Bump com.google.guava:guava from 31.1-android to 33.6.0-android#48
Bump com.google.guava:guava from 31.1-android to 33.6.0-android#48dependabot[bot] wants to merge 3 commits into
Conversation
Bumps [com.google.guava:guava](https://github.com/google/guava) from 31.1-android to 33.6.0-android. - [Release notes](https://github.com/google/guava/releases) - [Commits](https://github.com/google/guava/commits) --- updated-dependencies: - dependency-name: com.google.guava:guava dependency-version: 33.6.0-android dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
Dependabot bumped the guava version string in build.gradle but did not regenerate lib/gradle.lockfile, which still pinned the old dependency graph under dependencyLocking. This left the build failing with "Cannot find a version of 'com.google.guava:guava' that satisfies the version constraints" since the lock strictly enforced 31.1-android. Regenerated via `gradle :lib:dependencies --write-locks`, which also picks up guava's downstream annotation dependency swap (jsr305 + checker-qual -> jspecify) and minor bumps to failureaccess, error_prone_annotations, and j2objc-annotations.
Review: Guava 31.1-android → 33.6.0-androidUsage analysis: Guava is used in exactly one place in this codebase — Changelog review (all releases 31.1 → 33.6.0): No breaking changes affect this project. Notable items, none applicable here:
Security/suspicious concerns: None. Standard Dependabot version bump, single-line diff, no new direct dependencies. Build verification: The build as opened did not pass — I regenerated the lockfile ( After that fix, Verdict: safe to merge once the lockfile commit here is included — the version bump itself is low-risk given our minimal Guava surface area, but it needed the lockfile regenerated to actually build. Generated by Claude Code |
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
|
Warning Review the following alerts detected in dependencies. According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.
|
Bumps com.google.guava:guava from 31.1-android to 33.6.0-android.
Release notes
Sourced from com.google.guava:guava's releases.
... (truncated)
Commits
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)