[Tech] Bump the non-major-dependencies group across 1 directory with 18 updates

[dependabot]

Bumps the non-major-dependencies group with 17 updates in the /backend directory:

Package	From	To
org.springframework.boot:spring-boot-dependencies	4.0.2	4.0.3
org.hibernate.orm:hibernate-spatial	7.2.1.Final	7.2.7.Final
org.geolatte:geolatte-geom	1.9.1	1.11
io.ktor:ktor-client-core	3.4.0	3.4.1
io.ktor:ktor-client-java	3.4.0	3.4.1
io.ktor:ktor-client-content-negotiation	3.4.0	3.4.1
io.ktor:ktor-serialization-kotlinx-json	3.4.0	3.4.1
io.ktor:ktor-client-mock	3.4.0	3.4.1
io.sentry:sentry	8.31.0	8.35.0
io.sentry:sentry-log4j2	8.31.0	8.35.0
org.springdoc:springdoc-openapi-starter-webmvc-ui	3.0.1	3.0.2
jvm	2.2.21	2.3.20
plugin.spring	2.2.21	2.3.20
plugin.allopen	2.2.21	2.3.20
plugin.noarg	2.2.21	2.3.20
plugin.jpa	2.2.21	2.3.20
plugin.serialization	2.2.21	2.3.20

Updates org.springframework.boot:spring-boot-dependencies from 4.0.2 to 4.0.3

Release notes

Sourced from org.springframework.boot:spring-boot-dependencies's releases.

v4.0.3

⭐ New Features

• Add TWENTY_SIX to JavaVersion enum #49193

🐞 Bug Fixes

• Jackson properties may not be applied correctly to RestClients #49223
• ClassNotFoundException when using Actuator without spring-boot-health #49196
• Using the OTel and Zipkin starters together creates invalid configuration #49183
• Whitespace can be incorrectly removed when spring-boot-configuration-processor runs on multi-line javadoc #49060
• Jackson2HttpMessageConvertersConfiguration uses ConditionOn Jackson3 XMLMapper class #49015
• server.jetty.threads.max is ignored when using virtual threads #48989
• Slice test includes fail to load when using spring-boot-starter-test-classic #48981
• Docker credential helpers with file extensions cannot be executed on Windows #48979
• Java version requirement check for native image is confusing if AOT didn't run #48963
• TestPropertyValues.Pair.fromMapEntry(Entry<String, String>) does not comply with its nullability contract #48948

📔 Documentation

• Couchbase and Kafka are incorrectly listed as supporting SSL with Docker Compose #49212
• Document that use of non idiomatic format for '@Value' still apply for environment variables #49109
• Document naming convention for custom test-scoped starters #49017
• Delay removal of Jackson 2 support until 4.3 at the earliest #49010
• LICENSE.txt and NOTICE.txt files have the wrong content in the latest releases #49003
• ApplicationContextAssert documents a non-existent assertion in getFailure() #48977
• Highlight the importance of the preStop hook when configuring Kubernetes probes #48946

🔨 Dependency Upgrades

• Upgrade to AssertJ 3.27.7 #49095
• Upgrade to Elasticsearch Client 9.2.5 #49184
• Upgrade to Groovy 5.0.4 #49097
• Upgrade to Hibernate 7.2.3.Final #49098
• Upgrade to Hibernate 7.2.4.Final #49167
• Upgrade to Jaybird 6.0.4 #49099
• Upgrade to JBoss Logging 3.6.2.Final #49100
• Upgrade to Jersey 4.0.2 #49101
• Upgrade to Jetty 12.1.6 #49102
• Upgrade to jOOQ 3.19.30 #49103
• Upgrade to JUnit Jupiter 6.0.3 #49233
• Upgrade to Logback 1.5.29 #49169
• Upgrade to Logback 1.5.32 #49245
• Upgrade to Micrometer 1.16.3 #49111
• Upgrade to Micrometer Tracing 1.6.3 #49112
• Upgrade to MongoDB 5.6.3 #49105
• Upgrade to MySQL 9.6.0 #49106
• Upgrade to Netty 4.2.10.Final #49107
• Upgrade to Postgresql 42.7.10 #49202
• Upgrade to Reactor Bom 2025.0.3 #49087

... (truncated)

