Bump the java-production-dependencies group across 1 directory with 7 updates

[dependabot]

Bumps the java-production-dependencies group with 7 updates in the / directory:

Package	From	To
org.cryptomator:cryptolib	2.1.2	2.2.0
com.google.dagger:dagger	2.49	2.51.1
com.google.dagger:dagger-compiler	2.49	2.51.1
com.google.guava:guava	32.1.3-jre	33.2.1-jre
org.slf4j:slf4j-api	2.0.12	2.0.13
org.slf4j:slf4j-simple	2.0.12	2.0.13
org.sonatype.plugins:nexus-staging-maven-plugin	1.6.13	1.7.0

Updates org.cryptomator:cryptolib from 2.1.2 to 2.2.0

Release notes

Sourced from org.cryptomator:cryptolib's releases.

2.2.0

What's Changed

• Bump guava from 31.0.1-jre to 32.0.0-jre by @​dependabot in cryptomator/cryptolib#37
• Bump the maven-build-plugins group with 12 updates by @​dependabot in cryptomator/cryptolib#43
• Bump the github-actions group with 4 updates by @​dependabot in cryptomator/cryptolib#44
• Bump the java-test-dependencies group with 4 updates by @​dependabot in cryptomator/cryptolib#38
• Externalize dependency-check by @​JaniruTEC in cryptomator/cryptolib#45
• Bump the java-test-dependencies group with 1 update by @​dependabot in cryptomator/cryptolib#49
• Bump the maven-build-plugins group with 2 updates by @​dependabot in cryptomator/cryptolib#50
• Bump the github-actions group with 1 update by @​dependabot in cryptomator/cryptolib#47
• Bump the java-production-dependencies group with 5 updates by @​dependabot in cryptomator/cryptolib#48
• Changed version specifier for dependency-check/Change used JDK version by @​JaniruTEC in cryptomator/cryptolib#46
• Bump the java-test-dependencies group with 2 updates by @​dependabot in cryptomator/cryptolib#52
• Bump the maven-build-plugins group with 5 updates by @​dependabot in cryptomator/cryptolib#55
• Bump the github-actions group with 1 update by @​dependabot in cryptomator/cryptolib#57
• Update suppression.xml by @​infeo in cryptomator/cryptolib#58
• Bump the java-production-dependencies group with 3 updates by @​dependabot in cryptomator/cryptolib#56
• Feature: Update libs by @​infeo in cryptomator/cryptolib#59
• Bump the maven-build-plugins group with 5 updates by @​dependabot in cryptomator/cryptolib#60
• Bump the java-production-dependencies group with 3 updates by @​dependabot in cryptomator/cryptolib#61
• Build project with JDK 22 by @​infeo in cryptomator/cryptolib#63

New Contributors

• @​dependabot made their first contribution in cryptomator/cryptolib#37
• @​JaniruTEC made their first contribution in cryptomator/cryptolib#45

Full Changelog: cryptomator/cryptolib@2.1.2...2.2.0

Commits

• cc946dd Merge branch 'release/2.2.0'
• 29e4630 prepare 2.2.0
• 83a9097 secure workflow
• 42625ff Merge pull request #63 from cryptomator/feature/jdk22
• 50c34ad enforce jdk22 for building
• 10ddab6 build project with JDK 22 (but keep multi release jar)
• 4db325b Bump the java-production-dependencies group with 3 updates (#61)
• 92c2c31 Bump the maven-build-plugins group with 5 updates (#60)
• b538d03 Feature: Update libs (#59)
• 9ae2f62 update IDE JDK to 21
• Additional commits viewable in compare view

Updates com.google.dagger:dagger from 2.49 to 2.51.1

Release notes

Sourced from com.google.dagger:dagger's releases.

Dagger 2.51.1

New Dagger Features

• Added BindingGraphPlugin#onProcessingRoundBegin for pre-processing initialization. (2a6a0b461)

Dagger bug fixes

Fixed #4181: Associate Dagger Android output with the generated Component, so that incremental builds with Ksp won’t fail. Fixed #4254: Support using scoped @LazyClassKey map bindings. Fixed #4262: Support referencing an array of annotations in a map key annotation.

