Dependency updates

[XDPXI]

Summary by CodeRabbit

• Chores
  • Updated build tool and testing framework dependencies to their latest patch versions.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

📝 Walkthrough

Walkthrough

Two dependency versions are bumped in the build configuration: Gradle Shadow plugin from 9.3.0 to 9.3.1 and JUnit BOM platform from 6.0.1 to 6.0.2. No functional or logic changes are introduced.

Changes

Cohort / File(s)	Summary
Dependency Version Updates build.gradle	Bumps Gradle Shadow plugin to 9.3.1 and JUnit BOM platform to 6.0.2 for updated tooling and test framework versions

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐰 A version bump here, a patch there,
Dependencies fresh in the spring air,
Shadow and JUnit now play,
Hopping forward—building the way!

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title 'Dependency updates' is generic and vague, failing to specify which dependencies were updated or their scope.	Consider using a more specific title like 'Bump Gradle shadow plugin and JUnit BOM versions' to clearly identify the actual dependencies being updated.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[XDPXI]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In @build.gradle:
- Line 26: The build uses an unavailable JUnit BOM version string
"testImplementation platform('org.junit:junit-bom:6.0.2')"; update that
dependency declaration to a published version (for example replace 6.0.2 with
6.0.1 or 6.1.0-M1) so the testImplementation platform('org.junit:junit-bom:...')
line references a real artifact and the build no longer fails due to a missing
BOM.

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6c18259 and adb66a1.

📒 Files selected for processing (1)

• build.gradle

🔇 Additional comments (1)

build.gradle (1)

3-3: Version 9.3.1 of the Shadow plugin is confirmed and secure.

Version 9.3.1 exists and has no known security vulnerabilities. The patch includes a fix for ASM classpath conflicts (uses ASM from jdependency embedded). The plugin requires Gradle 9.0+ and Java 17+.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🌐 Web query:

JUnit BOM 6.0.2 Maven Central release

💡 Result:

JUnit 6.0.2 was announced with a release date of January 6, 2026. [1]

However, the Maven Central org.junit:junit-bom directory does not list a 6.0.2 artifact (latest listed there is 6.0.1 / 6.1.0‑M1). So as of now the BOM 6.0.2 is not present on Maven Central. [2]

Sources:

• JUnit 6.0.2 release notes (Jan 6, 2026). [1]
• Maven Central (repo1.maven.org) org/junit/junit-bom listing (no 6.0.2). [2]

---

🌐 Web query:

JUnit junit-bom 6.0.2 security vulnerabilities advisories

💡 Result:

Short answer: There are no public security advisories specifically affecting junit-bom 6.0.2. JUnit 6.0.2 (released Jan 6, 2026) lists bug fixes/enhancements but no security advisories; the most relevant recent JUnit security advisory is GHSA-m43g-m425-p68x (credential leakage in OpenTestReportGeneratingListener), tracked as CVE-2025-53103 and fixed in 5.13.2. [1][2][3]

Sources:

• JUnit 6.0.2 release notes (Jan 6, 2026). [1]
• JUnit GitHub security advisory GHSA-m43g-m425-p68x. [2]
• NVD entry for CVE-2025-53103 (OpenTestReportGeneratingListener credential leak). [3]

---

Use available JUnit BOM version—6.0.2 does not exist on Maven Central.

JUnit 6.0.2 was announced on January 6, 2026, but the artifact is not yet deployed to Maven Central. The latest available versions are 6.0.1 and 6.1.0-M1. Update to one of these versions to avoid build failures.

🤖 Prompt for AI Agents

In @build.gradle at line 26, The build uses an unavailable JUnit BOM version
string "testImplementation platform('org.junit:junit-bom:6.0.2')"; update that
dependency declaration to a published version (for example replace 6.0.2 with
6.0.1 or 6.1.0-M1) so the testImplementation platform('org.junit:junit-bom:...')
line references a real artifact and the build no longer fails due to a missing
BOM.