Commits

• 1ab1436 Release v4.0.3
• 5cc488d Merge branch '3.5.x' into 4.0.x
• 9138ae2 Next development version (v3.5.12-SNAPSHOT)
• a7e63a7 Merge branch '3.5.x' into 4.0.x
• 54ab3c5 Align "noteworthy" issues in release notes with Spring Framework
• b3ae5b1 Merge branch '3.5.x' into 4.0.x
• 996664f Temporarily switch Docker to overlay2
• 1ce8743 Revert "Temporarily disable containerd snapshotter"
• 5ba88c6 Temporarily disable containerd snapshotter
• 1f1a88c Revert "Temporarily update system tests to use specific platform"
• Additional commits viewable in compare view

Updates org.hibernate.orm:hibernate-spatial from 7.2.1.Final to 7.2.7.Final

Release notes

Sourced from org.hibernate.orm:hibernate-spatial's releases.

Release 7.2.7

Hibernate ORM 7.2.7.Final released

Today, we published a new release of Hibernate ORM 7.2: 7.2.7.Final.

You can find the full list of 7.2.7.Final changes here.

What's new

• See the website for requirements and compatibilities.
• See the What's New guide for details about new features and capabilities.
• See the Migration Guide for details about migration.

Conclusion

For additional details, see:

• the release page
• the Migration Guide
• the Introduction Guide
• the User Guide
• the API docs

See also the following resources related to supported APIs:

• the compatibility policy
• the incubating API report (@Incubating)
• the deprecated API report (@Deprecated + @Remove)
• the internal API report (internal packages, @Internal)

Visit the website for details on getting in touch with us.

Release 7.2.6

Hibernate ORM 7.2.6.Final released

Today, we published a new release of Hibernate ORM 7.2: 7.2.6.Final.

You can find the full list of 7.2.6.Final changes here.

What's new

• See the website for requirements and compatibilities.
• See the What's New guide for details about new features and capabilities.
• See the Migration Guide for details about migration.

Conclusion

... (truncated)

Changelog

Sourced from org.hibernate.orm:hibernate-spatial's changelog.

Changes in 7.2.7.Final (March 15, 2026)

https://hibernate.atlassian.net/projects/HHH/versions/38116

** Bug * HHH-20253 ClassCastException when using hibernate-enhance-maven-plugin plugin * HHH-20229 logFlushResults ko with a @​AnyKeyJavaClass(String.class) * HHH-20224 Exception when calling treat() twice * HHH-20212 Jakarta Data Repository implementation with custom session getter does not compile * HHH-20200 Select query returns soft deleted entries with Inheritance.TABLE_PER_CLASS * HHH-20199 Regression Hibernate 7: Using an AdditionalMappingContributor leads to a rescan of Entities that breaks when @​Converters are present * HHH-20010 Infinite loop with nested embeddable * HHH-9499 MappingException when JOINED Inheritance and bidirectional references

Changes in 7.2.6.Final (March 01, 2026)

https://hibernate.atlassian.net/projects/HHH/versions/37978

** Bug * HHH-20176 Native Query cache causing ArrayIndexOutOfBoundsException with extra columns * HHH-19917 Bytecode-enhanced dirty tracking fails for mixed access properties

Changes in 7.2.5.Final (February 22, 2026)

https://hibernate.atlassian.net/projects/HHH/versions/37807

** Bug * HHH-20187 NPE in BeanValidationEventListener with StatelessSession * HHH-20165 Hibernate processor: Panache Next generated repository name conflicts * HHH-20164 Hibernate processor: @​Delete methods not working outside of Jakarta Data repository * HHH-20163 Hibernate processor: nested types are visited twice * HHH-20162 MySQL timeout based on innodb_lock_timeout has incorrect units * HHH-20151 Metamodel geneartor: allow implicit repositories for Panache Next * HHH-20143 Attempting to lock an entity not associated with the persistence context should rollback the active transaction

Changes in 7.2.4.Final (February 08, 2026)

https://hibernate.atlassian.net/projects/HHH/versions/37571

** Bug * HHH-20119 Values return by Enum Converter are not escaped in CREATE TABLE query * HHH-20065 Subsequent StatelessSession#insertMultiple calls lead to pending batches

... (truncated)

Commits

• 62151a2 [Jenkins release job] Preparing release 7.2.7.Final
• 65a9531 [Jenkins release job] changelog.txt updated by release build 7.2.7.Final
• 3b78e5e HHH-20199 Test and fix duplicate converter issue with AdditionalMappingContri...
• aeaad1d HHH-20253 Spotless apply
• bd21af0 HHH-20253 Unit test
• 64a441f HHH-20253 Fix ClassCastException when using hibernate-enhance-maven-plugin pl...
• 6d1f9af HHH-20229 Fix logging failure
• c24c527 HHH-20229 Add reproducer test for EntityPrinter failure with @​AnyKeyJavaClass...
• 14c7d48 HHH-20224 Test and fix class cast exception when accessing cached association...
• b005b1b HHH-20200 Handle table-per-class inheritance in soft-deletes
• Additional commits viewable in compare view

Updates org.geolatte:geolatte-geom from 1.9.1 to 1.11

Release notes

Sourced from org.geolatte:geolatte-geom's releases.

v1.11

What's Changed

• Bump outdated slf4j-api to lastest (2.0.17) by @​kamilkrzywanski in GeoLatte/geolatte-geom#176
• Add automatic module names to the published jars by @​marko-bekhta in GeoLatte/geolatte-geom#178
• Switch to central-publishing-maven-plugin for publishing by @​marko-bekhta in GeoLatte/geolatte-geom#179

New Contributors

• @​kamilkrzywanski made their first contribution in GeoLatte/geolatte-geom#176
• @​marko-bekhta made their first contribution in GeoLatte/geolatte-geom#178

Full Changelog: GeoLatte/geolatte-geom@v1.10...v1.11

v1.10

Fix for #172 Fix for #173

Minimum Java version is now 1.11

Commits

• c2ff95d Fix POM for release
• 93c6f2b Fix javadoc issues
• baba141 Publish release artefacts workflow
• 8da2765 Update maven version
• 7f31026 Use manual gpg import
• 561ebf7 Add CI snapshot publishing
• cae4f32 Merge branch 'master' of github.com:GeoLatte/geolatte-geom
• 5207c32 Switch to central-publishing-maven-plugin for publishing
• 5e3b204 Update dependencies
• eb1dec9 Merge branch 'master' of github.com:GeoLatte/geolatte-geom
• Additional commits viewable in compare view

Updates io.ktor:ktor-client-core from 3.4.0 to 3.4.1

Release notes

Sourced from io.ktor:ktor-client-core's releases.

3.4.1

Published 3 March 2026

Improvements

• KTOR-9382 HttpProtocolVersion.parse: fast path for common versions
• KTOR-9381 GMTDate: reduce allocations
• KTOR-8971 Support "operationId" in Kdoc for OpenAPI spec. gen.
• KTOR-9333 WebSockets: Infinite spin and potential OOM vulnerabilities in the Inflater.inflateFully method
• KTOR-5616 Ktor always adds by default an Accept-Charset header
• KTOR-9291 OpenAPI: handle atypical route functions
• KTOR-9293 OpenAPI describe needs defaults
• KTOR-9304 OpenAPI: Order of path parameters is not preserved in the spec
• KTOR-9353 Routing: TailcardSelector missing toString(), which clutters the logs

