Bump the production-dependencies group across 1 directory with 3 updates

[dependabot]

Bumps the production-dependencies group with 3 updates in the / directory: org.jetbrains.kotlinx:kotlinx-serialization-json, org.mockito:mockito-core and org.codehaus.mojo:animal-sniffer-maven-plugin.

Updates org.jetbrains.kotlinx:kotlinx-serialization-json from 1.9.0 to 1.10.0

Release notes

Sourced from org.jetbrains.kotlinx:kotlinx-serialization-json's releases.

1.10.0

This release is based on Kotlin 2.3.0 and contains all of the changes from 1.10.0-RC. The only additional change is a fix for ProtoBuf packing of Kotlin unsigned types (#3079). Big thanks to KosmX for contributing the fix.

For your convenience, the changelog for 1.10.0-RC is duplicated below:

Stabilization of APIs

kotlinx-serialization 1.10 and subsequent releases will be focused on stabilization of existing APIs. The following APIs and configuration options are no longer experimental because they're widely used without any known major issues:

• Json configuration options: decodeEnumsCaseInsensitive, allowTrailingComma, allowComments, and prettyPrintIndent. (#3100)
• @EncodeDefault annotation and its modes. (#3106)
• JsonUnquotedLiteral constructor function (#2900)
• JsonPrimitive constructor function overloads that accept unsigned types. (#3117)
• JSON DSL functions on JsonElement with Nothing? overloads. (#3117)

Readiness for return value checker

Kotlin 2.3.0 introduces a new feature aimed at helping you to catch bugs related to the accidentally ignored return value of the function. kotlinx-serialization 1.10.0-RC code is fully marked for this feature, meaning that you can get warnings for unused function calls like Json.encodeToString(...). To get the warnings, the feature has to be enabled in your project as described here.

Polymorphism improvements

Polymorphic serialization received a couple of improvements in this release:

New subclassesOfSealed utility to automatically register sealed subclasses serializers in polymorphic modules (#2201).

Use it in your SerializersModule when configuring a polymorphic hierarchy which contains both abstract and sealed classes. For example, when root of your hierarchy is an interface, but most of your inheritors are sealed classes. The new function will register all known sealed subclasses for you, so you don’t need to list them one by one. This makes writing your SerializerModules much faster and simpler. Big thanks to Paul de Vrieze for contributing this feature.

Class discriminator conflict check rework (#3105).

If a payload already contains a property with the same name as the configured discriminator (for example, type), it is called a class discriminator conflict. To produce a correct output and allow more inputs to be deserialized at the same time, the following changes were made:

• Conflicts introduced by JsonNamingStrategy transformations are now detected during serialization as well and will cause SerializationException. It also affects non-polymorphic classes.
• Conflicts from ClassDisciminatorMode.ALL_JSON_OBJECTS and SerializersModuleBuilder.polymorphicDefaultSerializer are also detected.
• It is allowed to deserialize such a conflicting key for both sealed and open polymorphic hierarchies. Previously, it was possible in the sealed hierarchies alone due to missing assertion. See #1664 for details.

General improvements

• Add .serialName to MissingFieldException for clearer diagnostics. (#3114)
• Generate unique Automatic-Module-Name entries for metadata JARs. (#3109)
• Revised ProGuard rules and added R8 tests. (#3041)
• CBOR: Improved error message when a byte string/array type mismatch is encountered. (#3052)

Bugfixes

... (truncated)

Changelog

Sourced from org.jetbrains.kotlinx:kotlinx-serialization-json's changelog.

1.10.0 / 2026-01-21

This release is based on Kotlin 2.3.0 and contains all of the changes from 1.10.0-RC. The only additional change is a fix for ProtoBuf packing of Kotlin unsigned types (#3079). Big thanks to KosmX for contributing the fix.

For your convenience, the changelog for 1.10.0-RC is duplicated below:

Stabilization of APIs

kotlinx-serialization 1.10 and subsequent releases will be focused on stabilization of existing APIs. The following APIs and configuration options are no longer experimental because they're widely used without any known major issues:

• Json configuration options: decodeEnumsCaseInsensitive, allowTrailingComma, allowComments, and prettyPrintIndent. (#3100)
• @EncodeDefault annotation and its modes. (#3106)
• JsonUnquotedLiteral constructor function (#2900)
• JsonPrimitive constructor function overloads that accept unsigned types. (#3117)
• JSON DSL functions on JsonElement with Nothing? overloads. (#3117)

Readiness for return value checker

Kotlin 2.3.0 introduces a new feature aimed at helping you to catch bugs related to the accidentally ignored return value of the function. kotlinx-serialization 1.10.0-RC code is fully marked for this feature, meaning that you can get warnings for unused function calls like Json.encodeToString(...). To get the warnings, the feature has to be enabled in your project as described here.

Polymorphism improvements

Polymorphic serialization received a couple of improvements in this release:

New subclassesOfSealed utility to automatically register sealed subclasses serializers in polymorphic modules (#2201). Use it in your SerializersModule when configuring a polymorphic hierarchy which contains both abstract and sealed classes. For example, when root of your hierarchy is an interface, but most of your inheritors are sealed classes. The new function will register all known sealed subclasses for you, so you don’t need to list them one by one. This makes writing your SerializerModules much faster and simpler. Big thanks to Paul de Vrieze for contributing this feature.

Class discriminator conflict check rework (#3105). If a payload already contains a property with the same name as the configured discriminator (for example, type), it is called a class discriminator conflict. To produce a correct output and allow more inputs to be deserialized at the same time, the following changes were made:

• Conflicts introduced by JsonNamingStrategy transformations are now detected during serialization as well and will cause SerializationException. It also affects non-polymorphic classes.
• Conflicts from ClassDisciminatorMode.ALL_JSON_OBJECTS and SerializersModuleBuilder.polymorphicDefaultSerializer are also detected.
• It is allowed to deserialize such a conflicting key for both sealed and open polymorphic hierarchies. Previously, it was possible in the sealed hierarchies alone due to missing assertion. See #1664 for details.

General improvements

... (truncated)

Commits

• 370c4e3 Prepare 1.10.0 release (#3142)
• eaa4b0b Merge remote-tracking branch 'origin/master' into dev
• 0311f16 Fix ProtoBuf packing for kotlin unsigned types (#3079)
• a19df8c Add a disclaimer to "Other community-supported formats" section and slightly ...
• 2f8a874 Add JSON5 to community-supported formats (#3134)
• 975af2c Actualize releasing process document
• e8be81f Prepare 1.10.0-RC release
• e334d1c [CBOR] Fix various bugs in the decoder implementation
• d7ca108 Merge remote-tracking branch 'origin/master' into dev
• a5a3c97 IR inliner: Enable intra-module mode for kotlinx.serialization (#3128)
• Additional commits viewable in compare view

Updates org.mockito:mockito-core from 5.20.0 to 5.21.0

Release notes

Sourced from org.mockito:mockito-core's releases.

