests (KTOR-7965)
• Update JTE to the version supporting Kotlin 2.1.0 (KTOR-8030)

v3.1.2

Compare Source

Published 27 March 2025

Improvements

• Update Kotlin to 2.1.20 (KTOR-8081)
• Remove empty artifacts from publication (KTOR-8336)

Bugfixes

• URL-safe base64 decoding problem (KTOR-8292)
• Auth: AuthTokenHolder.clearToken executed in the middle of an ongoing token update doesn't actually clear (KTOR-8312)
• Android: "Array has more than one element" error when starting a server with release build (KTOR-7298)
• WebSockets: extensions in sec-websocket-extensions header must be separated by comma (KTOR-6384)
• OkHttp: Cancelling of SSESession.incoming flow doesn't cancel connection (KTOR-8244)

v3.1.1

Compare Source

Published 24 February 2025

Improvements

• Logging: messages are printed per line with OkHttp logger format (KTOR-8218)
• WebSocket and SSE don't respect connection timeout set in the HttpTimeout plugin (KTOR-8206)

Bugfixes

• formData: implementation of copying Source is broken (KTOR-8210)
• Race condition when writing to a buffer leads to NPE inside CIOReaderKt.readFrom (KTOR-8105)
• TLS client: IOException while writing to a closed TLS socket since 3.0.0 (KTOR-7860)
• Exception thrown in onCallRespond makes the client wait for response indefinitely (KTOR-7139)
• HttpCache: Cache isn't updated when Vary header for 304 response matches but not equal to Vary for 200 response (KTOR-7104)
• OOM on SourceByteReadChannel for large input (KTOR-8190)
• ArrayIndexOutOfBounds kotlinx-io (KTOR-8096)
• NPE in readBuffer (KTOR-8086)
• JS/WASM fails with "IllegalStateException: Content-Length mismatch" on requesting gzipped content (KTOR-7934)
• Resources: a / route isn't resolved when there is a sibling staticResources (KTOR-6671)
• Server accepts \r without a following \n as a valid line terminator in chunked transfer encoding (KTOR-8015)

v3.1.0

Compare Source

Published 11 February 2025

Features

• Add reconnection in ClientSSESession (KTOR-6242)
• Add heartbeat to SSE (KTOR-7908)
• Add serialization for SSE (KTOR-7435)
• Support WebSockets in Curl engine (KTOR-5199)
• Support conversion between byte channel interfaces and kotlinx-io primitives (KTOR-7327)
• Support CIO server on WasmJS and JS targets (KTOR-865)
• Logging: Format log like OkHttp client does (KTOR-7806)
• Support static linking for curl on all platforms (KTOR-6754)
• Support ARM target in Ktor client with Kotlin/Native and Curl (KTOR-4570)
• Unix Domain Socket Support for Native Targets (KTOR-6960)
• Support receiving multipart data with Ktor client (KTOR-6632)
• Client CIO engine support for wasm-js and js (KTOR-7675)
• Support NodeJs target for ktor-network (KTOR-6004)

Improvements

• Auth: BasicAuthProvider caches credentials until process death (KTOR-7775)
• CallLogging: Unhelpful log output "Application started: ..." (KTOR-7797)
• Add operator contains to ContentType objects (KTOR-8145)
• Darwin: Ambiguous DarwinHttpRequestException for SSL Pinning failure (KTOR-6759)
• Introduce ServerSocket.port to simplify port access for the bound server (KTOR-8136)
• Java, Js, Darwin: Response header Sec-WebSocket-Protocol is missing (KTOR-6970)
• Fail to parse url: file:/path/to/file.txt (KTOR-6709)
• Auth: Make re-auth/refresh status codes configurable (KTOR-7644)
• Add media type for Yaml (KTOR-8064)
• Logging: HTTP method is logged with the class name (KTOR-8011)
• Uncaught cannot write to a channel errors from ws-pinger (KTOR-8008)
• Apache5 client: Upgrade HttpClient to 5.4 (KTOR-8080)
• Swagger: Add deepLinking configuration (KTOR-8074)
• Access to the configuration options of a HttpClient plugin to tweak or wrap them with additional logic (KTOR-7213)
• Don't publish internal test artifacts (KTOR-8058)
• Micrometer: Add UptimeMetrics to standard meterBinders (KTOR-8061)
• MicrometerMetrics: Do not write unknown HTTP method names to metrics (KTOR-7658)
• Update to Kotlin 2.1.0 (KTOR-7866)
• ByteWriteChannel is missing writeFloat()/readFloat() (KTOR-7651)
• Engine exclusion from clientTests is confusing (KTOR-7723)
• UrlBuilder: Support telephone scheme (KTOR-4816)
• Swagger UI: Missing Favicon while browsing the UI (KTOR-7893)
• ContentNegotiation client plugin: no way to opt out of Accept on a per-request basis (KTOR-7722)
• receiveMultipart throws IllegalStateException instead of UnsupportedMediaTypeException (KTOR-7470)
• Implement a suspending version of EmbeddedServer.start(wait=true) (KTOR-7459)
• Allow to Disable Body Decompression on the Server for a specific call (KTOR-7679)
• UDPSocketBuilder missing bind overload with hostName and port (KTOR-7663)
• Make Url class @​Serializable and JVM Serializable (KTOR-7620)
• Improve parsing of supported media types (MIME types) (KTOR-7586)
• Migrate to kotlin.AutoCloseable (KTOR-7606)