Bugfixes

• KTOR-9281 OpenApi code inference misses lambda argument bodies
• KTOR-9273 OpenAPI static content path appears in resulting model
• KTOR-9004 OpenAPI: No respective formats detected for serializable types like UUID or Instant
• KTOR-9305 OpenAPI: "No mapping for symbol: VAR FOR_LOOP_VARIABLE" error with codeInferenceEnabled=true
• KTOR-9279 OpenAPI: UnsupportedOperationException for a function with a reified type parameter codeInferenceEnabled = true
• KTOR-9289 OpenAPI: Resource routes are missing inferred and comment-based documentation
• KTOR-9330 OpenAPI: Cannot override kotlinx.serialization module
• KTOR-9320 OpenAPI: jsonSchema() does not unwrap Kotlin value classes (inline classes)
• KTOR-9352 Authentication: Creating JWT verifier fails for JWK with kty=EC and alg=null
• KTOR-9344 Flow invariant error happens after update to Ktor 3.4.0
• KTOR-9362 testApplication: Race condition in timeout coroutine when response is streaming
• KTOR-9274 Curl: Undefined symbol errors when linking on Linux since 3.4.0
• KTOR-8782 NodeJS CIO: "Module 'os' could not be imported" error on resolving WORKING_DIRECTORY_PATH with es2015 target
• KTOR-9348 String.decodeBase64String fails to decode when the input has no padding since 3.4.0
• KTOR-9318 CIO engine rejects valid certificates with unsupported signature algorithms
• KTOR-9331 Curl: Segfaults when working with WebSockets
• KTOR-9334 Coroutines in route handlers are dispatched with Dispatchers.Unconfined since 3.2.0
• KTOR-9339 StreamResetException is not propagated to the caller of StreamRequestBody.writeTo since 3.4.0
• KTOR-9329 HTMX: "on" attributes extension not working
• KTOR-9316 WasmJS bad get and set implementations for Uint8Array and ArrayLike
• KTOR-9272 JSON schema inference does not recognize unsigned types
• KTOR-9211 SendCountExceedException when request is sent twice with maxRetries = 0 since 3.3.2
• KTOR-9285 RateLimit: Milliseconds in the Retry-After header are truncated
• KTOR-7512 JWT: Docs for validate method claim that it's optional, but it isn't
• KTOR-9269 Incorrect dependency declaration in swagger / openapi
• KTOR-9372 Frame.Text.readText() causes infinite loop and 100% CPU on Kotlin/Native when WebSocket frame data is malformed or connection drops unexpectedly

Changelog

Sourced from io.ktor:ktor-client-core's changelog.

3.4.1

Published 3 March 2026

Improvements

• KTOR-9382 HttpProtocolVersion.parse: fast path for common versions
• KTOR-9381 GMTDate: reduce allocations
• KTOR-8971 Support "operationId" in Kdoc for OpenAPI spec. gen.
• KTOR-9333 WebSockets: Infinite spin and potential OOM vulnerabilities in the Inflater.inflateFully method
• KTOR-5616 Ktor always adds by default an Accept-Charset header
• KTOR-9291 OpenAPI: handle atypical route functions
• KTOR-9293 OpenAPI describe needs defaults
• KTOR-9304 OpenAPI: Order of path parameters is not preserved in the spec
• KTOR-9353 Routing: TailcardSelector missing toString(), which clutters the logs

Bugfixes

• KTOR-9281 OpenApi code inference misses lambda argument bodies
• KTOR-9273 OpenAPI static content path appears in resulting model
• KTOR-9004 OpenAPI: No respective formats detected for serializable types like UUID or Instant
• KTOR-9305 OpenAPI: "No mapping for symbol: VAR FOR_LOOP_VARIABLE" error with codeInferenceEnabled=true
• KTOR-9279 OpenAPI: UnsupportedOperationException for a function with a reified type parameter codeInferenceEnabled = true
• KTOR-9289 OpenAPI: Resource routes are missing inferred and comment-based documentation
• KTOR-9330 OpenAPI: Cannot override kotlinx.serialization module
• KTOR-9320 OpenAPI: jsonSchema() does not unwrap Kotlin value classes (inline classes)
• KTOR-9352 Authentication: Creating JWT verifier fails for JWK with kty=EC and alg=null
• KTOR-9344 Flow invariant error happens after update to Ktor 3.4.0
• KTOR-9362 testApplication: Race condition in timeout coroutine when response is streaming
• KTOR-9274 Curl: Undefined symbol errors when linking on Linux since 3.4.0
• KTOR-8782 NodeJS CIO: "Module 'os' could not be imported" error on resolving WORKING_DIRECTORY_PATH with es2015 target
• KTOR-9348 String.decodeBase64String fails to decode when the input has no padding since 3.4.0
• KTOR-9318 CIO engine rejects valid certificates with unsupported signature algorithms
• KTOR-9331 Curl: Segfaults when working with WebSockets
• KTOR-9334 Coroutines in route handlers are dispatched with Dispatchers.Unconfined since 3.2.0
• KTOR-9339 StreamResetException is not propagated to the caller of StreamRequestBody.writeTo since 3.4.0
• KTOR-9329 HTMX: "on" attributes extension not working
• KTOR-9316 WasmJS bad get and set implementations for Uint8Array and ArrayLike
• KTOR-9272 JSON schema inference does not recognize unsigned types
• KTOR-9211 SendCountExceedException when request is sent twice with maxRetries = 0 since 3.3.2
• KTOR-9285 RateLimit: Milliseconds in the Retry-After header are truncated
• KTOR-7512 JWT: Docs for validate method claim that it's optional, but it isn't
• KTOR-9269 Incorrect dependency declaration in swagger / openapi
• KTOR-9372 Frame.Text.readText() causes infinite loop and 100% CPU on Kotlin/Native when WebSocket frame data is malformed or connection drops unexpectedly

Commits

• c6c1a5c Release 3.4.1 (#5410)
• 8c6ef88 KTOR-9353: Override toString for TailcardSelector and LocalPortRouteSelector ...
• a6aed07 Follow-up KTOR-9333 Preserve inflater context (#5403)
• a6bd1d3 KTOR-9344 Disable switching to engine dispatcher by default (#5408)
• f557ef7 Add constraints for vulnerable dependencies (#5405)
• a5b2eb6 KTOR-9352 Handle EC key type when JWK algorithm is null (#5387)
• a971317 KTOR-9362 Catch ClosedWriteChannelException in the timeout coroutine to avoid...
• a23c454 Add fix-bug Claude Code skill for automated bug fixing workflow (#5386)
• 419f1fc GMTDate: zero-allocation timestamp conversion on JVM (#5380)
• a07f463 Add workflow to close issues after 30 days of inactivity waiting for a reply ...
• Additional commits viewable in compare view

Updates io.ktor:ktor-client-java from 3.4.0 to 3.4.1

Release notes

Sourced from io.ktor:ktor-client-java's releases.

3.4.1

Published 3 March 2026

Improvements

• KTOR-9382 HttpProtocolVersion.parse: fast path for common versions
• KTOR-9381 GMTDate: reduce allocations
• KTOR-8971 Support "operationId" in Kdoc for OpenAPI spec. gen.
• KTOR-9333 WebSockets: Infinite spin and potential OOM vulnerabilities in the Inflater.inflateFully method
• KTOR-5616 Ktor always adds by default an Accept-Charset header
• KTOR-9291 OpenAPI: handle atypical route functions
• KTOR-9293 OpenAPI describe needs defaults
• KTOR-9304 OpenAPI: Order of path parameters is not preserved in the spec
• KTOR-9353 Routing: TailcardSelector missing toString(), which clutters the logs

Bugfixes

• KTOR-9281 OpenApi code inference misses lambda argument bodies
• KTOR-9273 OpenAPI static content path appears in resulting model
• KTOR-9004 OpenAPI: No respective formats detected for serializable types like UUID or Instant
• KTOR-9305 OpenAPI: "No mapping for symbol: VAR FOR_LOOP_VARIABLE" error with codeInferenceEnabled=true
• KTOR-9279 OpenAPI: UnsupportedOperationException for a function with a reified type parameter codeInferenceEnabled = true
• KTOR-9289 OpenAPI: Resource routes are missing inferred and comment-based documentation
• KTOR-9330 OpenAPI: Cannot override kotlinx.serialization module
• KTOR-9320 OpenAPI: jsonSchema() does not unwrap Kotlin value classes (inline classes)
• KTOR-9352 Authentication: Creating JWT verifier fails for JWK with kty=EC and alg=null
• KTOR-9344 Flow invariant error happens after update to Ktor 3.4.0
• KTOR-9362 testApplication: Race condition in timeout coroutine when response is streaming
• KTOR-9274 Curl: Undefined symbol errors when linking on Linux since 3.4.0
• KTOR-8782 NodeJS CIO: "Module 'os' could not be imported" error on resolving WORKING_DIRECTORY_PATH with es2015 target
• KTOR-9348 String.decodeBase64String fails to decode when the input has no padding since 3.4.0
• KTOR-9318 CIO engine rejects valid certificates with unsupported signature algorithms
• KTOR-9331 Curl: Segfaults when working with WebSockets
• KTOR-9334 Coroutines in route handlers are dispatched with Dispatchers.Unconfined since 3.2.0
• KTOR-9339 StreamResetException is not propagated to the caller of StreamRequestBody.writeTo since 3.4.0
• KTOR-9329 HTMX: "on" attributes extension not working
• KTOR-9316 WasmJS bad get and set implementations for Uint8Array and ArrayLike
• KTOR-9272 JSON schema inference does not recognize unsigned types
• KTOR-9211 SendCountExceedException when request is sent twice with maxRetries = 0 since 3.3.2
• KTOR-9285 RateLimit: Milliseconds in the Retry-After header are truncated
• KTOR-7512 JWT: Docs for validate method claim that it's optional, but it isn't
• KTOR-9269 Incorrect dependency declaration in swagger / openapi
• KTOR-9372 Frame.Text.readText() causes infinite loop and 100% CPU on Kotlin/Native when WebSocket frame data is malformed or connection drops unexpectedly

Changelog

Sourced from io.ktor:ktor-client-java's changelog.

3.4.1

Published 3 March 2026

Improvements

• KTOR-9382 HttpProtocolVersion.parse: fast path for common versions
• KTOR-9381 GMTDate: reduce allocations
• KTOR-8971 Support "operationId" in Kdoc for OpenAPI spec. gen.
• KTOR-9333 WebSockets: Infinite spin and potential OOM vulnerabilities in the Inflater.inflateFully method
• KTOR-5616 Ktor always adds by default an Accept-Charset header
• KTOR-9291 OpenAPI: handle atypical route functions
• KTOR-9293 OpenAPI describe needs defaults
• KTOR-9304 OpenAPI: Order of path parameters is not preserved in the spec
• KTOR-9353 Routing: TailcardSelector missing toString(), which clutters the logs

Bugfixes

• KTOR-9281 OpenApi code inference misses lambda argument bodies
• KTOR-9273 OpenAPI static content path appears in resulting model
• KTOR-9004 OpenAPI: No respective formats detected for serializable types like UUID or Instant
• KTOR-9305 OpenAPI: "No mapping for symbol: VAR FOR_LOOP_VARIABLE" error with codeInferenceEnabled=true
• KTOR-9279 OpenAPI: UnsupportedOperationException for a function with a reified type parameter codeInferenceEnabled = true
• KTOR-9289 OpenAPI: Resource routes are missing inferred and comment-based documentation
• KTOR-9330 OpenAPI: Cannot override kotlinx.serialization module
• KTOR-9320 OpenAPI: jsonSchema() does not unwrap Kotlin value classes (inline classes)
• KTOR-9352 Authentication: Creating JWT verifier fails for JWK with kty=EC and alg=null
• KTOR-9344 Flow invariant error happens after update to Ktor 3.4.0
• KTOR-9362 testApplication: Race condition in timeout coroutine when response is streaming
• KTOR-9274 Curl: Undefined symbol errors when linking on Linux since 3.4.0
• KTOR-8782 NodeJS CIO: "Module 'os' could not be imported" error on resolving WORKING_DIRECTORY_PATH with es2015 target
• KTOR-9348 String.decodeBase64String fails to decode when the input has no padding since 3.4.0
• KTOR-9318 CIO engine rejects valid certificates with unsupported signature algorithms
• KTOR-9331 Curl: Segfaults when working with WebSockets
• KTOR-9334 Coroutines in route handlers are dispatched with Dispatchers.Unconfined since 3.2.0
• KTOR-9339 StreamResetException is not propagated to the caller of StreamRequestBody.writeTo since 3.4.0
• KTOR-9329 HTMX: "on" attributes extension not working
• KTOR-9316 WasmJS bad get and set implementations for Uint8Array and ArrayLike
• KTOR-9272 JSON schema inference does not recognize unsigned types
• KTOR-9211 SendCountExceedException when request is sent twice with maxRetries = 0 since 3.3.2
• KTOR-9285 RateLimit: Milliseconds in the Retry-After header are truncated
• KTOR-7512 JWT: Docs for validate method claim that it's optional, but it isn't
• KTOR-9269 Incorrect dependency declaration in swagger / openapi
• KTOR-9372 Frame.Text.readText() causes infinite loop and 100% CPU on Kotlin/Native when WebSocket frame data is malformed or connection drops unexpectedly

Commits

• c6c1a5c Release 3.4.1 (#5410)
• 8c6ef88 KTOR-9353: Override toString for TailcardSelector and LocalPortRouteSelector ...
• a6aed07 Follow-up KTOR-9333 Preserve inflater context (#5403)
• a6bd1d3 KTOR-9344 Disable switching to engine dispatcher by default (#5408)
• f557ef7 Add constraints for vulnerable dependencies (#5405)
• a5b2eb6 KTOR-9352 Handle EC key type when JWK algorithm is null (#5387)
• a971317 KTOR-9362 Catch ClosedWriteChannelException in the timeout coroutine to avoid...
• a23c454 Add fix-bug Claude Code skill for automated bug fixing workflow (#5386)
• 419f1fc GMTDate: zero-allocation timestamp conversion on JVM (#5380)
• a07f463 Add workflow to close issues after 30 days of inactivity waiting for a reply ...
• Additional commits viewable in compare view

Updates io.ktor:ktor-client-content-negotiation from 3.4.0 to 3.4.1

Release notes

Sourced from io.ktor:ktor-client-content-negotiation's releases.

3.4.1

Published 3 March 2026

Improvements

• KTOR-9382 HttpProtocolVersion.parse: fast path for common versions
• KTOR-9381 GMTDate: reduce allocations
• KTOR-8971 Support "operationId" in Kdoc for OpenAPI spec. gen.
• KTOR-9333 WebSockets: Infinite spin and potential OOM vulnerabilities in the Inflater.inflateFully method
• KTOR-5616 Ktor always adds by default an Accept-Charset header
• KTOR-9291 OpenAPI: handle atypical route functions
• KTOR-9293 OpenAPI describe needs defaults
• KTOR-9304 OpenAPI: Order of path parameters is not preserved in the spec
• KTOR-9353 Routing: TailcardSelector missing toString(), which clutters the logs

Bugfixes

• KTOR-9281 OpenApi code inference misses lambda argument bodies
• KTOR-9273 OpenAPI static content path appears in resulting model
• KTOR-9004 OpenAPI: No respective formats detected for serializable types like UUID or Instant
• KTOR-9305 OpenAPI: "No mapping for symbol: VAR FOR_LOOP_VARIABLE" error with codeInferenceEnabled=true
• KTOR-9279 OpenAPI: UnsupportedOperationException for a function with a reified type parameter codeInferenceEnabled = true
• KTOR-9289 OpenAPI: Resource routes are missing inferred and comment-based documentation
• KTOR-9330 OpenAPI: Cannot override kotlinx.serialization module
• KTOR-9320 OpenAPI: jsonSchema() does not unwrap Kotlin value classes (inline classes)
• KTOR-9352 Authentication: Creating JWT verifier fails for JWK with kty=EC and alg=null
• KTOR-9344 Flow invariant error happens after update to Ktor 3.4.0
• KTOR-9362 testApplication: Race condition in timeout coroutine when response is streaming
• KTOR-9274 Curl: Undefined symbol errors when linking on Linux since 3.4.0
• KTOR-8782 NodeJS CIO: "Module 'os' could not be imported" error on resolving WORKING_DIRECTORY_PATH with es2015 target
• KTOR-9348 String.decodeBase64String fails to decode when the input has no padding since 3.4.0
• KTOR-9318 CIO engine rejects valid certificates with unsupported signature algorithms
• KTOR-9331 Curl: Segfaults when working with WebSockets
• KTOR-9334 Coroutines in route handlers are dispatched with Dispatchers.Unconfined since 3.2.0
• KTOR-9339 StreamResetException is not propagated to the caller of StreamRequestBody.writeTo since 3.4.0
• KTOR-9329 HTMX: "on" attributes extension not working
• KTOR-9316 WasmJS bad get and set implementations for Uint8Array and ArrayLike
• KTOR-9272 JSON schema inference does not recognize unsigned types
• KTOR-9211 SendCountExceedException when request is sent twice with maxRetries = 0 since 3.3.2
• KTOR-9285 RateLimit: Milliseconds in the Retry-After header are truncated
• KTOR-7512 JWT: Docs for validate method claim that it's optional, but it isn't
• KTOR-9269 Incorrect dependency declaration in swagger / openapi
• KTOR-9372 Frame.Text.readText() causes infinite loop and 100% CPU on Kotlin/Native when WebSocket frame data is malformed or connection drops unexpectedly

Changelog

Sourced from io.ktor:ktor-client-content-negotiation's changelog.