v5.21.0

Changelog generated by Shipkit Changelog Gradle Plugin

5.21.0

• 2025-12-09 - 17 commit(s) by Giulio Longfils, Joshua Selbo, Woongi9, Zylox, dependabot[bot]
• Bump graalvm/setup-graalvm from 1.4.3 to 1.4.4 [(#3768)](mockito/mockito#3768)
• Bump graalvm/setup-graalvm from 1.4.2 to 1.4.3 [(#3767)](mockito/mockito#3767)
• Bump actions/checkout from 5 to 6 [(#3765)](mockito/mockito#3765)
• Adds output of matchers to potential mismatch; Fixes #2468 [(#3760)](mockito/mockito#3760)
• Forbid mocking WeakReference with inline mock maker [(#3759)](mockito/mockito#3759)
• StackOverflowError when mocking WeakReference [(#3758)](mockito/mockito#3758)
• Bump actions/upload-artifact from 4 to 5 [(#3756)](mockito/mockito#3756)
• Bump graalvm/setup-graalvm from 1.4.1 to 1.4.2 [(#3755)](mockito/mockito#3755)
• Support primitives in GenericArrayReturnType. [(#3753)](mockito/mockito#3753)
• ClassNotFoundException when stubbing array of primitive type on Android [(#3752)](mockito/mockito#3752)
• Bump graalvm/setup-graalvm from 1.4.0 to 1.4.1 [(#3744)](mockito/mockito#3744)
• Bump gradle/actions from 4 to 5 [(#3743)](mockito/mockito#3743)
• Bump org.graalvm.buildtools.native from 0.11.0 to 0.11.1 [(#3738)](mockito/mockito#3738)
• Bump com.diffplug.spotless:spotless-plugin-gradle from 7.2.1 to 8.0.0 [(#3735)](mockito/mockito#3735)
• Bump graalvm/setup-graalvm from 1.3.7 to 1.4.0 [(#3734)](mockito/mockito#3734)
• Bump org.assertj:assertj-core from 3.27.5 to 3.27.6 [(#3733)](mockito/mockito#3733)
• Bump errorprone from 2.41.0 to 2.42.0 [(#3732)](mockito/mockito#3732)
• Feat: automatically detect class to mock in mockStatic and mockConstruction [(#3731)](mockito/mockito#3731)
• Return completed futures for unstubbed Future/CompletionStage in ReturnsEmptyValues [(#3727)](mockito/mockito#3727)
• automatically detect class to mock [(#2779)](mockito/mockito#2779)
• Incorrect "has following stubbing(s) with different arguments" message when using Argument Matchers [(#2468)](mockito/mockito#2468)

Commits

• 09d2230 Bump graalvm/setup-graalvm from 1.4.3 to 1.4.4 (#3768)
• df3e0cc Bump graalvm/setup-graalvm from 1.4.2 to 1.4.3 (#3767)
• 04a6e9f Bump actions/checkout from 5 to 6 (#3765)
• 756a3cf Add description of matchers to potential mismatch (#3760)
• 58ba445 Forbid mocking WeakReference with inline mock maker (#3759)
• 966d600 Bump actions/upload-artifact from 4 to 5 (#3756)
• 632bf7b Bump graalvm/setup-graalvm from 1.4.1 to 1.4.2 (#3755)
• 8564b43 Fix primitives support in GenericArrayReturnType for Android (#3753)
• bf3a809 Bump graalvm/setup-graalvm from 1.4.0 to 1.4.1 (#3744)
• cffddd4 Bump gradle/actions from 4 to 5 (#3743)
• Additional commits viewable in compare view

Updates org.codehaus.mojo:animal-sniffer-maven-plugin from 1.26 to 1.27

Release notes

Sourced from org.codehaus.mojo:animal-sniffer-maven-plugin's releases.

1.27

📦 Dependency updates

• Bump org.codehaus.mojo:mojo-parent from 94 to 95 (#317) @dependabot[bot]
• Bump org.ow2.asm:asm from 9.9 to 9.9.1 (#315) @dependabot[bot]
• Bump org.apache.commons:commons-lang3 from 3.19.0 to 3.20.0 (#314) @dependabot[bot]

Commits

• 5adf3aa [maven-release-plugin] prepare release animal-sniffer-1.27
• c52bca7 Bump org.codehaus.mojo:mojo-parent from 94 to 95
• 0b12ff1 Bump org.ow2.asm:asm from 9.9 to 9.9.1
• 60c8d15 Bump org.apache.commons:commons-lang3 from 3.19.0 to 3.20.0
• c01c9fb [maven-release-plugin] prepare for next development iteration
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

• 🔍 Trigger a full review

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}