Skip to content

[Snyk] Upgrade org.jetbrains.kotlin:kotlin-stdlib from 2.3.20 to 2.4.0#254

Open
shafeeqd959 wants to merge 1 commit into
masterfrom
snyk-upgrade-488dc84335414294806b142ea2803b1d
Open

[Snyk] Upgrade org.jetbrains.kotlin:kotlin-stdlib from 2.3.20 to 2.4.0#254
shafeeqd959 wants to merge 1 commit into
masterfrom
snyk-upgrade-488dc84335414294806b142ea2803b1d

Conversation

@shafeeqd959

Copy link
Copy Markdown

snyk-top-banner

Snyk has created this PR to upgrade org.jetbrains.kotlin:kotlin-stdlib from 2.3.20 to 2.4.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 8 versions ahead of your current version.

  • The recommended version was released a month ago.

Breaking Change Risk

Merge Risk: High

Notice: This assessment is enhanced by AI.


Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

Snyk has created this PR to upgrade org.jetbrains.kotlin:kotlin-stdlib from 2.3.20 to 2.4.0.

See this package in maven:
org.jetbrains.kotlin:kotlin-stdlib

See this project in Snyk:
https://app.snyk.io/org/contentstack-devex/project/e24cd5a2-0bfe-4beb-8f01-b0957a7d431b?utm_source=github&utm_medium=referral&page=upgrade-pr
@shafeeqd959 shafeeqd959 requested a review from a team as a code owner July 2, 2026 04:50
@shafeeqd959

Copy link
Copy Markdown
Author

Merge Risk: High

The upgrade to Kotlin 2.4.0 is a high-risk change. It removes the K1 compiler frontend and promotes several previous compiler warnings to errors, which can cause build failures for projects that have not already addressed them.

Key Breaking Changes

  • K1 Compiler Removed: Support for -language-version=1.9 has been completely dropped. Projects that were pinning this version to use the K1 compiler must be fully migrated to the K2 compiler before upgrading. [5, 6, 7]
  • Compiler Warnings Are Now Errors: Code that previously compiled with warnings will now fail. This includes:
    • Stricter Inline Function Visibility: Public inline functions are no longer allowed to expose internal or private types or declarations in their signature or body. [2]
    • Stricter Java Nullability: The compiler now strictly enforces nullability from Jakarta @Nullable and @Nonnull annotations when interoperating with Java code. [2, 6]
    • Inaccessible Types: The compiler will now fail the build if your code implicitly uses a type from a transitive (indirect) dependency without declaring it as a direct dependency. [2]

Environment & Tooling Changes

  • Raised Apple Target Versions: For Kotlin Multiplatform projects, the default minimum supported versions for Apple targets have been increased: iOS to 15.0, macOS to 12.0, and watchOS to 8.0. [1, 4]
  • Android Gradle Plugin (AGP): The minimum required AGP version is now 8.5.2. [5]

New Stable Features

This release also stabilizes many previously experimental features, including context parameters, explicit backing fields, and a common kotlin.uuid.Uuid API. [1, 3, 4]

Recommendation: Before upgrading, ensure your project is fully migrated to the K2 compiler and does not rely on -language-version=1.9. Resolve all existing Kotlin compiler warnings, especially those related to inline function visibility and Java nullability, as they will become build-breaking errors.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown

🔒 Security Scan Results

ℹ️ Note: Only vulnerabilities with available fixes (upgrades or patches) are counted toward thresholds.

Check Type Count (with fixes) Without fixes Threshold Result
🔴 Critical Severity 0 0 10 ✅ Passed
🟠 High Severity 0 0 25 ✅ Passed
🟡 Medium Severity 0 0 500 ✅ Passed
🔵 Low Severity 0 0 1000 ✅ Passed

⏱️ SLA Breach Summary

✅ No SLA breaches detected. All vulnerabilities are within acceptable time thresholds.

Severity Breaches (with fixes) Breaches (no fixes) SLA Threshold (with/no fixes) Status
🔴 Critical 0 0 15 / 30 days ✅ Passed
🟠 High 0 0 30 / 120 days ✅ Passed
🟡 Medium 0 0 90 / 365 days ✅ Passed
🔵 Low 0 0 180 / 365 days ✅ Passed

✅ BUILD PASSED - All security checks passed

@netrajpatel netrajpatel left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM // approved in Slack with WorkerB

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants