chore: dependency updates #1700

sgammon · 2025-10-18T03:02:48Z

Summary

Add a summary about your PR here.

Changelog

chore: update crates
chore: update maven deps (general)
chore: update kotlin → `2.2.21-RC2`
chore: update micronaut → `4.9.4` / `4.6.0`
chore: update arrow → `2.2.0-beta.3`
chore: update asm → `9.9`
chore: update classgraph → `4.8.184`
chore: update jna → `5.18.1`
chore: update ktor → `3.3.1`
chore: update logback → `1.5.19`
chore: update gradle → `9.2.0-rc-2`
chore: update bun → `1.3.x`
chore: update typescript → `5.9.3`
chore: update browserslist → `4.26.3`
chore: update node types → `24.8.1`
chore: update gradle lockfiles
chore: update gradle verification metadata

chore: update crates chore: update maven deps (general) chore: update kotlin → `2.2.21-RC2` chore: update micronaut → `4.9.4` / `4.6.0` chore: update arrow → `2.2.0-beta.3` chore: update asm → `9.9` chore: update classgraph → `4.8.184` chore: update jna → `5.18.1` chore: update ktor → `3.3.1` chore: update logback → `1.5.19` chore: update gradle → `9.2.0-rc-2` chore: update bun → `1.3.x` chore: update typescript → `5.9.3` chore: update browserslist → `4.26.3` chore: update node types → `24.8.1` chore: update gradle lockfiles chore: update gradle verification metadata Signed-off-by: Sam Gammon <sam@elide.dev>

Bumps [anthropics/claude-code-action](https://github.com/anthropics/claude-code-action) from 1.0.8 to 1.0.12. - [Release notes](https://github.com/anthropics/claude-code-action/releases) - [Commits](anthropics/claude-code-action@7ed3b61...777ffcb) --- updated-dependencies: - dependency-name: anthropics/claude-code-action dependency-version: 1.0.12 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Sam Gammon <sam@elide.dev>

Bumps debian from `7e8e5af` to `3e62bb8`. --- updated-dependencies: - dependency-name: debian dependency-version: sid-slim dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Sam Gammon <sam@elide.dev>

Bumps [actions/setup-java](https://github.com/actions/setup-java) from 4.7.1 to 5.0.0. - [Release notes](https://github.com/actions/setup-java/releases) - [Commits](actions/setup-java@c5195ef...dded088) --- updated-dependencies: - dependency-name: actions/setup-java dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Sam Gammon <sam@elide.dev>

Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.4.2 to 2.4.3. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](ossf/scorecard-action@05b42c6...4eaacf0) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-version: 2.4.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Sam Gammon <sam@elide.dev>

Bumps [step-security/paths-filter](https://github.com/step-security/paths-filter) from 3.0.4 to 3.0.5. - [Release notes](https://github.com/step-security/paths-filter/releases) - [Commits](step-security/paths-filter@27924be...6eee183) --- updated-dependencies: - dependency-name: step-security/paths-filter dependency-version: 3.0.5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Sam Gammon <sam@elide.dev>

Bumps [gradle/actions](https://github.com/gradle/actions) from 4.4.3 to 5.0.0. - [Release notes](https://github.com/gradle/actions/releases) - [Commits](gradle/actions@ed40850...4d9f0ba) --- updated-dependencies: - dependency-name: gradle/actions dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Sam Gammon <sam@elide.dev>

Copilot

Pull Request Overview

Dependency update PR introducing newer versions across languages and tooling, including Kotlin, Gradle, Micronaut, Netty, GraalVM, ASM, Okio, and others.

Bumps Kotlin from 2.2.20 to 2.2.21-RC2 across build scripts and embedded constants.
Updates Gradle wrapper to 9.2.0-rc-2 and refreshes multiple lockfiles with newer library versions.
Refreshes container base images (Debian digest) and runtime tool versions (Bun 1.3.0, Jacoco, ASM, Okio, GraalVM components).

Reviewed Changes

Copilot reviewed 62 out of 65 changed files in this pull request and generated 7 comments.

