Bump the gradle group across 1 directory with 3 updates

[dependabot]

Bumps the gradle group with 3 updates in the / directory: com.github.spotbugs, software.amazon.smithy:smithy-model and jvm.

Updates com.github.spotbugs from 6.5.0 to 6.5.4

Updates software.amazon.smithy:smithy-model from 1.69.0 to 1.70.0

Release notes

Sourced from software.amazon.smithy:smithy-model's releases.

Smithy CLI v1.70.0

1.70.0 (2026-04-30)

Features

• Add JSON Schema for smithy-build.json (#3062)

• Added three new shape type selectors

  • aggregateType selects lists, structures, unions, and maps.
  • serviceType selects services, resources, and operations.
  • dataType selects aggregate types and simple types. (#3070)

• Adds a Bill of Materials (BOM) for all Smithy packagees (#3056)

• Add support for custom comparators for sorting IDL serialization output (#3058)

• Ignore JARs without a Smithy manifest to allow Smithy model packages to have non-Smithy dependencies (#3055)

Bug Fixes

• Fix init failure on corrupted template cache (#3051)
• Fix CLI dependency cache for multiple configs building to the same directory (#3061)
• Fix trait/validator loading with discoverModels (#3049)
• Optimize chained :root selector evaluation by updating IntermediateAndSelector to only push to input-independent selectors one time (#3054)
• Fix minor issues logged during builds (#3050)
• Fixed a bug in the formatter that was removing newlines escapes (#3068)

Documentation

• Updated the example retry strategy in client guidance and updated the initial token method to take information about the operation. (#3000)
• Added docs for the endpointTests trait. (#3048)

Other

... (truncated)

Changelog

Sourced from software.amazon.smithy:smithy-model's changelog.

1.70.0 (2026-04-30)

Features

• Add JSON Schema for smithy-build.json (#3062)

• Added three new shape type selectors

  • aggregateType selects lists, structures, unions, and maps.
  • serviceType selects services, resources, and operations.
  • dataType selects aggregate types and simple types. (#3070)

• Adds a Bill of Materials (BOM) for all Smithy packagees (#3056)

• Add support for custom comparators for sorting IDL serialization output (#3058)

• Ignore JARs without a Smithy manifest to allow Smithy model packages to have non-Smithy dependencies (#3055)

Bug Fixes

• Fix init failure on corrupted template cache (#3051)
• Fix CLI dependency cache for multiple configs building to the same directory (#3061)
• Fix trait/validator loading with discoverModels (#3049)
• Optimize chained :root selector evaluation by updating IntermediateAndSelector to only push to input-independent selectors one time (#3054)
• Fix minor issues logged during builds (#3050)
• Fixed a bug in the formatter that was removing newlines escapes (#3068)

Documentation

• Updated the example retry strategy in client guidance and updated the initial token method to take information about the operation. (#3000)
• Added docs for the endpointTests trait. (#3048)

Other

... (truncated)

Commits

• a876699 Bump version to 1.70.0 (#3082)
• af563c6 Bump the npm group in /docs/landing-page with 14 updates (#3074)
• 3441963 Revert "Fix selector parsing with errant break tokens" (#3080)
• da5120c Bump software.amazon.api.models:s3 in the gradle group (#3073)
• 31cb566 Revert "Bump version to 1.70.0 (#3071)" (#3072)
• 2d3b23e Bump version to 1.70.0 (#3071)
• 8108216 Add additional shape type selectors (#3070)
• 8216ae7 Fix incorrect event stream protocol tests (#3069)
• fd206cb Add Smithy RPC v2 JSON OpenAPI support
• 058591a Add protocol tests for rpcv2Json
• Additional commits viewable in compare view

Updates jvm from 2.3.20 to 2.3.21

Release notes

Sourced from jvm's releases.

Kotlin 2.3.21

Changelog

Backend. Wasm

• KT-84610 [Wasm] Failed to compile klibs in IC mode

Compiler

• KT-84566 Prevent launching Default dispatcher threads from IJ SDK in kotlin compiler
• KT-85358 Native: roll back the workaround for KT-84678 once MapLibre has been properly fixed
• KT-85626 @JvmRecord in commonMain breaks compileCommonMainKotlinMetadata with "Cannot access 'java.lang.Record'"
• KT-85405 Postpone/Revert DontIgnoreUpperBoundViolatedOnImplicitArguments
• KT-84678 K/N: Undefined symbol from SPM-added ObjC frameworks when linking iOS target
• KT-85021 False positive SUBCLASS_CANT_CALL_COMPANION_PROTECTED_NON_STATIC error in multi-module project