Dagger 2.51

New Dagger Features

• Added a @LazyClassKey annotation that supports using class names as a map key. Unlike the existing @ClassKey, the map generated by @LazyClassKey won’t eagerly load all of the classes for the keys. This can be useful in situations or environments where classloading can be expensive, such as on Android. For more information, see https://dagger.dev/dev-guide/multibindings

Potential breaking changes

• Protected fields using @Inject are now banned in Kotlin classes. This is because Kotlin protected fields are not accessible by code in the same package, unlike Java. This has been working up to this point because Dagger generates Java code, but that is unintentional and would break if Dagger switched to generate Kotlin code.(408431a3b)

New Hilt Features

• Fixed #3197: Used the new @LazyClassKey Dagger feature to remove the keep rule for @HiltViewModel class names. This allows obfuscation of @HiltViewModel annotated ViewModel class names with R8. (0786d0af5)
• Added @SkipTestInjection which can be used for skipping test injection in Hilt Android tests, which may be useful if building separate custom test infrastructure to inject the test class from another Hilt component. (c40811e71)

Dagger bug fixes

• Improve Dagger MissingBinding error messages to give more information and be more consistent. (c8722386a)
• Fixed #4201: Suppress warning for casting in Dagger generated code. (813ffced8)
• Fixed #4203: Removes @Deprecated annotation causing warnings (3cbc94ad3)
• Fixed #4199: Support member injections from type aliased superclass (662d82359)
• Complete Ksp support for Dagger Android: Added a Ksp Processor for Dagger Android ProguardProcessor that was previously missed. The ProguardProcessor is a Dagger Android implementation detail that makes sure the AndroidInjector works correctly when shrinking tools obfuscate @ContributesAndroidInjector annotated injector class names. (e71de27a1)

Dagger 2.50

Dagger

Potential breaking changes

• Introduced a new dagger.internal.Provider to facilitate future support for jakarta.inject.Provider types. There should be no visible changes at this time, though with such a large change there is a risk of unanticipated version compatibility issues across libraries built with different Dagger versions. (75d3cbcf9)
• Flip the default for -Adagger.explicitBindingConflictsWithInject to enabled. This flag fixes a bug where an explicit binding like an @Provides should conflict with @Inject bindings if the @Inject is actually used in a parent component. (8372c6308)

Bug fixes

• Fixed the error message for an @Binds @IntoSet implementation with duplicate bindings. (8d0122322)

Commits

• 394cf25 2.51.1 release
• 8689679 Update xprocessing.jar for Dagger.
• 2a6a0b4 Reset processingEnv for BindingGraphPlugins for each round.
• fc2363d Associate Dagger Android output with generated Component.
• 29d9a8e Make LazyClassKeyMap accept both MapFactory and MapProviderFactory
• c213e36 Fix bug in AnnotationExpression.
• e6c2ac8 Delete obsolete documentation
• e8e1ce6 Fix diagnostic kind in InjectValidator.
• 3fa9a8a Migrate from soon-to-be-deprecated propagateIfPossible to equivalent `throw...
• 922ff50 reduce number of times resolving parameter types in an extreme case.
• Additional commits viewable in compare view

Updates com.google.dagger:dagger-compiler from 2.49 to 2.51.1

Release notes

Sourced from com.google.dagger:dagger-compiler's releases.

Dagger 2.51.1

New Dagger Features

• Added BindingGraphPlugin#onProcessingRoundBegin for pre-processing initialization. (2a6a0b461)

Dagger bug fixes

Fixed #4181: Associate Dagger Android output with the generated Component, so that incremental builds with Ksp won’t fail. Fixed #4254: Support using scoped @LazyClassKey map bindings. Fixed #4262: Support referencing an array of annotations in a map key annotation.

Dagger 2.51

New Dagger Features

• Added a @LazyClassKey annotation that supports using class names as a map key. Unlike the existing @ClassKey, the map generated by @LazyClassKey won’t eagerly load all of the classes for the keys. This can be useful in situations or environments where classloading can be expensive, such as on Android. For more information, see https://dagger.dev/dev-guide/multibindings

Potential breaking changes

• Protected fields using @Inject are now banned in Kotlin classes. This is because Kotlin protected fields are not accessible by code in the same package, unlike Java. This has been working up to this point because Dagger generates Java code, but that is unintentional and would break if Dagger switched to generate Kotlin code.(408431a3b)

New Hilt Features

• Fixed #3197: Used the new @LazyClassKey Dagger feature to remove the keep rule for @HiltViewModel class names. This allows obfuscation of @HiltViewModel annotated ViewModel class names with R8. (0786d0af5)
• Added @SkipTestInjection which can be used for skipping test injection in Hilt Android tests, which may be useful if building separate custom test infrastructure to inject the test class from another Hilt component. (c40811e71)

Dagger bug fixes

• Improve Dagger MissingBinding error messages to give more information and be more consistent. (c8722386a)
• Fixed #4201: Suppress warning for casting in Dagger generated code. (813ffced8)
• Fixed #4203: Removes @Deprecated annotation causing warnings (3cbc94ad3)
• Fixed #4199: Support member injections from type aliased superclass (662d82359)
• Complete Ksp support for Dagger Android: Added a Ksp Processor for Dagger Android ProguardProcessor that was previously missed. The ProguardProcessor is a Dagger Android implementation detail that makes sure the AndroidInjector works correctly when shrinking tools obfuscate @ContributesAndroidInjector annotated injector class names. (e71de27a1)

Dagger 2.50

Dagger

Potential breaking changes

• Introduced a new dagger.internal.Provider to facilitate future support for jakarta.inject.Provider types. There should be no visible changes at this time, though with such a large change there is a risk of unanticipated version compatibility issues across libraries built with different Dagger versions. (75d3cbcf9)
• Flip the default for -Adagger.explicitBindingConflictsWithInject to enabled. This flag fixes a bug where an explicit binding like an @Provides should conflict with @Inject bindings if the @Inject is actually used in a parent component. (8372c6308)

Bug fixes

• Fixed the error message for an @Binds @IntoSet implementation with duplicate bindings. (8d0122322)

Commits

• 394cf25 2.51.1 release
• 8689679 Update xprocessing.jar for Dagger.
• 2a6a0b4 Reset processingEnv for BindingGraphPlugins for each round.
• fc2363d Associate Dagger Android output with generated Component.
• 29d9a8e Make LazyClassKeyMap accept both MapFactory and MapProviderFactory
• c213e36 Fix bug in AnnotationExpression.
• e6c2ac8 Delete obsolete documentation
• e8e1ce6 Fix diagnostic kind in InjectValidator.
• 3fa9a8a Migrate from soon-to-be-deprecated propagateIfPossible to equivalent `throw...
• 922ff50 reduce number of times resolving parameter types in an extreme case.
• Additional commits viewable in compare view

Updates com.google.guava:guava from 32.1.3-jre to 33.2.1-jre

Release notes

Sourced from com.google.guava:guava's releases.

33.2.1

<dependency>
  <groupId>com.google.guava</groupId>
  <artifactId>guava</artifactId>
  <version>33.2.1-jre</version>
  <!-- or, for Android: -->
  <version>33.2.1-android</version>
</dependency>

Jar files

• 33.2.1-jre.jar
• 33.2.1-android.jar

Guava requires one runtime dependency, which you can download here:

• failureaccess-1.0.1.jar

Javadoc

• 33.2.1-jre
• 33.2.1-android

JDiff

• 33.2.1-jre vs. 33.2.0-jre
• 33.2.1-android vs. 33.2.0-android
• 33.2.1-android vs. 33.2.1-jre

Changelog

• net: Changed InetAddress-String conversion methods to preserve the IPv6 scope ID if present. The scope ID can be necessary for IPv6-capable devices with multiple network interfaces. However, preserving it can also lead to problems for callers that rely on the returned values not to include the scope ID:
  • Callers might compensate for the old behavior of the methods by appending the scope ID to a returned string themselves. If so, you can update your code to stop doing so at the same time as you upgrade Guava. Of, if your code might run against multiple versions of Guava, you can check whether Guava has included a scope ID before you add one yourself.
  • Callers might pass the returned string to another system that does not understand scope IDs. If so, you can strip the scope ID off, whether by truncating the string form at a % character (leaving behind any trailing ] character in the case of forUriString) or by replacing the returned InetAddress with a new instance constructed by calling InetAddress.getByAddress(addr).
  • java.net.InetAddress validates any provided scope ID against the interfaces available on the machine. As a result, methods in InetAddresses may now fail if the scope ID fails validation.
    • Notable cases in which this may happen include:
      • if the code runs in an Android app without networking permission
      • if code passes InetAddress instances or strings across devices
    • If this is not the behavior that you want, then you can strip off the scope ID from the input string before passing it to Guava, as discussed above. (3f61870ac6)

33.2.0

Android users: Please test recent Guava versions

If you know of Guava Android users who have not yet upgraded to at least release 33.0.0, please encourage them to upgrade, preferably to today's release, 33.2.0. These releases have begun adding Java 8+ APIs to guava-android. While we don't anticipate problems, we do anticipate that any unexpected problems could force a disruptive rollback. To minimize any disruption, we'd like to catch any such problems early.

Please let us know of any problems you encounter.

Maven

... (truncated)

Commits

• See full diff in compare view

Updates org.slf4j:slf4j-api from 2.0.12 to 2.0.13

Updates org.slf4j:slf4j-simple from 2.0.12 to 2.0.13

Updates org.slf4j:slf4j-simple from 2.0.12 to 2.0.13

Updates com.google.dagger:dagger-compiler from 2.49 to 2.51.1

Release notes

Sourced from com.google.dagger:dagger-compiler's releases.

Dagger 2.51.1

New Dagger Features

• Added BindingGraphPlugin#onProcessingRoundBegin for pre-processing initialization. (2a6a0b461)

Dagger bug fixes

Fixed #4181: Associate Dagger Android output with the generated Component, so that incremental builds with Ksp won’t fail. Fixed #4254: Support using scoped @LazyClassKey map bindings. Fixed #4262: Support referencing an array of annotations in a map key annotation.

Dagger 2.51

New Dagger Features

• Added a @LazyClassKey annotation that supports using class names as a map key. Unlike the existing @ClassKey, the map generated by @LazyClassKey won’t eagerly load all of the classes for the keys. This can be useful in situations or environments where classloading can be expensive, such as on Android. For more information, see https://dagger.dev/dev-guide/multibindings

Potential breaking changes

• Protected fields using @Inject are now banned in Kotlin classes. This is because Kotlin protected fields are not accessible by code in the same package, unlike Java. This has been working up to this point because Dagger generates Java code, but that is unintentional and would break if Dagger switched to generate Kotlin code.(408431a3b)

New Hilt Features

• Fixed #3197: Used the new @LazyClassKey Dagger feature to remove the keep rule for @HiltViewModel class names. This allows obfuscation of @HiltViewModel annotated ViewModel class names with R8. (0786d0af5)
• Added @SkipTestInjection which can be used for skipping test injection in Hilt Android tests, which may be useful if building separate custom test infrastructure to inject the test class from another Hilt component. (c40811e71)

Dagger bug fixes

• Improve Dagger MissingBinding error messages to give more information and be more consistent. (c8722386a)
• Fixed #4201: Suppress warning for casting in Dagger generated code. (813ffced8)
• Fixed #4203: Removes @Deprecated annotation causing warnings (3cbc94ad3)
• Fixed #4199: Support member injections from type aliased superclass (662d82359)
• Complete Ksp support for Dagger Android: Added a Ksp Processor for Dagger Android ProguardProcessor that was previously missed. The ProguardProcessor is a Dagger Android implementation detail that makes sure the AndroidInjector works correctly when shrinking tools obfuscate @ContributesAndroidInjector annotated injector class names. (e71de27a1)

Dagger 2.50

Dagger

Potential breaking changes

• Introduced a new dagger.internal.Provider to facilitate future support for jakarta.inject.Provider types. There should be no visible changes at this time, though with such a large change there is a risk of unanticipated version compatibility issues across libraries built with different Dagger versions. (75d3cbcf9)
• Flip the default for -Adagger.explicitBindingConflictsWithInject to enabled. This flag fixes a bug where an explicit binding like an @Provides should conflict with @Inject bindings if the @Inject is actually used in a parent component. (8372c6308)

Bug fixes

• Fixed the error message for an @Binds @IntoSet implementation with duplicate bindings. (8d0122322)

Commits

• 394cf25 2.51.1 release
• 8689679 Update xprocessing.jar for Dagger.
• 2a6a0b4 Reset processingEnv for BindingGraphPlugins for each round.
• fc2363d Associate Dagger Android output with generated Component.
• 29d9a8e Make LazyClassKeyMap accept both MapFactory and MapProviderFactory
• c213e36 Fix bug in AnnotationExpression.
• e6c2ac8 Delete obsolete documentation
• e8e1ce6 Fix diagnostic kind in InjectValidator.
• 3fa9a8a Migrate from soon-to-be-deprecated propagateIfPossible to equivalent `throw...
• 922ff50 reduce number of times resolving parameter types in an extreme case.
• Additional commits viewable in compare view

Updates org.sonatype.plugins:nexus-staging-maven-plugin from 1.6.13 to 1.7.0

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

• X
• Mastodon
• Reddit
• LinkedIn

Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai generate interesting stats about this repository and render them as a table.
  • @coderabbitai show all the console.log statements in this repository.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[infeo]

Build fails due to the guava bump, see google/dagger#4321.

I'll apply the suggested fix to update the dependency.

[infeo]

@dependabot squash & merge