Show a summary per file

File	Description
tools/images/elide/Dockerfile	Updates Debian base image digest for builder/runtime stages.
tools/images/codespace/Dockerfile	Pins Kotlin version argument to 2.2.21-RC2.
tools/images/bash/Dockerfile	Updates Debian base image digest.
tools/elide-build/src/main/kotlin/elide/internal/conventions/Constants.kt	Advances pinned versions (Kotlin SDK, Jacoco, JVM toolchain target, metadata, Okio).
tools/elide-build/gradle.lockfile	Broad Kotlin plugin/lib updates plus other dependency version bumps (ASM, H2, GraalVM build tools).
packages/transport/transport-kqueue/gradle.lockfile	Netty family upgraded to 4.2.1.Final.
packages/tooling/src/main/kotlin/elide/tooling/jvm/JvmLibraries.kt	Kotlin + kotlinx CSS version bumps for embedded tooling.
packages/tooling/gradle.lockfile	Kotlin, Micronaut, GraalVM, Ktor updates.
packages/terminal/gradle.lockfile	GraalVM and SLF4J version updates, adds new espresso-related modules.
packages/telemetry/gradle.lockfile	Micronaut and Netty updates; Kotlin stdlib bumped to RC version.
packages/tcnative/gradle.lockfile	GraalVM modules upgraded; SLF4J bumped.
packages/sqlite/gradle.lockfile	GraalVM modules upgraded; SLF4J bumped.
packages/server/gradle.lockfile	Large set of Micronaut, Netty, GraalVM, Kotlin, Spring updates; adds kotlin-inquirer and version alignment changes.
packages/secrets/gradle.lockfile	New lockfile introducing Micronaut, Ktor, Kotlin (RC) and GraalVM dependencies.
packages/runner/gradle.lockfile	Micronaut, Ktor, GraalVM, Kotlin updates to RC versions.
packages/local-ai/gradle.lockfile	Same pattern of Micronaut, Ktor, Kotlin RC, GraalVM updates.
packages/graalvm/gradle.lockfile	Adds kotlin-inquirer; upgrades Netty, GraalVM stack, Kotlin RC.
packages/graalvm-wasm/gradle.lockfile	Upgrades Micronaut, Ktor, Kotlin RC, GraalVM wasm stack.
packages/graalvm-ts/gradle.lockfile	Similar upgrades plus GraalVM Python/wasm components.
packages/graalvm-rb/gradle.lockfile	Ruby, LLVM, Espresso, Kotlin RC, Micronaut upgrades.
packages/graalvm-py/gradle.lockfile	Python, nativeimage, Truffle components upgraded to 25.0.0; Kotlin RC applied.
packages/graalvm-llvm/gradle.lockfile	LLVM + nativeimage + Kotlin RC updates.
packages/graalvm-kt/src/main/kotlin/elide/runtime/gvm/kotlin/KotlinLanguage.kt	Kotlin implementation version constant bumped to RC version.
packages/graalvm-kt/gradle.lockfile	Kotlin compiler/tooling upgraded to 2.2.21-RC2; GraalVM stack updated.
packages/graalvm-jvm/gradle.lockfile	Espresso / LLVM / Kotlin RC version alignment.
packages/graalvm-js/gradle.lockfile	GraalVM JS-related stack and Kotlin RC updates.
packages/graalvm-java/gradle.lockfile	Espresso / LLVM / Kotlin RC updates for Java language support.
packages/exec/gradle.lockfile	Micronaut and Kotlin stdlib bumped; adds semver4j.
packages/cli/src/projects/ktjvm-gradle/build.gradle.kts	Kotlin plugin and test library version updated to RC.
packages/cli/src/projects/kterr-gradle/build.gradle.kts	Kotlin plugin and test library version updated to RC.
gradlew.bat	Adjusts wrapper execution to use -jar directly (removes CLASSPATH usage).
gradle/wrapper/gradle-wrapper.properties	Gradle distribution upgraded to 9.2.0-rc-2.
config/bun-version	Bun runtime version bumped to 1.3.0.

Files not reviewed (1)

