ADFA-3919: upgrade kotlin-android to latest version

[itsaky-adfa]

Fixes an issue where the kotlin-android's Unsafe class would reset all exemptions.

See ADFA-3919 for more details.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 034219fb-9be8-4045-a8dc-5a5530c58206

📥 Commits

Reviewing files that changed from the base of the PR and between 4d5efb9 and 0488ec7.

📒 Files selected for processing (1)

• subprojects/kotlin-analysis-api/build.gradle.kts

---

📝 Walkthrough

Release Notes - kotlin-android Upgrade (ADFA-3919)

Overview:

• Upgraded kotlin-android to version 2.3.255 (tag: v2.3.255-ac7aa4b)
• Fixed a critical issue where the kotlin-android Unsafe class would reset all exemptions

Changes:

• Updated ktAndroidTag to v2.3.255-ac7aa4b
• Updated SHA256 checksum to 810a93e148c2fa697a7aaf6e3c2d3356146602ed8c937ba7faf7685348f988f6 for the analysis-api-standalone-embeddable-for-ide-2.3.255-SNAPSHOT.jar artifact

Affected Component:

• subprojects/kotlin-analysis-api/build.gradle.kts

Risk & Best Practice Considerations:

• ⚠️ Checksum Integrity: Verify the SHA256 checksum against the official kotlin-android release on GitHub to prevent supply chain attacks
• ⚠️ Unsafe Class Behavioral Change: The fix modifies Unsafe class behavior regarding exemptions. Conduct regression testing on all code paths that depend on Unsafe operations and exemption handling to ensure the fix does not introduce unintended side effects
• ⚠️ API Compatibility: Validate backward compatibility with downstream modules that depend on kotlin-analysis-api, especially those relying on Unsafe or exemption APIs
• ⚠️ Limited Testing Surface: Only the build configuration was modified; ensure integration tests validate the runtime behavior of the exemption fix

Recommendation:
Test the exemption handling thoroughly across all use cases before deploying to production to ensure the Unsafe class fix resolves the issue without introducing regressions.

Walkthrough

This PR updates the Kotlin-Android external dependency in the Gradle build configuration by advancing the Git tag reference (ktAndroidTag) and updating the corresponding sha256Checksum to verify the newly identified analysis-api JAR artifact.

Changes

Dependency Artifact Reference

Layer / File(s)	Summary
Artifact Reference and Verification subprojects/kotlin-analysis-api/build.gradle.kts	ktAndroidTag is advanced to a new Git tag, and sha256Checksum is updated to match the integrity hash of the artifact identified by the new tag.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related PRs

• appdevforall/CodeOnTheGo#1112: Both PRs modify the same Gradle asset reference in subprojects/kotlin-analysis-api/build.gradle.kts (the kt-android tag and its sha256 checksum).

Suggested reviewers

• dara-abijo-adfa
• hal-eisen-adfa

Poem

🐰 A tag hops forward, new and bright,
SHA256 hash refreshed just right,
Dependencies dance in perfect sync,
Building stronger with each link! 🔗

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title directly describes the main change: upgrading kotlin-android to the latest version, which matches the changeset that updates the kt-android asset reference and checksums.
Description check	✅ Passed	The description is related to the changeset, explaining that the upgrade fixes an issue with kotlin-android's Unsafe class resetting exemptions, which provides context for why the version upgrade was needed.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/ADFA-3919

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}