Update dependency io.nlopez.compose.rules:ktlint to v0.5.3

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
io.nlopez.compose.rules:ktlint	0.4.27 → 0.5.3

---

Release Notes

mrmans0n/compose-rules (io.nlopez.compose.rules:ktlint)

v0.5.3

What's changed

• Fix create-release action generated table (#​568) @​mrmans0n
• Use a fallback when checking for context params/receivers (#​567) @​mrmans0n
• Update dependency androidx.compose:compose-bom to v2025.12.01 (#​566) @​renovate[bot]
• Update documentation link for trailing lambda event handlers (#​565) @​Foso
• Update actions/upload-artifact action to v6 (#​563) @​renovate[bot]

Dependency Matrix

linter	version	kotlin version
detekt	2.0.0-alpha.1	2.2.20
ktlint	1.8.0	2.2.21

v0.5.2

What's changed

• Update plugin com.gradle.develocity to v4.3 (#​561) @​renovate[bot]
• Update release workflows to include dependency matrix in draft release (#​560) @​mrmans0n
• Add functional tests (#​559) @​mrmans0n
• Update plugin shadowJar to v9.3.0 (#​558) @​renovate[bot]
• Re-enable ktlint_standard_no-unused-imports in spotless (#​557) @​mrmans0n
• Fix parameter order handling to allow lambdas with default values before required params in composables (#​556) @​mrmans0n
• Update renovate.json to separate kotlin versions (#​555) @​mrmans0n
• Add templates and code setup for new compose rules (#​554) @​mrmans0n

Dependency Matrix

version	kotlin version
detekt 2.0.0-alpha.1	2.2.20
ktlint 1.8.0	2.2.21

v0.5.1

What's changed

• Add dependency matrix automatically to released version (#​553) @​mrmans0n
• Fix docs concurrency when pushing to main (#​552) @​mrmans0n
• Create action to preview documentation changes in the same PR (#​551) @​mrmans0n
• Update ktlint/detekt docs (#​550) @​mrmans0n
• Add diagram for UDF and fix table (#​549) @​mrmans0n
• Improve wording in rules.md (#​548) @​mrmans0n
• Fix wrong references in documentation (#​547) @​mrmans0n
• Treat context params the same as context receivers in MultipleContentEmitters (#​546) @​mrmans0n
• Update astral-sh/setup-uv action to v7 (#​545) @​renovate[bot]
• Add automated versioning to generated documentation (#​544) @​mrmans0n
• Add KeyedEffect to the list of non restartable effects (#​543) @​mrmans0n
• Treat retain the same as remember in all rules (#​541) @​mrmans0n
• Add more mutable*StateOf variants to the appropriate rules (#​540) @​mrmans0n
• Update dependency androidx.compose:compose-bom to v2025.12.00 (#​539) @​renovate[bot]
• Fix typos in rules.md (#​538) @​jvanderwee

Dependency Matrix

	version	kotlin version
detekt	2.0.0-alpha.1	2.2.20
ktlint	1.8.0	2.2.21

v0.5.0

[!IMPORTANT]
This version targets detekt 2.x (specifically, 2.0.0-alpha.1). It is incompatible with earlier detekt 1.x versions, so if you are using those, DO NOT UPDATE.

What's changed

• Migrate to Detekt 2.0 (#​532) @​mrmans0n
• Update dependency com.charleskorn.kaml:kaml to v0.104.0 (#​537) @​renovate[bot]
• Fix shadowjar configuration to not crash when deploying artifacts (#​536) @​mrmans0n
• Update plugin shadowJar to v9.2.2 (#​530) @​renovate[bot]
• Add verify-fat-jar workflow (#​535) @​mrmans0n
• Update dependency androidx.compose:compose-bom to v2025 (#​534) @​renovate[bot]
• Add real world samples for ktlint and detekt and use as integration tests (#​533) @​mrmans0n
• Add new default ViewModel factories (#​531) @​mrmans0n
• Update junit-framework monorepo (#​520) @​renovate[bot]

Dependency Matrix

	version	kotlin version
detekt	2.0.0-alpha.1	2.2.20
ktlint	1.8.0	2.2.21

v0.4.28

Notably, the only real "functional" change in this release is that ktlint is now targeting version 1.8.0, compiled against kotlin 2.2.21.

What's changed

• Update ktlint kotlin version to 2.2.21 and docs to support ktlint 1.8.0 (#​529) @​mrmans0n
• Update plugin mavenPublish to v0.35.0 (#​521) @​renovate[bot]
• Update ktlint to 1.8.0 (#​526) @​mrmike
• Update actions/checkout action to v6 (#​528) @​renovate[bot]
• Update Gradle to v9.2.1 (#​525) @​renovate[bot]
• Update plugin spotless to v8.1.0 (#​527) @​renovate[bot]
• Update dependency com.charleskorn.kaml:kaml to v0.102.0 (#​516) @​renovate[bot]
• Update actions/upload-artifact action to v5 (#​517) @​renovate[bot]
• Update Gradle to v9.2.0 (#​518) @​renovate[bot]
• Update plugin com.gradle.develocity to v4.2.2 (#​515) @​renovate[bot]
• Update plugin spotless to v8 (#​509) @​renovate[bot]
• Update gradle/actions action to v5 (#​513) @​renovate[bot]
• Update dependency com.charleskorn.kaml:kaml to v0.97.0 (#​512) @​renovate[bot]
• Update junit-framework monorepo (#​510) @​renovate[bot]
• Update dependency org.assertj:assertj-core to v3.27.6 (#​506) @​renovate[bot]
• Update plugin com.gradle.develocity to v4.2.1 (#​514) @​renovate[bot]
• Update dependency org.assertj:assertj-core to v3.27.5 (#​505) @​renovate[bot]
• Update Gradle to v9.1.0 (#​504) @​renovate[bot]
• Update plugin com.gradle.develocity to v4.2 (#​503) @​renovate[bot]
• Update dependency com.charleskorn.kaml:kaml to v0.96.0 (#​501) @​renovate[bot]
• Update actions/setup-python action to v6 (#​500) @​renovate[bot]
• Update dependency org.yaml:snakeyaml to v2.5 (#​499) @​renovate[bot]
• Update actions/setup-java action to v5 (#​497) @​renovate[bot]
• Update plugin com.gradle.develocity to v4.1.1 (#​496) @​renovate[bot]
• Update plugin shadowJar to v9.0.2 (#​495) @​renovate[bot]
• Update dependency com.charleskorn.kaml:kaml to v0.89.0 (#​494) @​renovate[bot]
• Update actions/checkout action to v5 (#​492) @​renovate[bot]
• Update plugin shadowJar to v9.0.1 (#​491) @​renovate[bot]
• Update dependency org.assertj:assertj-core to v3.27.4 (#​490) @​renovate[bot]
• Update plugin shadowJar to v9.0.0 (#​489) @​renovate[bot]
• Switch shadow to com.gradleup.shadow (#​488) @​mrmans0n

Dependency Matrix

	version	kotlin version
detekt	1.23.8	2.0.21
ktlint	1.8.0	2.2.21

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[claude]

Pull Request Review: Update io.nlopez.compose.rules:ktlint to v0.5.0

Summary

This PR updates the compose-rules ktlint dependency from v0.4.27 to v0.5.0. This is a Renovate-generated dependency update that requires careful review due to breaking changes.

---

⚠️ Critical Breaking Changes

MAJOR VERSION BUMP - REQUIRES ATTENTION

The release notes for v0.5.0 clearly state:

IMPORTANT: This version targets detekt 2.x (specifically, 2.0.0-alpha.1). It is incompatible with earlier detekt 1.x versions, so if you are using those, DO NOT UPDATE.

Current Project Status:

• Current detekt version: 1.23.8 (from gradle/libs.versions.toml:37)
• Required detekt version: 2.0.0-alpha.1 or higher
• Kotlin version: 2.2.21 ✅ (compatible - v0.5.0 uses kotlin 2.2.21 for ktlint)

Compatibility Issue: This update is INCOMPATIBLE with the current detekt version and will likely cause build failures.

---

Code Quality Assessment

✅ Change Quality: The code change itself is clean and minimal - single version bump in the version catalog.

✅ Configuration: The dependency is properly configured in:

• gradle/libs.versions.toml:44 - version declaration
• build-logic/src/main/kotlin/com/igorwojda/showcase/buildlogic/SpotlessConventionPlugin.kt:22 - used as custom ruleset for ktlint

---

Recommendations

DO NOT MERGE until one of the following actions is taken:

Option 1: Update detekt to v2.x (Recommended for staying current)

1. Update detekt version in gradle/libs.versions.toml from 1.23.8 to 2.0.0-alpha.1 or later
2. Review detekt 2.x migration guide for any breaking changes
3. Run full test suite and linting checks
4. Note: This introduces an alpha dependency which may not be suitable for production

Option 2: Hold this update (Recommended for stability)

1. Close this PR and configure Renovate to skip this update until detekt 2.x is stable
2. Wait for detekt 2.0 stable release
3. Coordinate both updates together in a dedicated migration PR

Option 3: Revert to compatible version

1. Update to the latest v0.4.x release (v0.4.28) instead
2. This version supports ktlint 1.8.0 and kotlin 2.2.21 without requiring detekt 2.x

---

Security Concerns

✅ No security issues identified in this dependency update.

---

Performance Considerations

⚠️ Build Performance: The v0.5.0 release notes mention:

• Migration to Detekt 2.0
• Updated dependencies (kaml, shadowJar, compose-bom)
• Integration tests added

These changes suggest potential build time impacts that should be monitored after upgrade.

---

Test Coverage

✅ Existing Tests: Project has 23 test files
⚠️ Testing Required: After resolving the detekt compatibility issue, ensure:

1. All ktlint checks pass: ./gradlew spotlessCheck
2. All detekt checks pass: ./gradlew detekt
3. Full test suite passes: ./gradlew test
4. Build succeeds: ./gradlew build

---

Additional Notes

What's New in v0.5.0:

• Detekt 2.0 support
• Kotlin 2.2.20+ support
• New default ViewModel factories
• Bug fixes in shadowjar configuration
• Real world samples for integration testing

Repository Context:

• Using Spotless with ktlint for code formatting
• Custom rulesets include: ktlint-ruleset-standard (v1.8.0), nlopez-compose-rules, twitter-compose-rules
• EditorConfig properly configured with ktlint settings

---

Verdict

BLOCK MERGE - This PR introduces an incompatible dependency version. Please address the detekt version incompatibility before proceeding.

The most prudent path forward is Option 2 (hold this update) until detekt 2.0 reaches a stable release, then coordinate both updates together in a dedicated migration effort.

---

📚 References:

• compose-rules v0.5.0 Release Notes
• Detekt Migration to 2.0

🤖 Review generated with Claude Code

[claude]

PR Review: Update io.nlopez.compose.rules:ktlint to v0.5.1

Summary

This PR updates the io.nlopez.compose.rules:ktlint dependency from v0.4.27 to v0.5.1, bringing new features and bug fixes from the compose-rules project.

---

Code Quality & Best Practices ✅

Positive aspects:

• Clean, minimal dependency version update in the version catalog
• Follows the project's established pattern for dependency management
• Automated by Renovate, ensuring consistent update practices

---

Potential Issues & Concerns ⚠️

1. Breaking Changes - Detekt 2.x Compatibility 🔴

Critical Issue: Version 0.5.x of compose-rules targets Detekt 2.0.0-alpha.1, which is incompatible with Detekt 1.x versions.

Current project state:

• Project uses: detekt = "1.23.8" (gradle/libs.versions.toml:37)
• This PR's dependency requires: Detekt 2.0.0-alpha.1

Impact: This update will likely cause compatibility issues since the project is still on Detekt 1.23.8.

Recommended Actions:

1. Do not merge until Detekt is upgraded to 2.x, OR
2. Update to v0.4.28 instead (last version compatible with Detekt 1.x), OR
3. Plan a coordinated update of both Detekt and compose-rules together

From the release notes:

Important

This version targets detekt 2.x (specifically, 2.0.0-alpha.1). It is incompatible with earlier detekt 1.x versions, so if you are using those, DO NOT UPDATE.

2. Dependency Matrix Mismatch

The compose-rules v0.5.1 dependency matrix shows:

• ktlint: 1.8.0 (compiled against Kotlin 2.2.21)
• Project uses: ktlint-ruleset-standard = "1.8.0"
• Project Kotlin version: "2.2.21"

Status: Kotlin and ktlint versions align properly ✅

---

Performance Considerations ✅

No performance concerns identified. The update includes:

• Improved rule processing
• Better handling of context parameters
• Support for additional Compose state functions

---

Security Concerns ✅

No security issues identified in this dependency update.

---

Test Coverage 📋

Observations:

• No test changes required (dependency-only update)
• Project has Konsist tests that validate architecture
• Spotless is configured to use this ruleset in SpotlessConventionPlugin.kt:22

Recommendations:

1. Run ./gradlew spotlessCheck locally to verify compatibility
2. Ensure CI passes all checks before merging
3. Monitor for any new lint violations introduced by updated rules

---

Additional Context

New Features in v0.5.x (from release notes):

• Context parameters treated same as context receivers in MultipleContentEmitters
• KeyedEffect added to non-restartable effects list
• Retain functions treated same as remember in all rules
• More mutable*StateOf variants added to appropriate rules
• Improved documentation and rule clarity

Version 0.4.28 Alternative:
If staying on Detekt 1.x for now, consider updating to v0.4.28 instead, which:

• Targets ktlint 1.8.0 (same as this project)
• Compatible with Kotlin 2.2.21 (same as this project)
• Compatible with Detekt 1.23.8 (current project version)

---

Verdict

❌ DO NOT MERGE in current state due to Detekt compatibility issue.

Next Steps:

1. Close this PR or hold it
2. Either:
   • Update Detekt to 2.0.0-alpha.1+ first (requires testing), then merge this
   • Configure Renovate to use v0.4.28 instead for now
3. Create an issue to track the migration to Detekt 2.x if planning to upgrade

---

Configuration Files Reviewed

• gradle/libs.versions.toml:44 (nlopez-compose-rules version)
• gradle/libs.versions.toml:37 (detekt version)
• build-logic/src/main/kotlin/com/igorwojda/showcase/buildlogic/SpotlessConventionPlugin.kt:22 (usage)
• .editorconfig (ktlint rules configuration)

Let me know if you'd like help with the Detekt upgrade or configuring an alternative version!

[claude]

Pull Request Review - Dependency Update: io.nlopez.compose.rules:ktlint v0.4.27 → v0.5.2

Summary

This PR updates the io.nlopez.compose.rules:ktlint dependency from version 0.4.27 to 0.5.2. This is a Renovate-generated dependency update that includes several minor version bumps with important improvements and fixes.

---

Code Quality ✅

Positive aspects:

• Clean, minimal change affecting only the version catalog
• Single line change reduces risk of conflicts
• Well-documented by Renovate with detailed release notes

---

Breaking Changes Analysis ⚠️

Important considerations:

1. Version Jump: This update spans from 0.4.27 → 0.4.28 → 0.5.0 → 0.5.1 → 0.5.2, including a minor version bump which may contain breaking changes.

2. Key changes in v0.5.x releases:

   • Fixed parameter order handling for lambdas with default values before required params in composables (v0.5.2)
   • Better support for context parameters (treated same as context receivers) (v0.5.1)
   • Support for KeyedEffect added to non-restartable effects list (v0.5.1)
   • Support for retain function (treated same as remember) (v0.5.1)
   • More mutable*StateOf variants recognized (v0.5.1)

3. Dependency matrix changes:

   • ktlint version: 1.7.1 → 1.8.0 (compiled against Kotlin 2.2.21)
   • This aligns with the project's current Kotlin version (2.2.21)

---

Potential Issues 🔍

1. Breaking Rule Changes: The parameter ordering fix in v0.5.2 may flag previously valid code patterns where lambdas with defaults appear before required parameters in Composables.

2. New Rule Coverage: Support for additional state management functions (retain, more mutable*StateOf variants) means more code will be analyzed, which could surface new warnings.

3. Untested Compatibility: Since this is a ktlint custom ruleset update, it's crucial to verify that:

   • spotlessCheck passes with the new rules
   • No new violations are introduced in existing code
   • The rules work correctly with the project's .editorconfig settings

---

Recommendations 📋

Before merging:

1. ✅ Run ./gradlew spotlessCheck to ensure no new violations are introduced
2. ✅ Run ./gradlew spotlessApply if any auto-fixable issues are found
3. ⚠️ Review any new warnings carefully - some may indicate real issues in Compose code
4. ✅ Verify CI checks pass completely

Additional considerations:

• The .editorconfig file disables ktlint_standard_import-ordering due to Detekt conflicts - ensure this still works correctly
• Consider reviewing Compose code for parameter ordering, especially in custom Composables with lambda parameters

---

Security 🔒

✅ No security concerns - This is a linting rules update that only affects build-time static analysis, not runtime behavior.

---

Performance ⚡

✅ No runtime performance impact - Linting rules only affect build/analysis time. Build time impact should be negligible.

---

Test Coverage 🧪

Observation: This is a dev dependency (linting rules) that doesn't require test coverage changes. However:

• ✅ The library itself has added functional tests (mentioned in v0.5.2 release notes)
• ⚠️ Project should verify existing tests still pass
• ✅ No changes needed to project's test suite

---

Conclusion

This is a good update to accept as it brings important bug fixes (especially the parameter ordering fix) and better Compose API coverage. The changes align well with the project's current Kotlin/ktlint versions.

Action Items:

1. Ensure CI checks pass (particularly spotless/lint checks)
2. If any new violations appear, evaluate whether they indicate real code quality issues
3. Consider running the full test suite to ensure no unexpected interactions

Approval Status: ✅ Recommended to merge after CI validation passes.

---

Review generated with analysis of release notes for versions 0.4.28, 0.5.0, 0.5.1, and 0.5.2

[claude]

Pull Request Review - io.nlopez.compose.rules:ktlint v0.4.27 → v0.5.3

Summary

This PR updates the io.nlopez.compose.rules:ktlint dependency from version 0.4.27 to 0.5.3. This is a Renovate-generated dependency update that spans multiple minor versions.

---

Code Quality & Best Practices ✅

Positive Aspects:

• Clean, minimal change - only updates the version number in the version catalog
• Follows the project's convention of managing dependencies centrally in gradle/libs.versions.toml
• The dependency is properly referenced in SpotlessConventionPlugin.kt at line 22 where it's used as a custom ktlint ruleset

Integration Check:
The dependency is correctly integrated:

• Defined in gradle/libs.versions.toml:44 as a version reference
• Referenced in gradle/libs.versions.toml:116 as a library dependency
• Applied in build-logic/src/main/kotlin/com/igorwojda/showcase/buildlogic/SpotlessConventionPlugin.kt:22 as part of the custom rulesets

---

Potential Issues & Concerns ⚠️

Version Jump Analysis:
This update spans several versions (0.4.27 → 0.4.28 → 0.5.0 → 0.5.1 → 0.5.2 → 0.5.3), including:

• Major concern: Version 0.5.0 migrated to Detekt 2.0 (specifically 2.0.0-alpha.1)
• According to release notes: "This version targets detekt 2.x... It is incompatible with earlier detekt 1.x versions"

Critical Compatibility Issue:
Your project currently uses:

• detekt = "1.23.8" (from gradle/libs.versions.toml:37)
• ktlint = "1.8.0" (expected, based on compose-rules v0.5.3 dependency matrix)

The compose-rules library v0.5.0+ is compiled against Detekt 2.0.0-alpha.1, but your project is still on Detekt 1.23.8. This may cause compatibility issues at runtime.

Recommendation:

• ⚠️ This update might require updating Detekt to 2.x to ensure full compatibility
• Monitor for any unexpected behavior in linting/code analysis
• Consider testing locally before merging to catch any breaking changes

---

Performance Considerations 🚀

Positive:

• Version 0.5.3 includes bug fixes like "Use a fallback when checking for context params/receivers" which may improve analysis reliability
• Performance impact should be minimal since this is a linting tool that runs during build-time, not runtime

Version Improvements:

• v0.5.1: Better handling of context parameters/receivers
• v0.5.2: Fixed parameter order handling for composables
• v0.5.3: Improved fallback mechanisms

---

Security Concerns 🔒

Assessment: ✅ Low Risk

• This is a linting/code quality tool from a reputable maintainer
• Renovate has high merge confidence based on the PR metadata
• No known security vulnerabilities in the changelog
• The dependency is only used at build-time, not bundled in the app

---

Test Coverage 🧪

Current State:

• This is a build-time dependency used for code linting
• No unit tests are required for version bumps of linting rules
• The true "test" is whether the codebase passes spotless checks with the new rules

Recommendations:

1. ✅ Run ./gradlew spotlessCheck to verify all existing code still passes with the new rules
2. ✅ Run ./gradlew spotlessApply if any new violations are found
3. ✅ Verify CI checks pass before merging
4. ⚠️ Consider testing Detekt compatibility given the version mismatch concern

---

Action Items

Before merging:

• Verify all CI checks pass
• Run ./gradlew spotlessCheck locally
• Investigate Detekt 2.x compatibility - consider upgrading Detekt or verifying 1.x compatibility
• Review any new linting violations that may surface

---

Overall Recommendation

🟡 APPROVE WITH CAUTION

The change itself is clean and follows best practices, but there is a potential compatibility concern with Detekt versions. The compose-rules library v0.5.0+ targets Detekt 2.x while your project uses Detekt 1.23.8.

Suggested approach:

1. Merge this PR if CI passes cleanly
2. Monitor for any linting issues post-merge
3. Plan to update Detekt to 2.x in a follow-up PR for full compatibility

---

Review completed by Claude Code