pnpm-lock.yaml: Language not supported

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

tools/elide-build/gradle.lockfile

packages/graalvm-kt/gradle.lockfile

socket-security · 2025-10-18T03:23:12Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance
	maven/org.graalvm.espresso/espresso-runtime-resources-jdk21@24.2.2 ⏵ 25.0.0
	maven/net.java.dev.jna/jna@5.18.1
	maven/org.graalvm.tools/chromeinspector-tool@24.2.2 ⏵ 25.0.0			⁺²
	maven/ch.qos.logback/logback-classic@1.5.18 ⏵ 1.5.19
	maven/ch.qos.logback/logback-core@1.5.18 ⏵ 1.5.19
	maven/io.github.classgraph/classgraph@4.8.181 ⏵ 4.8.184	^-64		⁺²
	maven/io.micronaut/micronaut-http-client-jdk@4.9.10 ⏵ 4.9.12
	maven/io.micronaut/micronaut-http-client@4.9.10 ⏵ 4.9.12			⁺²	⁺¹
	maven/org.graalvm.tools/dap-tool@24.2.2 ⏵ 25.0.0			⁺²
	maven/org.graalvm.tools/lsp-tool@24.2.2 ⏵ 25.0.0			⁺²
	maven/org.graalvm.nativeimage/truffle-runtime-svm@24.2.2 ⏵ 25.0.0			⁺²
	maven/org.graalvm.truffle/truffle-enterprise@24.2.2 ⏵ 25.0.0			⁺²
	maven/io.micronaut/micronaut-http-server-netty@4.9.10 ⏵ 4.9.12
	cargo/tokio@1.47.1 ⏵ 1.48.0	^-2
	maven/com.h2database/h2@2.3.232 ⏵ 2.4.240	⁺¹
	maven/org.graalvm.espresso/hotswap@24.2.2 ⏵ 25.0.0			⁺²
	maven/io.netty/netty-codec-http2@4.2.6.Final ⏵ 4.2.1.Final	⁺³	^-15
	npm/cssnano@7.1.0 ⏵ 7.1.1
	npm/esbuild@0.25.8 ⏵ 0.25.11				⁺²
	npm/bun@1.2.19 ⏵ 1.3.0	⁺¹		⁺²	⁺¹
	cargo/serde@1.0.225 ⏵ 1.0.228
	npm/@types/node@24.1.0 ⏵ 24.8.1	⁺¹		⁺¹
	maven/org.graalvm.python/python-embedding@24.2.2 ⏵ 25.0.0			⁺²
	npm/bun-types@1.2.19 ⏵ 1.3.0	⁺¹		⁺²	⁺¹
	maven/io.ktor/ktor-server-sessions-jvm@3.3.0 ⏵ 3.3.1
	npm/@mdx-js/esbuild@3.1.0 ⏵ 3.1.1	⁺¹			^-2
	maven/io.netty/netty-codec@4.2.6.Final ⏵ 4.2.1.Final
	maven/io.netty/netty-transport-native-kqueue@4.2.6.Final ⏵ 4.2.1.Final			^-1
	maven/io.netty/netty-transport-native-epoll@4.2.6.Final ⏵ 4.2.1.Final			^-1	⁺¹
	maven/io.netty/netty-resolver-dns-native-macos@4.2.6.Final ⏵ 4.2.1.Final			^-1
	maven/org.graalvm.wasm/wasm@25.0.0
	maven/io.netty/netty-bom@4.2.1.Final
See 67 more rows in the dashboard

View full report

codecov · 2025-10-18T03:42:22Z

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 40.14%. Comparing base (ed7eaf7) to head (d951a61).
⚠️ Report is 8 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1700      +/-   ##
==========================================
+ Coverage   39.94%   40.14%   +0.19%     
==========================================
  Files         874      874              
  Lines       40743    40708      -35     
  Branches     5797     5644     -153     
==========================================
+ Hits        16275    16341      +66     
+ Misses      22478    22436      -42     
+ Partials     1990     1931      -59

Flag	Coverage Δ
jvm	`40.14% <ø> (+0.19%)`	⬆️
lib	`40.14% <ø> (+0.19%)`	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
.../kotlin/elide/runtime/gvm/kotlin/KotlinLanguage.kt	`0.00% <ø> (ø)`
.../src/main/kotlin/elide/tooling/jvm/JvmLibraries.kt	`0.00% <ø> (ø)`

... and 62 files with indirect coverage changes

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update ed7eaf7...d951a61. Read the comment docs.

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

sgammon and others added 8 commits October 17, 2025 19:58

sgammon added this to the Release R18: Beta milestone Oct 18, 2025

sgammon self-assigned this Oct 18, 2025

sgammon added the dependencies Pull requests that update a dependency file label Oct 18, 2025

sgammon added this to Elide Oct 18, 2025

sgammon requested review from a team, Copilot and franklinfollis October 18, 2025 03:02

sgammon moved this to In Progress in Elide Oct 18, 2025

sgammon requested review from darvld and removed request for franklinfollis October 18, 2025 03:03

Copilot AI reviewed Oct 18, 2025

View reviewed changes

darvld approved these changes Oct 18, 2025

View reviewed changes

sgammon merged commit 08f1ba5 into main Oct 18, 2025
28 of 29 checks passed

github-project-automation bot moved this from In Progress to Done in Elide Oct 18, 2025

sgammon mentioned this pull request Oct 30, 2025

release: 1.0.0-beta10 #1701

Merged

32 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore: dependency updates #1700

chore: dependency updates #1700

Uh oh!

sgammon commented Oct 18, 2025 •

edited by pull-request-badge bot

Loading

Uh oh!

Copilot AI left a comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

socket-security bot commented Oct 18, 2025

Uh oh!

codecov bot commented Oct 18, 2025 •

edited

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

chore: dependency updates #1700

chore: dependency updates #1700

Uh oh!

Conversation

sgammon commented Oct 18, 2025 • edited by pull-request-badge bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Summary

Changelog

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull Request Overview

Reviewed Changes

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

socket-security bot commented Oct 18, 2025

Uh oh!

codecov bot commented Oct 18, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

sgammon commented Oct 18, 2025 •

edited by pull-request-badge bot

Loading

codecov bot commented Oct 18, 2025 •

edited

Loading