Update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
com.gradle:develocity-gradle-plugin (source)	4.3 → 4.3.1
com.vanniktech:gradle-maven-publish-plugin	0.35.0 → 0.36.0
com.squareup.wire:wire-runtime	5.4.0 → 5.5.0
com.fueledbycaffeine.spotlight:buildscript-utils	1.5.5 → 1.6.0
com.fueledbycaffeine.spotlight:spotlight-gradle-plugin	1.5.5 → 1.6.0
org.jetbrains.kotlinx:kotlinx-serialization-json	1.9.0 → 1.10.0
com.gradleup.shadow	9.3.0 → 9.3.1

---

Release Notes

vanniktech/gradle-maven-publish-plugin (com.vanniktech:gradle-maven-publish-plugin)

v0.36.0

Compare Source

BREAKING

• Updated minimum supported JDK, Gradle, Android Gradle Plugin and Kotlin versions.
• Removed support for Dokka v1, it's now required to use Dokka in v2 mode.
• Mark DirectorySignatureType internal.

Behavior changes

• validateDeployment now has the DeploymentValidation enum as type instead of being a boolean. The default
  is now to just wait for the VALIDATED state. The previous behavior can be achieved by setting it to PUBLISHED.
  NONE can be used for disabling the validation completely.
• When calling configure(...) manually to configure what to publish and not passing javadocJar explicity,
  the plugin now defaults to publishing an empty javadoc jar.

Features

• Android projects now support using Dokka for javadoc creation, this will happen automatically
  when using the default options and the Dokka plugin is applied to the project.
• Added consistent JavadocJar and SourcesJar options to configureBasedOnAppliedPlugins and to all
  applicable project types that can be passed to configure. The previous Boolean based versions have
  been deprecated.
• When enabling Maven Central publishing through the DSL, the mavenCentralDeploymentValidation and
  mavenCentralAutomaticPublishing are used for the default values of the 2 parameters when they are not passed
  explicitly. This allows to more easily override them in certain environments.
• When isolated projects is enabled the module/project specific gradle.properties files are now considered in
  the same way they are when isolated projects is disabled.

Improvements

• Better error message when Maven Central credentials are missing.

Minimum supported versions

• JDK 17
• Gradle 9.0.0
• Android Gradle Plugin 8.13.0
• Kotlin Gradle Plugin 2.2.0

Compatibility tested up to

• JDK 25
• Gradle 9.3.0
• Gradle 9.4.0-milestone-4
• Android Gradle Plugin 8.13.2
• Android Gradle Plugin 9.0.0
• Android Gradle Plugin 9.1.0-alpha05
• Kotlin Gradle Plugin 2.3.0
• Kotlin Gradle Plugin 2.3.20-Beta1

square/wire (com.squareup.wire:wire-runtime)

v5.5.0

Compare Source

2026-01-12

Common

• Escape quoted strings when printing option values (#​3433)

joshfriend/spotlight (com.fueledbycaffeine.spotlight:buildscript-utils)

v1.6.0

• Custom parsing implementations may be provided to Spotlight via SPI by implementing BuildscriptParserProvider

v1.5.6

• IDE plugin reads list of projects from spotlight gradle plugin model builder after sync completes for more accurate project count and indexing settings.

Kotlin/kotlinx.serialization (org.jetbrains.kotlinx:kotlinx-serialization-json)

v1.10.0

==================

This is a release candidate for 1.10.0 based on Kotlin 2.3.0. It stabilizes a set of frequently used JSON APIs and builder options,
adopts a new 'Return Value Checker' Kotlin feature, and provides a lot of improvements and bug fixes.

Stabilization of APIs

kotlinx-serialization 1.10 and subsequent releases will be focused on stabilization of existing APIs.
The following APIs and configuration options are no longer experimental because they're widely used without any known major issues:

• Json configuration options: decodeEnumsCaseInsensitive, allowTrailingComma, allowComments, and prettyPrintIndent. (#​3100)
• @EncodeDefault annotation and its modes. (#​3106)
• JsonUnquotedLiteral constructor function (#​2900)
• JsonPrimitive constructor function overloads that accept unsigned types. (#​3117)
• JSON DSL functions on JsonElement with Nothing? overloads. (#​3117)

Readiness for return value checker

Kotlin 2.3.0 introduces a new feature aimed
at helping you to catch bugs related to the accidentally ignored return value of the function.
kotlinx-serialization 1.10.0-RC code is fully marked for this feature, meaning that you
can get warnings for unused function calls like Json.encodeToString(...).
To get the warnings, the feature has to be enabled in your project as described here.

Polymorphism improvements

Polymorphic serialization received a couple of improvements in this release:

New subclassesOfSealed utility to automatically register sealed subclasses serializers in polymorphic modules (#​2201).
Use it in your SerializersModule when configuring a polymorphic hierarchy which contains both abstract and sealed classes.
For example, when root of your hierarchy is an inteface, but most of your inheritors are sealed classes.
The new function will register all known sealed subclasses for you, so you don’t need to list them one by one.
This makes writing your SerializerModules much faster and simpler.
Big thanks to Paul de Vrieze for contributing this feature.

Class discriminator conflict check rework (#​3105).
If a payload already contains a property with the same name as the configured discriminator (for example, type),
it is called a class discriminator conflict.
To produce a correct output and allow more inputs to be deserialized at the same time, the following changes were made:

• Conflicts introduced by JsonNamingStrategy transformations are now detected during serialization as well and will cause SerializationException.
  It also affects non-polymorphic classes.
• Conflicts from ClassDisciminatorMode.ALL_JSON_OBJECTS and SerializersModuleBuilder.polymorphicDefaultSerializer are also detected.
• It is allowed to deserialize such a conflicting key for both sealed and open polymorphic hierarchies.
  Previously, it was possible in the sealed hierarchies alone due to missing assertion. See #​1664 for details.

General improvements

• Add .serialName to MissingFieldException for clearer diagnostics. (#​3114)
• Generate unique Automatic-Module-Name entries for metadata JARs. (#​3109)
• Revised ProGuard rules and added R8 tests. (#​3041)
• CBOR: Improved error message when a byte string/array type mismatch is encountered. (#​3052)

Bugfixes

• Fix the type in the BIGNUM_NEGATIVE tag name. (#​3090)
• CBOR: Fix various bugs in the decoder implementation to be more strict and consistent with the specification.

GradleUp/shadow (com.gradleup.shadow)

v9.3.1

Compare Source

Fixed

• Use ASM from jdependency embedded. (#​1898)
  This fixes potential classpath conflicts when using Shadow with other plugins that also use ASM.

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.