Bugfixes

• ByteChannel read issue on min > 1 (KTOR-8172)
• CIO Server Engine fails for requests with more than 64 headers (KTOR-8164)
• OutOfMemoryError when sending a large binary file through ByteReadChannel converted from InputStream (KTOR-6185)
• Native Windows tests failing due to port exhaustion (KTOR-7392)
• Unable to close socket with open read/write channels on Native (KTOR-8144)
• Jetty idleTimeout not working (KTOR-8138)
• Fix concurrent flush and close in the reader (KTOR-8133)
• Socket.accept doesn't throw an exception on closing a socket on Native (KTOR-8135)
• "AbortError: BodyStreamBuffer was aborted" error when canceling parent job (KTOR-7734)
• Race condition when writing to a buffer leads to NPE inside CIOReaderKt.readFrom (KTOR-8105)
• ArrayIndexOutOfBounds kotlinx-io (KTOR-8096)
• NPE in readBuffer (KTOR-8086)
• JS/WASM fails with "IllegalStateException: Content-Length mismatch" on requesting gzipped content (KTOR-7934)
• SessionStorage.read() is called for non-authenticated routes and static assets (KTOR-7194)
• Read mutipart upload regression from 2.x to 3.x (KTOR-8082)
• HttpRequestRetry: race condition for isClosedForRead leads to EOFException: Channel is already closed (KTOR-8051)
• ktor-client-curl artifacts aren’t published after EAP 1146 (KTOR-8091)
• DoubleReceive: NullPointerException caused by race condition (KTOR-8045)
• Uncaught ClosedWatchServiceException exception thrown by finalizer when closing the server (KTOR-7963)
• Curl: Error linking curl in linkDebugExecutableLinuxX64 on macOS (KTOR-6361)
• ktor-server-core: Test files are part of the distribution code (KTOR-8003)
• Windows: undefined symbols in linker when ktor-client-curl is used (KTOR-4307)
• SaveBodyPlugin: UninitializedPropertyAccessException when reading response body within receivePipeline (KTOR-7952)

v3.0.3

Compare Source

Published 18 December 2024

Bugfixes

• "Module not found" errors when executing browserProductionWebpack task since 3.0.2 (KTOR-7912)
• Darwin: "IllegalStateException: Content-Length mismatch" on requesting gzipped content (KTOR-7943)
• JS/WASM fails with "IllegalStateException: Content-Length mismatch" on requesting gzipped content (KTOR-7934)
• FormFieldLimit is overwritten by default arg (KTOR-7946)
• A Performance issue reading with ByteReadChannel.readUTF8LineTo request body (KTOR-7941)
• Installing HttpCache before ContentEncoding prevents response body to be decoded (KTOR-7830)
• TestApplication.stop() doesn't stop the application anymore (KTOR-7682)
• File is not commited after closing writeChannel() of the file (KTOR-7845)

v3.0.2

Compare Source

Published 3 December 2024

Bugfixes

• ServletResponseBody is corrupted due to the wrong offset (KTOR-7904)
• File is not commited after closing writeChannel() of the file (KTOR-7845)
• CIO: Response body truncated because read amount of bytes isn't compared against Content-Length (KTOR-7828)
• HttpCache: IndexOutOfBoundsException on malformed Cache-Control header (KTOR-7172)
• call.respondSource returns empty response but passes in tests (KTOR-7683)
• ByteReadChannel.{readShort/readInt/readLong} leads to infinite loop when required bytes distributed in flush and read buffers (KTOR-7746)
• Routing: ContentType.match doesn't match wildcard content types (KTOR-7278)
• Connections aren't released properly if there are multiple parallel connections to the same address (KTOR-7777)
• FileItem.streamProvider is deprecated and doesn't have implementation (KTOR-7731)
• MergedApplicationConfig.toMap replaces nested configs completely without merging (KTOR-7008)
• Digest Auth: Ktor 3.0.1 uses the wrong "nc" value to calculate digest (KTOR-7681)
• JS: "ReferenceError: require is not defined" when compiling to ES Module (KTOR-6158)
• Chunked transfer encoding failure not caught with retry (KTOR-7618)
• HttpCookies: IllegalArgumentException when server returns a raw cookie with not allowed characters (KTOR-7469)
• DefaultRequest: Content-Type header of default request is not overridable (KTOR-6946)

Improvements

• Support binary (Smile) encoding in JacksonConverter (KTOR-7726)
• ServiceLoader.load call is slow on Android (KTOR-7698)

v3.0.1

Compare Source

Published 29 October 2024

Bugfixes

• Remove space from the default client user agent (KTOR-7655)
• Url.segments throws on URLs with root path (KTOR-7625)
• Digest Auth does not implement nc parameter correctly according to RFC 7616 (KTOR-4318)
• about:blank URL should be parsed correctly as about:blank (KTOR-7410)
• ByteReadChannel.{readShort/readInt/readLong} could lead to CPU-bound indefinite loop since 3.0.0 (KTOR-7571)
• CIO: Requests face connection timeouts when executed on the Android main dispatcher (KTOR-6803)
• receiveMultipart fails with "IOException: Failed to parse multipart" when content-type is capitalized (KTOR-7596)

Improvements

• WebSockets logging: The plugin calls toString() unnecessarily on transformed response body (KTOR-7623)
• INFO log message with all server interceptors on server startup (KTOR-7326)
• Digest auth: username and cnonce parameters aren't surrounded with quotes (KTOR-7561)
• ContentType.fromFilePath for newer file formats HEIC, A

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
maven/com.expediagroup:graphql-kotlin-client-jackson	8.8.1	🟢 4.1	Details Check Score Reason Code-Review 🟢 6 Found 20/29 approved changesets -- score normalized to 6 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Maintained ⚠️ 0 1 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Fuzzing ⚠️ 0 project is not fuzzed Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Binary-Artifacts 🟢 6 binaries present in source code Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found Packaging 🟢 10 packaging workflow detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 34 existing vulnerabilities detected
maven/com.expediagroup:graphql-kotlin-ktor-client	8.8.1	🟢 4.1	Details Check Score Reason Code-Review 🟢 6 Found 20/29 approved changesets -- score normalized to 6 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Maintained ⚠️ 0 1 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Fuzzing ⚠️ 0 project is not fuzzed Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Binary-Artifacts 🟢 6 binaries present in source code Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found Packaging 🟢 10 packaging workflow detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 34 existing vulnerabilities detected
maven/com.expediagroup:graphql-kotlin-maven-plugin	8.8.1	🟢 4.1	Details Check Score Reason Code-Review 🟢 6 Found 20/29 approved changesets -- score normalized to 6 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Maintained ⚠️ 0 1 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Fuzzing ⚠️ 0 project is not fuzzed Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Binary-Artifacts 🟢 6 binaries present in source code Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found Packaging 🟢 10 packaging workflow detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 34 existing vulnerabilities detected
maven/com.ninja-squad:springmockk	5.0.1	🟢 4.2	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow ⚠️ -1 no workflows found Maintained 🟢 10 12 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions ⚠️ -1 No tokens found Binary-Artifacts 🟢 9 binaries present in source code Code-Review ⚠️ 0 Found 0/23 approved changesets -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies ⚠️ -1 no dependencies found Vulnerabilities 🟢 10 0 existing vulnerabilities detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
maven/io.github.oshai:kotlin-logging-jvm	7.0.14	Unknown	Unknown
maven/io.ktor:ktor-client-logging-jvm	3.3.3	🟢 4.4	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 10 all changesets reviewed Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Packaging 🟢 10 packaging workflow detected Binary-Artifacts ⚠️ 0 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities ⚠️ 2 8 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
maven/io.mockk:mockk-jvm	1.14.7	🟢 4.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 4 security policy file detected Code-Review ⚠️ 2 Found 5/17 approved changesets -- score normalized to 2 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 9 binaries present in source code Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Vulnerabilities 🟢 10 0 existing vulnerabilities detected Pinned-Dependencies ⚠️ 2 dependency not pinned by hash detected -- score normalized to 2 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
maven/org.apache.maven.plugins:maven-compiler-plugin	3.14.1	🟢 5.6	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Code-Review 🟢 6 Found 13/19 approved changesets -- score normalized to 6 Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 5 5 existing vulnerabilities detected
maven/org.apache.maven.plugins:maven-enforcer-plugin	3.6.2	Unknown	Unknown
maven/org.apache.maven.plugins:maven-surefire-plugin	3.5.4	🟢 4.9	Details Check Score Reason Code-Review 🟢 4 Found 6/13 approved changesets -- score normalized to 4 Maintained 🟢 10 20 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 26 existing vulnerabilities detected
maven/org.codehaus.mojo:build-helper-maven-plugin	3.6.1	🟢 3.2	Details Check Score Reason Code-Review ⚠️ 1 Found 3/17 approved changesets -- score normalized to 1 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Maintained ⚠️ 0 1 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 3 7 existing vulnerabilities detected

Scanned Files

• pom.xml