Skip to content

chore: bump the gradle-updates group across 1 directory with 2 updates #111

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore: bump the gradle-updates group across 1 directory with 2 updates #111

wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 27, 2025

Bumps the gradle-updates group with 2 updates in the / directory: com.google.crypto.tink:tink and io.kotest:kotest-bom.

Updates com.google.crypto.tink:tink from 1.18.0 to 1.19.0

Release notes

Sourced from com.google.crypto.tink:tink's releases.

Tink Java v1.19.0

Tink is a multi-language, cross-platform library that provides simple and misuse-proof APIs for common cryptographic tasks.

This is Tink Java 1.19

The complete list of changes since 1.18.0 can be found here.

Build changes

  • For Bazel builds, we now use Bazel 7.6.1. in our tests.
  • For Bazel builds, Tink now supports bzlmod.
  • Tink no longer supports Java 8. The minimum version starting from 1.19.0 is Java 11.

Dependencies

  • Protobuf 4.28.2 was upgraded to Protobuf 4.32.1. (Note: we plan to shade protobuf in the next minor version of Tink which should resolve compatibility issues)

Obscure behaviour changes

  • Tink will reject custom key types where the Type-Url has non-ASCII characters.

  • Tink may serialize keysets slightly differently in certain cases. For example, in the serialization of a ECDSA keyset, the points might be padded differently than before. Users should not depend on the exact format of Tink's serialization.

  • Use Conscrypt's AES-CMAC implementation when available and when the input is larger than 64 byte. This may improves the performance of AES-CMAC, AES-SIV and AES-EAX for large inputs.

  • Removed usage of thread-local Ciphers for ChaCha20Poly1305.

Added APIs

  • Added public JwtEcdsaParameters.Algorithm.getEcParameterSpec method.

  • The AES-SIV implementation in subtle now accepts multiple associated datas.

Future work

To see what we're working towards, check our project roadmap.

Getting started

To get started using Tink, see the setup guide.

Maven:

<dependency>
    <groupId>com.google.crypto.tink</groupId>
    <artifactId>tink</artifactId>
</tr></table>

... (truncated)

Commits
  • 55c022d Do not use "--verbose" on the invocation of curl as it leaks the token.
  • cbb9892 Fix the lib_name for tink-android.
  • 3c34c33 Only put the actual checksums into the checksums file.
  • bb2f27b Tag version as 1.19.0.
  • 87d732d Fix the path to the encrypted token.
  • 0c8c5ef Fix the path to encrypted_password.
  • d761f4d Use the correct suffix for the tinkey_release_wrapping_key.
  • d5b7ad9 Finish the release automation.
  • 022c2b7 Write the key and passphrase into the (hopefully) correct path.
  • d0f1937 Update the Java version to 1.19.0-pre0.
  • Additional commits viewable in compare view

Updates io.kotest:kotest-bom from 6.0.3 to 6.0.4

Release notes

Sourced from io.kotest:kotest-bom's releases.

v6.0.4

What's Changed

New Contributors

Full Changelog: kotest/kotest@v6.0.3...v6.0.4

Commits
  • 7b2ed08 Add tests to validate tag useage
  • f69f07c Add timeout handling to eventually (#5134)
  • c199226 Enable to call afterSpec hooks on InstancePerLeaf correctly (#5114)
  • a903c8f Restrict @​ApplyExtension to the target class (#5133)
  • 7c28f43 Add tests for nested classes and anonymous types in equality matchers; handle...
  • c1c73bb Correct spelling of DISABLE_NAN_NEQUALITY constant and add deprecated alias...
  • 01ae08d Alex/fail softly (#5128) (#5129)
  • d80b955 PackageConfig checked bug (#5131)
  • 77f1515 Refactor TestEngineLauncher usage in system property timeout tests to use `...
  • bcc1cd0 Fix kotest plugin in project with Kotlin 2.2.20 (#5106)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore: bump the gradle-updates group across 1 directory with 2 updates
454aff8 
Bumps the gradle-updates group with 2 updates in the / directory: [com.google.crypto.tink:tink](https://github.com/tink-crypto/tink-java) and [io.kotest:kotest-bom](https://github.com/kotest/kotest).


Updates `com.google.crypto.tink:tink` from 1.18.0 to 1.19.0
- [Release notes](https://github.com/tink-crypto/tink-java/releases)
- [Commits](tink-crypto/tink-java@v1.18.0...v1.19.0)

Updates `io.kotest:kotest-bom` from 6.0.3 to 6.0.4
- [Release notes](https://github.com/kotest/kotest/releases)
- [Commits](kotest/kotest@6.0.3...6.0.4)

---
updated-dependencies:
- dependency-name: com.google.crypto.tink:tink
  dependency-version: 1.19.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gradle-updates
- dependency-name: io.kotest:kotest-bom
  dependency-version: 6.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gradle-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Oct 27, 2025
@dependabot dependabot bot requested a review from cloudshiftchris as a code owner October 27, 2025 13:33
@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Oct 27, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cloudshiftchris cloudshiftchris Awaiting requested review from cloudshiftchris cloudshiftchris is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file java Pull requests that update Java code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant