Update Samples dependencies

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	Age	Adoption	Passing	Confidence
gradle (source)		minor	8.12 -> 8.13
ch.qos.logback:logback-classic (source, changelog)	dependencies	patch	1.5.16 -> 1.5.18
org.jetbrains.kotlinx:kotlinx-rpc-krpc-ktor-server	dependencies	minor	0.5.1 -> 0.6.0
org.jetbrains.kotlinx:kotlinx-rpc-krpc-ktor-client	dependencies	minor	0.5.1 -> 0.6.0
org.jetbrains.kotlinx:kotlinx-rpc-krpc-serialization-json	dependencies	minor	0.5.1 -> 0.6.0
org.jetbrains.kotlinx:kotlinx-rpc-krpc-server	dependencies	minor	0.5.1 -> 0.6.0
org.jetbrains.kotlinx:kotlinx-rpc-krpc-client	dependencies	minor	0.5.1 -> 0.6.0
io.grpc:grpc-netty	dependencies	minor	1.69.0 -> 1.71.0
org.jetbrains.kotlinx:kotlinx-rpc-grpc-core	dependencies	patch	0.5.1-grpc-16 -> 0.5.1-grpc-39
org.jetbrains.kotlinx.rpc.plugin	plugin	minor	0.5.1 -> 0.6.0
org.jetbrains.kotlinx:kotlinx-rpc-core	dependencies	minor	0.5.1 -> 0.6.0
org.jetbrains.kotlinx:kotlinx-serialization-core	dependencies	patch	1.8.0 -> 1.8.1
org.jetbrains.kotlinx:kotlinx-serialization-json	dependencies	patch	1.8.0 -> 1.8.1
io.ktor.plugin	plugin	minor	3.0.3 -> 3.1.2
io.ktor:ktor-client-js	dependencies	minor	3.0.3 -> 3.1.2
io.ktor:ktor-client-cio	dependencies	minor	3.0.3 -> 3.1.2
io.ktor:ktor-client-websockets	dependencies	minor	3.0.3 -> 3.1.2
io.ktor:ktor-client-core	dependencies	minor	3.0.3 -> 3.1.2
io.ktor:ktor-server-test-host	dependencies	minor	3.0.3 -> 3.1.2
io.ktor:ktor-server-host-common-jvm	dependencies	minor	3.0.3 -> 3.1.2
io.ktor:ktor-server-websockets-jvm	dependencies	minor	3.0.3 -> 3.1.2
io.ktor:ktor-server-cors-jvm	dependencies	minor	3.0.3 -> 3.1.2
io.ktor:ktor-server-netty-jvm	dependencies	minor	3.0.3 -> 3.1.2
io.ktor:ktor-server-core-jvm	dependencies	minor	3.0.3 -> 3.1.2
io.ktor:ktor-serialization-kotlinx-json	dependencies	minor	3.0.3 -> 3.1.2
io.ktor:ktor-client-serialization	dependencies	minor	3.0.3 -> 3.1.2
io.ktor:ktor-client-content-negotiation	dependencies	minor	3.0.3 -> 3.1.2
io.ktor:ktor-client-okhttp	dependencies	minor	3.0.3 -> 3.1.2
io.ktor:ktor-client-websockets-js	dependencies	minor	3.0.3 -> 3.1.2
io.ktor:ktor-server-cio	dependencies	minor	3.0.3 -> 3.1.2
org.jetbrains.compose	plugin	patch	1.8.0-alpha01 -> 1.8.0-SNAPSHOT+pull-5245
androidx.compose.ui:ui-tooling-preview (source)	dependencies	patch	1.7.6 -> 1.7.8
androidx.compose.ui:ui-tooling (source)	dependencies	patch	1.7.6 -> 1.7.8
com.google.protobuf	plugin	patch	0.9.4 -> 0.9.5
org.jetbrains.kotlinx.rpc.plugin	plugin	minor	0.5.1-grpc-16 -> 0.6.0
androidx.constraintlayout:constraintlayout (source)	dependencies	patch	2.2.0 -> 2.2.1
androidx.compose.foundation:foundation (source)	dependencies	patch	1.7.6 -> 1.7.8
androidx.compose.ui:ui-test-junit4 (source)	dependencies	patch	1.7.6 -> 1.7.8
androidx.compose.ui:ui-test-manifest (source)	dependencies	patch	1.7.6 -> 1.7.8
androidx.compose.ui:ui-graphics (source)	dependencies	patch	1.7.6 -> 1.7.8
androidx.compose.ui:ui (source)	dependencies	patch	1.7.6 -> 1.7.8
androidx.activity:activity-compose (source)	dependencies	minor	1.9.3 -> 1.10.1
org.jetbrains.kotlin-wrappers:kotlin-wrappers-bom	dependencies	minor	2025.1.2 -> 2025.4.5
com.android.library (source)	plugin	minor	8.8.0-alpha05 -> 8.9.1
com.android.application (source)	plugin	minor	8.8.0-alpha05 -> 8.9.1
com.android.application (source)	plugin	minor	8.8.0 -> 8.9.1

---

Release Notes

gradle/gradle (gradle)

v8.13

Compare Source

v8.12.1: 8.12.1

Compare Source

The Gradle team is excited to announce Gradle 8.12.1.

Read the Release Notes

We would like to thank the following community members for their contributions to this release of Gradle:
Abhiraj Adhikary,
Ayush Saxena,
Björn Kautler,
davidburstrom,
Dominic Fellbaum,
Emmanuel Ferdman,
Finn Petersen,
Johnny Lim,
Mahdi Hosseinzadeh,
Martin Bonnin,
Paint_Ninja,
Petter Måhlén,
Philip Wedemann,
stegeto22,
Tanish,
TheGoesen,
Tim Nielens,
Trout Zhang,
Victor Merkulov

Upgrade instructions

Switch your build to use Gradle 8.12.1 by updating your wrapper:

./gradlew wrapper --gradle-version=8.12.1

See the Gradle 8.x upgrade guide to learn about deprecations, breaking changes and other considerations when upgrading.

For Java, Groovy, Kotlin and Android compatibility, see the full compatibility notes.

Reporting problems

If you find a problem with this release, please file a bug on GitHub Issues adhering to our issue guidelines.
If you're not sure you're encountering a bug, please use the forum.

We hope you will build happiness with Gradle, and we look forward to your feedback via Twitter or on GitHub.

Kotlin/kotlinx-rpc (org.jetbrains.kotlinx:kotlinx-rpc-krpc-ktor-server)

v0.6.0

Compare Source

Published 4 April 2025

Features 🎉

• 2.1.20 by @​Mr3zee in https://github.com/Kotlin/kotlinx-rpc/pull/309
• Non suspend flow by @​Mr3zee in https://github.com/Kotlin/kotlinx-rpc/pull/299

Documentation 📗

• Update gRPC Docs and Sample by @​Mr3zee in https://github.com/Kotlin/kotlinx-rpc/pull/284

Infra 🚧

• Update monitior by @​Mr3zee in https://github.com/Kotlin/kotlinx-rpc/pull/282
• Fix build config for for-ide builds by @​Mr3zee in https://github.com/Kotlin/kotlinx-rpc/pull/287
• Update build for custom KC versions by @​Mr3zee in https://github.com/Kotlin/kotlinx-rpc/pull/293
• Fix kotlin master compilation by @​Mr3zee in https://github.com/Kotlin/kotlinx-rpc/pull/306

Other Changes 🧹

• Upgrade Gradle to 8.12.1 by @​Mr3zee in https://github.com/Kotlin/kotlinx-rpc/pull/286
• Version 0.6.0-SNAPSHOT by @​Mr3zee in https://github.com/Kotlin/kotlinx-rpc/pull/283
• Update leftover sources from jvm-only to kmp by @​Mr3zee in https://github.com/Kotlin/kotlinx-rpc/pull/300
• KRPC-129 Move compatibility tests from Toolbox to Kotlin RPC repo by @​Mr3zee in https://github.com/Kotlin/kotlinx-rpc/pull/304
• Dependency bump by @​Mr3zee in https://github.com/Kotlin/kotlinx-rpc/pull/303
• Better compiler error message for checked annotations by @​Mr3zee in https://github.com/Kotlin/kotlinx-rpc/pull/302

Full Changelog: 0.5.1...0.6.0

grpc/grpc-java (io.grpc:grpc-netty)

v1.71.0

API Changes

• xds: Enable Xds Client Fallback by default. This allows having a backup xDS server as described in gRFC A71-xds-fallback.md (#​11817) (176f3ee)
• protobuf: Experimental API marshallerWithRecursionLimit in ProtoUtils is now stabilized (#​11884) (90b1c4f)

Bug Fixes

• xds: Cluster weights should be uint32 (199a7ea). They were previously processed as int32, although the sum of weights was checked to be positive. So this would have caused a very large weight to never be selected and to reduce the chances of immediately-following clusters to be selected. There have been no reports of control planes using such large weights
• xds: Fix an unlikely infinite loop triggered by route update (199a7ea). Triggering required the old cluster to no longer be used, an RPC processing when the update arrived, and for a RPC to not match any route in the new config. There have been no reports of this actually happening
• core: Release data frame if it is received before the headers (dc316f7)

Improvements

• Replace jsr305's CheckReturnValue with Error Prone's (#​11811) (7b5d069)
• core: optimize number of buffer allocations for message sizes larger than 1 MB (#​11879) (5a7f350)
• core: Update the retry backoff range from [0, 1] to [0.8, 1.2] as per the A6 redefinition (#​11858) (44e92e2)
• core: include last pick status in status message when wait-for-ready RPC’s deadline expires (#​11851) (7585b16). This makes it much easier to debug connectivity issues when using wait-for-ready RPCs
• xds: Include max concurrent request limit in the error status for concurrent connections limit exceeded (#​11845) (0f5503e)
• netty, servlet: Remove 4096 min write buffer size because MessageFramer.flush() is being called between every message, so messages are never combined and the larger allocation just wastes memory. (4a10a38, 7153ff8)
• core: When ClientStreamObserver closes the response observer log the error message if this operation fails (#​11880) (302342c)
• bom: use gradle java-platform to build pom instead of custom xml generation (#​11875) (3142928)
• xds: Reuse filter interceptors on client-side across RPCs (c506190, b3db8c2). This was an internal refactor that should have no user-visible change
• alts: Enhance AltsContextUtil to allow getting the AltsContext on client-side (b1bc0a9)
• xds: Envoy proto sync to 2024-11-11 (#​11816) (b44ebce)

Documentation

• examples: Update HelloWorldServer to use Executor (#​11850) (16edf7a)
• examples: Add README for all examples lacking it (#​11676) (9e86299)

Dependencies

• Version upgrades (#​11874) (fc8571a)
• Upgrade netty-tcnative to 2.0.70 (122b683)

Thanks to

@​benjamin
@​panchenko
@​harshagoo94
@​NaveenPrasannaV

v1.70.0

Bug Fixes

• Re-enable animalsniffer, fixing most violations (8ea3629). Violations would only have triggered on API level 23 and earlier, and the violations fixed here were highly unlikely to be triggered
• api: Fix Android API level 23 and earlier compatibility for StatusRuntimeException without stacktrace (#​11072) (ebe2b48). This fixes a regression introduced in 1.64.0. The regression should have caused failures on API level 23 and earlier when a StatusRuntimeException or StatusException was created. However, for unknown reasons tests on old devices didn’t notice issues
• okhttp: Improve certificate handling by rejecting non-ASCII subject alternative names and hostnames as seen in CVE-2021-0341 (#​11749) (a0982ca). Hostnames are considered trusted and CAs are required to use punycode for non-ASCII hostnames, so this is expected to provide defense-in-depth. See also the related GoSecure blog post and the AOSP fix
• okhttp: Fix for ipv6 link local with scope (#​11725) (65b32e6)
• xds: Preserve nonce when unsubscribing last watcher of a particular type so that new discovery requests of that type are handled correctly (1cf1927). This (along with 6c12c2b) fixes a nonce-handling regression introduced in 1.66.0 that could cause resources to appear to not exist until re-creating the ADS stream. Triggering the behavior required specific config changes. It is easiest to trigger when clusters use EDS and routes are changed from one cluster to another. The error “found 0 leaf (logical DNS or EDS) clusters for root cluster” might then be seen
• xds: Remember nonces for unknown types (6c12c2b)
• xds: Unexpected types in the bootstrap’s server_features should be ignored (e8ff6da). They were previously required to be strings
• xds: Remove xds authority label from metric registration (#​11760) (6516c73). This fixes the error “Incorrect number of required labels provided. Expected: 4” introduced in 1.69.0
• xds: Fixed unsupported unsigned 32 bits issue for circuit breaker (#​11735) (f8f6139). This fixes clients treating large max_requests as “no requests” and failing all requests

Improvements

• api: Introduce custom NameResolver.Args (#​11669) (0b2d440)
• stub: Introduce new API: BlockingStubV2 which supports Bidi streaming, Client streaming, a cleaner Server streaming and Unary RPCs (#​10318) (ea8c31c)
• bazel: Remove workaround for DoNotCall fixed in Bazel 3.4 (805cad3)
• binder: A standard API for pointing resolvers at a different Android User. (#​11775) (1126a8e)
• xds: Fix XDS control plane client retry timer backoff duration when connection closes after results are received (#​11766) (ef7c2d5)
• xds: Parsing xDS Cluster Metadata (#​11741) (1edc4d8). Not used actively, but this adds validation. The validation is unlikely to fail but may reject invalid resources.
• xds: Use "#server" as dataplane target value for xDS enabled gRPC servers (#​11715) (ebb43a6). This only impacts the grpc.target label in grpc.xds_client.* metrics. Previously the empty string was used
• rls: Reduce RLS debug channel logging (7f9c1f3). This only matters when debug logging is enabled

Documentation

• examples: Simplify graceful shutdown in Hostname example (f1109e4)
• examples: Remove references to maven-central.storage-download.googleapis.com (c96e926)
• examples: Updated the attachHeaders to newAttachHeadersInterceptor in HeaderClientInterceptor (#​11759) (5e8abc6)

Dependencies

• Bazel 8 is released, so replace Bazel 6 testing with Bazel 7 (8a5f777)

Thanks to

• @​panchenko
• @​benjaminp
• @​ZachChuba
• @​vinodhabib

v1.69.1

Bug Fixes

• okhttp: Improve certificate handling by rejecting non-ASCII subject alternative names and hostnames as seen in CVE-2021-0341 (#​11749) (a0982ca). Hostnames are considered trusted and CAs are required to use punycode for non-ASCII hostnames, so this is expected to provide defense-in-depth. See also the related GoSecure blog post and the AOSP fix
• xds: Preserve nonce when unsubscribing last watcher of a particular type so that new discovery requests of that type are handled correctly (1cf1927). This (along with 6c12c2b) fixes a nonce-handling regression introduced in 1.66.0 that could cause resources to appear to not exist until re-creating the ADS stream. Tr

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.