3.4.1

Published 3 March 2026

Improvements

• KTOR-9382 HttpProtocolVersion.parse: fast path for common versions
• KTOR-9381 GMTDate: reduce allocations
• KTOR-8971 Support "operationId" in Kdoc for OpenAPI spec. gen.
• KTOR-9333 WebSockets: Infinite spin and potential OOM vulnerabilities in the Inflater.inflateFully method
• KTOR-5616 Ktor always adds by default an Accept-Charset header
• KTOR-9291 OpenAPI: handle atypical route functions
• KTOR-9293 OpenAPI describe needs defaults
• KTOR-9304 OpenAPI: Order of path parameters is not preserved in the spec
• KTOR-9353 Routing: TailcardSelector missing toString(), which clutters the logs

Bugfixes

• KTOR-9281 OpenApi code inference misses lambda argument bodies
• KTOR-9273 OpenAPI static content path appears in resulting model
• KTOR-9004 OpenAPI: No respective formats detected for serializable types like UUID or Instant
• KTOR-9305 OpenAPI: "No mapping for symbol: VAR FOR_LOOP_VARIABLE" error with codeInferenceEnabled=true
• KTOR-9279 OpenAPI: UnsupportedOperationException for a function with a reified type parameter codeInferenceEnabled = true
• KTOR-9289 OpenAPI: Resource routes are missing inferred and comment-based documentation
• KTOR-9330 OpenAPI: Cannot override kotlinx.serialization module
• KTOR-9320 OpenAPI: jsonSchema() does not unwrap Kotlin value classes (inline classes)
• KTOR-9352 Authentication: Creating JWT verifier fails for JWK with kty=EC and alg=null
• KTOR-9344 Flow invariant error happens after update to Ktor 3.4.0
• KTOR-9362 testApplication: Race condition in timeout coroutine when response is streaming
• KTOR-9274 Curl: Undefined symbol errors when linking on Linux since 3.4.0
• KTOR-8782 NodeJS CIO: "Module 'os' could not be imported" error on resolving WORKING_DIRECTORY_PATH with es2015 target
• KTOR-9348 String.decodeBase64String fails to decode when the input has no padding since 3.4.0
• KTOR-9318 CIO engine rejects valid certificates with unsupported signature algorithms
• KTOR-9331 Curl: Segfaults when working with WebSockets
• KTOR-9334 Coroutines in route handlers are dispatched with Dispatchers.Unconfined since 3.2.0
• KTOR-9339 StreamResetException is not propagated to the caller of StreamRequestBody.writeTo since 3.4.0
• KTOR-9329 HTMX: "on" attributes extension not working
• KTOR-9316 WasmJS bad get and set implementations for Uint8Array and ArrayLike
• KTOR-9272 JSON schema inference does not recognize unsigned types
• KTOR-9211 SendCountExceedException when request is sent twice with maxRetries = 0 since 3.3.2
• KTOR-9285 RateLimit: Milliseconds in the Retry-After header are truncated
• KTOR-7512 JWT: Docs for validate method claim that it's optional, but it isn't
• KTOR-9269 Incorrect dependency declaration in swagger / openapi
• KTOR-9372 Frame.Text.readText() causes infinite loop and 100% CPU on Kotlin/Native when WebSocket frame data is malformed or connection drops unexpectedly

Commits

• c6c1a5c Release 3.4.1 (#5410)
• 8c6ef88 KTOR-9353: Override toString for TailcardSelector and LocalPortRouteSelector ...
• a6aed07 Follow-up KTOR-9333 Preserve inflater context (#5403)
• a6bd1d3 KTOR-9344 Disable switching to engine dispatcher by default (#5408)
• f557ef7 Add constraints for vulnerable dependencies (#5405)
• a5b2eb6 KTOR-9352 Handle EC key type when JWK algorithm is null (#5387)
• a971317 KTOR-9362 Catch ClosedWriteChannelException in the timeout coroutine to avoid...
• a23c454 Add fix-bug Claude Code skill for automated bug fixing workflow (#5386)
• 419f1fc GMTDate: zero-allocation timestamp conversion on JVM (#5380)
• a07f463 Add workflow to close issues after 30 days of inactivity waiting for a reply ...
• Additional commits viewable in compare view

Updates io.ktor:ktor-serialization-kotlinx-json from 3.4.0 to 3.4.1

Release notes

Sourced from Description has been truncated

[tristanrobert]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud