chore: bump the gradle-updates group across 1 directory with 4 updates

[dependabot]

Bumps the gradle-updates group with 4 updates in the / directory: com.google.crypto.tink:tink, com.squareup.okhttp3:okhttp-bom, io.mockk:mockk and com.diffplug.spotless.

Updates com.google.crypto.tink:tink from 1.17.0 to 1.18.0

Release notes

Sourced from com.google.crypto.tink:tink's releases.

Tink Java v1.18.0

Tink is a multi-language, cross-platform library that provides simple and misuse-proof APIs for common cryptographic tasks.

This is Tink Java 1.18.0

The complete list of changes since 1.17.0 can be found here.

Dropped support

• Tink Android no longer supports API level 21 and 22. From Tink 1.18.0, the minimum API level is 23.

• Removed Registry.wrap. This API cannot have been used by users: the PrimitiveSet needed for it was already moved to internal in Tink 1.13.0.

New Features

• Use Conscrypt's implementation of Ed25519 when available.

• Improved performance of AES-GCM-SIV.

• Tink now provides a flag GlobalTinkFlags.validateKeysetsOnParsing(). If set to true, Tink will run certain validations on a keyset before it creates a KeysetHandle. We plan to flip the default of this flag to true in Tink 2.0.

Bug fixes

• AeadConfig.register() now always registers AES-GCM-SIV. If it's not supported by the registered JCE Providers, it will fail when the primitive is created.

• The Aead implementation returned by com.google.crypto.tink.integration.android.AndroidKeystore.getAead() created invalid ciphertexts on Android API version 28 and older when the input was larger than 128kB. Now, it throws an exception instead.

• JwtHmacKey, LegacyKmsAeadKey, and LegacyKmsEnvelopeAeadKey are now final. These cannot be properly subclassed as this would break equalsKey.

Obscure behaviour changes

• Primitive creation of AES-GCM-SIV now will fail if the algorithm is not available. Previously, this used to work with some Configurations succeeding and the primitive then failed when encrypt or decrypt was called.

Future work

To see what we're working towards, check our

... (truncated)

Commits

• 50ca1dd Bump tink-java version to 1.18.0
• 230f661 Simplify AES-EAX.
• 16c9356 Add a helper class which we might use in the future to provide HPKE backed by...
• 00de94d Do not allow "null" for info in decryptAuthenticatedWithEncapsulatedKeyAndP25...
• fc8d8ed Add a helper class which we might use in the future to provide HPKE backed by...
• 1b3af0a Add option to pass additional mount flag to docker run command.
• 633eff2 Add another test based on the vectors in HpkeTestUtil.
• 7781039 Add a helper class which we might use in the future to provide HPKE backed by...
• 3880d1c Automated Code Change
• c78de3f Rename "run_command.sh" to "docker_execute.sh".
• Additional commits viewable in compare view

Updates com.squareup.okhttp3:okhttp-bom from 5.0.0-alpha.16 to 5.1.0

Changelog

Sourced from com.squareup.okhttp3:okhttp-bom's changelog.

Version 5.1.0

2025-07-07

• New: Response.peekTrailers(). When we changed Response.trailers() to block instead of throwing in 5.0.0, we inadvertently removed the ability for callers to peek the trailers (by catching the IllegalStateException if they weren't available). This new API restores that capability.

• Fix: Don't crash on trailers() if the response doesn't have a body. We broke [Retrofit] users who read the trailers on the raw() OkHttp response, after its body was decoded.

Version 5.0.0

2025-07-02

This is our first stable release of OkHttp since 2023. Here's the highlights if you're upgrading from OkHttp 4.x:

OkHttp is now packaged as separate JVM and Android artifacts. This allows us to offer platform-specific features and optimizations. If your build system handles [Gradle module metadata], this change should be automatic.

MockWebServer has a new coordinate and package name. We didn’t like that our old artifact depends on JUnit 4 so the new one doesn’t. It also has a better API built on immutable values. (We intend to continue publishing the old okhttp3.mockwebserver artifact so there’s no urgency to migrate.)

Coordinate	Package Name	Description
com.squareup.okhttp3:mockwebserver3:5.0.0	mockwebserver3	Core module. No JUnit dependency!
com.squareup.okhttp3:mockwebserver3-junit4:5.0.0	mockwebserver3.junit4	Optional JUnit 4 integration.
com.squareup.okhttp3:mockwebserver3-junit5:5.0.0	mockwebserver3.junit5	Optional JUnit 5 integration.
com.squareup.okhttp3:mockwebserver:5.0.0	okhttp3.mockwebserver	Obsolete. Depends on JUnit 4.

OkHttp now supports Happy Eyeballs ([RFC 8305][rfc_8305]) for IPv4+IPv6 networks. It attempts both IPv6 and IPv4 connections concurrently, keeping whichever connects first.

We’ve improved our Kotlin APIs. You can skip the builder:

val request = Request(
  url = "https://cash.app/".toHttpUrl(),
)

OkHttp now supports [GraalVM].

Here’s what has changed since 5.0.0-alpha.17:

... (truncated)

Commits

• d2dd180 Prepare for release 5.1.0.
• 61a8735 New Response.peekTrailers() API (#8921)
• 6684401 Update dependency gradle to v8.14.3 (#8915)
• 7adb2b6 Update junit-framework monorepo (#8914)
• e41ff18 Link to new mockwebserver artifacts (#8911)
• 0ff8751 Remove Graal init tracing (#8909)
• b9a2560 Run graal on master (#8907)
• 8339524 Remove ExperimentalOkHttpApi references (#8908)
• ce29ef6 Fix graal tests (#8906)
• 8579689 Don't force a response body read on all trailers (#8904)
• Additional commits viewable in compare view

Updates io.mockk:mockk from 1.14.2 to 1.14.4

Release notes

Sourced from io.mockk:mockk's releases.

1.14.4

This release is functionally equivalent to v1.14.3, I just wanted to try out the new publishing process that uses Maven Central instead of OSSRH.

Full Changelog: mockk/mockk@1.14.3...1.14.4

1.14.3

What's Changed

• chore: bump byte buddy version to support java 24 by @​Komdosh in mockk/mockk#1387
• chore: bump gradle version to 8.14 by @​Komdosh in mockk/mockk#1389
• chore: bump dokka, kotlinx.coroutines, slf4j, logback, junit jupiter by @​Komdosh in mockk/mockk#1388
• Add recursive detection of meta-annotations by @​VitalyVPinchuk in mockk/mockk#1393
• chore: bump kotlin to 2.1.20 by @​Komdosh in mockk/mockk#1390
• fix: enable confirmVerified to work with static mocks by @​happysubin in mockk/mockk#1396
• Add logging on failure inside withArg by @​Djaler in mockk/mockk#1395
• Update Android aritfacts to support 16kb page sizes by @​WhosNickDoglio in mockk/mockk#1394
• Use instance factory for value classes with any() matcher by @​esafak in mockk/mockk#1403

New Contributors

• @​Komdosh made their first contribution in mockk/mockk#1387
• @​happysubin made their first contribution in mockk/mockk#1396
• @​Djaler made their first contribution in mockk/mockk#1395
• @​WhosNickDoglio made their first contribution in mockk/mockk#1394
• @​esafak made their first contribution in mockk/mockk#1403

Full Changelog: mockk/mockk@1.14.2...1.14.3

Commits

• 80062c4 New publishing process to maven central
• ff28c49 Fix broken build
• 18a9f51 Version bump
• c3aa4db Merge pull request #1403 from esafak/fix-value-class-instance-factory
• 5e49821 Use instance factory for value classes with any() matcher
• b03c36f Merge pull request #1394 from WhosNickDoglio/ndoglio/agp-upgrade
• f00c780 Add an article to the README
• ef21035 Merge pull request #1395 from Djaler/withArg-logging
• a685387 Update CMakeList.txt file to include change to compile app using 16KB ELF ali...
• 4bf4ec7 Merge pull request #1396 from happysubin/master
• Additional commits viewable in compare view

Updates com.diffplug.spotless from 7.0.4 to 7.1.0

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

The reviewers field in the dependabot.yml file will be removed soon. Please use the code owners file to specify reviewers for Dependabot PRs. For more information, see this blog post.

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.