JavaScript

• KT-82395 Support top-level declarations from compiler plugins in JS incremental compilation
• KT-84475 K/JS: false-positive exportability warnings in multi-module project
• KT-84633 Kotlin/JS: "Serializer for class not found" error when IR output granularity is whole-program
• KT-85047 Kotlin/JS: @JsStatic on suspend fun of class companion generates incorrect d.ts
• KT-84517 K/JS: bad mappings data in outputted Kotlin stdlib source map

Libraries

• KT-71848 Kotlinx.metadata: Add CompilerPluginData into Km API

Native. C and ObjC Import

• KT-85399 Kotlin/Native: TypeCastException when casting ObjC Protocol MetaClass with genericSafeCasts enabled
• KT-85508 K/N: TypeCastException when using nw_parameters_create_secure_tcp block parameter on 2.3.20

Tools. Gradle

• KT-84729 Update Gradle plugin-publish version to enable configuration cache badge on Gradle plugins portal

Tools. Gradle. Compiler plugins

• KT-85257 AGP/Compose: MergeMappingFileTask clears R8 artifacts due to @OutputDirectory annotation on AGP 9.1+

Tools. Scripts

• KT-85105 Scripts: JVM backend internal error (IR lowering) when scratch file contains anonymous object
• KT-85103 Exception while generating code when explain destructuring decls
• KT-84842 scriptCompilationClasspathFromContext behavior changed from 2.3.10 to 2.3.20
• KT-85029 Kotlin Scripting: ScriptDiagnostic reports "at null" instead of error location

Tools. Statistics (FUS)

... (truncated)

Changelog

Sourced from jvm's changelog.

2.3.21

Backend. Wasm

• KT-84610 [Wasm] Failed to compile klibs in IC mode

Compiler

• KT-84566 Prevent launching Default dispatcher threads from IJ SDK in kotlin compiler
• KT-85358 Native: roll back the workaround for KT-84678 once MapLibre has been properly fixed
• KT-85626 @JvmRecord in commonMain breaks compileCommonMainKotlinMetadata with "Cannot access 'java.lang.Record'"
• KT-85405 Postpone/Revert DontIgnoreUpperBoundViolatedOnImplicitArguments
• KT-84678 K/N: Undefined symbol from SPM-added ObjC frameworks when linking iOS target
• KT-85021 False positive SUBCLASS_CANT_CALL_COMPANION_PROTECTED_NON_STATIC error in multi-module project

JavaScript

• KT-82395 Support top-level declarations from compiler plugins in JS incremental compilation
• KT-84475 K/JS: false-positive exportability warnings in multi-module project
• KT-84633 Kotlin/JS: "Serializer for class not found" error when IR output granularity is whole-program
• KT-85047 Kotlin/JS: @JsStatic on suspend fun of class companion generates incorrect d.ts
• KT-84517 K/JS: bad mappings data in outputted Kotlin stdlib source map

Libraries

• KT-71848 Kotlinx.metadata: Add CompilerPluginData into Km API

Native. C and ObjC Import

• KT-85399 Kotlin/Native: TypeCastException when casting ObjC Protocol MetaClass with genericSafeCasts enabled
• KT-85508 K/N: TypeCastException when using nw_parameters_create_secure_tcp block parameter on 2.3.20

Tools. Gradle

• KT-84729 Update Gradle plugin-publish version to enable configuration cache badge on Gradle plugins portal

Tools. Gradle. Compiler plugins

• KT-85257 AGP/Compose: MergeMappingFileTask clears R8 artifacts due to @OutputDirectory annotation on AGP 9.1+

Tools. Scripts

• KT-85105 Scripts: JVM backend internal error (IR lowering) when scratch file contains anonymous object
• KT-85103 Exception while generating code when explain destructuring decls
• KT-84842 scriptCompilationClasspathFromContext behavior changed from 2.3.10 to 2.3.20
• KT-85029 Kotlin Scripting: ScriptDiagnostic reports "at null" instead of error location

Tools. Statistics (FUS)

• KT-85628 KGP: composite build FUS metrics fail on access of 'configurationTimeMetrics'

Commits

• fea1ad8 Add ChangeLog for 2.3.21-RC2
• 09c341e disable swift export execution tests in order to update macos
• 67a0868 Avoid accessing KotlinNativeLink taskProvider when task was not executed
• f89e5db [K/N] Disable TSAN in runtime tests
• 45d6c85 [K/N] Don't generate generic safe casts for Objective-C types
• 9261a6f [K/N][tests] Add a reproducer for KT-85508
• c9ab9db [K/N][tests] Add a reproducer for KT-85399
• 502e844 Explain: fix for destructuring declarations
• 0c26485 Explain: fix for object literals
• 68a9e3f [minor] fix testdata name in explain test
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions