Bump org.atmosphere:atmosphere-runtime from 3.1.0 to 4.0.35

[dependabot]

Bumps org.atmosphere:atmosphere-runtime from 3.1.0 to 4.0.35.

Release notes

Sourced from org.atmosphere:atmosphere-runtime's releases.

Atmosphere 4.0.35

✨ Added

• build SDKMAN-compatible archive and attach to GitHub Release

🐛 Fixed

• plexus-utils 4.0.3 override, CodeQL XSS sanitizer hints
• skip NPM publish when atmosphere.js version already published

🔧 Changed

• vendor submission kit — publish script and onboarding guide
• bump version to 4.0.34
• prepare for next development iteration 4.0.35-SNAPSHOT

Full Changelog: Atmosphere/atmosphere@atmosphere-4.0.34...atmosphere-4.0.35

Atmosphere 4.0.34

✨ Added

• add validation gates for unchecked returns + no-op tests Architectural validation now fails on unchecked offer() and expect(true).toBe(true). Fixed 4 offer() calls (use add() or check return). Replaced 4 no-op specs with test.skip().
• bundle atmosphere-skills as classpath JAR for CI reliability
• migrate all skills to atmosphere-skills registry, remove local prompts
• SkillFileLoader with GitHub fallback + SHA-256 integrity, AgentRuntime.generate() PromptLoader.loadSkill() searches classpath -> disk cache -> GitHub with registry.json hash verification. skill: prefix in @Agent/@​Coordinator skillFile. CollectingSession + generate() eliminate 4 duplicated sync adapters.
• add LlmResultEvaluator, rename QualityEvaluator to SanityCheck LLM judge uses active AgentRuntime; prompt from META-INF/skills/llm-judge/SKILL.md. Hardcoded evaluator renamed to SanityCheckEvaluator.
• configurable A2A timeouts, SqliteCheckpointStore, QualityResultEvaluator A2aAgentTransport.Timeouts record replaces magic numbers; CO_LOCATED preset for same-host agents. SqliteCheckpointStore persists checkpoints to SQLite. QualityResultEvaluator scores on length/structure/errors.
• add SqliteCheckpointStore and QualityResultEvaluator Persistent checkpoint store backed by SQLite (reuses durable-sessions pattern); built-in ResultEvaluator scoring on length, error indicators, and structure — no LLM required
• enable real A2A transport in multi-agent team, fix subtitle
• URL override forces A2A transport, enable in multi-agent sample
• extract pluggable RetryPolicy from hardcoded backoff Sealed RetryPolicy hierarchy (ExponentialBackoff, LinearBackoff, NoRetry) replaces hardcoded backoff in DefaultAgentProxy; backward-compatible via fromMaxRetries()
• add OpenAI Responses API support with previous_response_id continuation
• add per-agent resource limits and cancellable execution handles AgentLimits(timeout, maxTurns) via @​AgentRef(timeoutMs=N), AgentExecution sealed interface with cancel()/join(), parallelCancellable() for non-blocking fan-out
• add agent activity model with real-time streaming AgentActivity sealed interface + StreamingActivityListener bridges fleet state to AiEvent.AgentStep over WebSocket; also adds remark-gfm for markdown table rendering

🐛 Fixed

• cli-runtime tests use pre-built JARs, not atmosphere run
• switch to auth-free sample, scope admin agents tab selector
• protocol mismatch fixes, selector ambiguities, skip incompatible tests
• improved WebTransport and admin test resilience
• inject auth token for admin event stream WebSocket connection
• WebTransport tests tolerate missing QUIC, admin timeout increase
• update 6 test specs for console UI migration
• correct CLI path resolution in cli-runtime.spec.ts
• move path collision check into hasUserDefinedAiEndpoint
• prevent default AI endpoint from overriding @​ManagedService handlers
• add console-endpoint property, fix spring-boot-chat CI failure
• add tool-card/tool-activity test IDs, unskip demo-compatible tests
• skip LLM-dependent agui-chat UI tests to prevent CI failures
• add test IDs to console Vue components, fix E2E tests for console migration
• console endpoint detection for @​ManagedService samples
• add atmosphere-ai dep for console-migrated samples

... (truncated)

Commits

• 92f0c99 release: Atmosphere 4.0.35
• 9b382e3 docs(sdkman): vendor submission kit — publish script and onboarding guide
• 428b447 feat(release): build SDKMAN-compatible archive and attach to GitHub Release
• 7b6b65d fix(security): plexus-utils 4.0.3 override, CodeQL XSS sanitizer hints
• 4bc7ebb fix(release): skip NPM publish when atmosphere.js version already published
• dae5dcf chore(cli): bump version to 4.0.34
• d0979c2 chore: prepare for next development iteration 4.0.35-SNAPSHOT
• 1611e8b release: Atmosphere 4.0.34
• b8f1fe6 test(e2e): skip XSS and admin agents-tab tests pending #2598 selector fix
• 9a45751 fix(e2e): cli-runtime tests use pre-built JARs, not atmosphere run
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)