Bump the lib-and-app group with 9 updates

[dependabot]

Bumps the lib-and-app group with 9 updates:

Package	From	To
androidx.activity:activity-compose	1.11.0	1.12.0
androidx.lifecycle:lifecycle-livedata-ktx	2.9.4	2.10.0
androidx.lifecycle:lifecycle-runtime-ktx	2.9.4	2.10.0
androidx.lifecycle:lifecycle-viewmodel-ktx	2.9.4	2.10.0
androidx.compose:compose-bom	2025.10.01	2025.11.01
com.squareup.okhttp3:okhttp	5.3.0	5.3.2
com.squareup.okhttp3:mockwebserver3	5.3.0	5.3.2
com.android.application	8.13.0	8.13.1
com.android.library	8.13.0	8.13.1

Updates androidx.activity:activity-compose from 1.11.0 to 1.12.0

Updates androidx.lifecycle:lifecycle-livedata-ktx from 2.9.4 to 2.10.0

Updates androidx.lifecycle:lifecycle-runtime-ktx from 2.9.4 to 2.10.0

Updates androidx.lifecycle:lifecycle-viewmodel-ktx from 2.9.4 to 2.10.0

Updates androidx.lifecycle:lifecycle-runtime-ktx from 2.9.4 to 2.10.0

Updates androidx.lifecycle:lifecycle-viewmodel-ktx from 2.9.4 to 2.10.0

Updates androidx.compose:compose-bom from 2025.10.01 to 2025.11.01

Updates com.squareup.okhttp3:okhttp from 5.3.0 to 5.3.2

Changelog

Sourced from com.squareup.okhttp3:okhttp's changelog.

Version 5.3.2

2025-11-18

• Fix: Don't delay triggering timeouts. In Okio 3.16.0 we introduced a regression that caused timeouts to fire later than they were supposed to.

• Upgrade: [Okio 3.16.4][okio_3_16_4].

Version 5.3.1

2025-11-16

This release is the same as 5.3.0. Okio 3.16.3 didn't have a necessary fix!

• Upgrade: [Okio 3.16.3][okio_3_16_3].

Commits

• 75b9c26 Prepare for release 5.3.2.
• ab48e5d Okio 3.16.4 (#9200)
• a9a4638 Prepare next development version.
• ef72228 Prepare for release 5.3.1.
• 6747167 Update com.squareup.okio to v3.16.3 (#9197)
• See full diff in compare view

Updates com.squareup.okhttp3:mockwebserver3 from 5.3.0 to 5.3.2

Changelog

Sourced from com.squareup.okhttp3:mockwebserver3's changelog.

Version 5.3.2

2025-11-18

• Fix: Don't delay triggering timeouts. In Okio 3.16.0 we introduced a regression that caused timeouts to fire later than they were supposed to.

• Upgrade: [Okio 3.16.4][okio_3_16_4].

Version 5.3.1

2025-11-16

This release is the same as 5.3.0. Okio 3.16.3 didn't have a necessary fix!

• Upgrade: [Okio 3.16.3][okio_3_16_3].

Commits

• 75b9c26 Prepare for release 5.3.2.
• ab48e5d Okio 3.16.4 (#9200)
• a9a4638 Prepare next development version.
• ef72228 Prepare for release 5.3.1.
• 6747167 Update com.squareup.okio to v3.16.3 (#9197)
• See full diff in compare view

Updates com.squareup.okhttp3:mockwebserver3 from 5.3.0 to 5.3.2

Changelog

Sourced from com.squareup.okhttp3:mockwebserver3's changelog.

Version 5.3.2

2025-11-18

• Fix: Don't delay triggering timeouts. In Okio 3.16.0 we introduced a regression that caused timeouts to fire later than they were supposed to.

• Upgrade: [Okio 3.16.4][okio_3_16_4].

Version 5.3.1

2025-11-16

This release is the same as 5.3.0. Okio 3.16.3 didn't have a necessary fix!

• Upgrade: [Okio 3.16.3][okio_3_16_3].

Commits

• 75b9c26 Prepare for release 5.3.2.
• ab48e5d Okio 3.16.4 (#9200)
• a9a4638 Prepare next development version.
• ef72228 Prepare for release 5.3.1.
• 6747167 Update com.squareup.okio to v3.16.3 (#9197)
• See full diff in compare view

Updates com.android.application from 8.13.0 to 8.13.1

Updates com.android.library from 8.13.0 to 8.13.1

Updates com.android.library from 8.13.0 to 8.13.1

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[rfc2822]

Fails with:

Manifest merger failed : uses-sdk:minSdkVersion 21 cannot be smaller than version 23 declared in library [androidx.navigationevent:navigationevent-android:1.0.0] /home/runner/.gradle/caches/8.14.1/transforms/58f11b7467af3bfcf2b8d7b276214007/transformed/navigationevent/AndroidManifest.xml as the library might be using APIs not available in 21
Suggestion: use a compatible library with a minSdk of at most 21,
or increase this project's minSdk version to at least 23,
or use tools:overrideLibrary="androidx.navigationevent" to force usage (may lead to runtime failures)

But why?

[ArnyminerZ]

It looks like they've dropped support for SDK 21 on Navigation: https://developers.google.com/maps/documentation/navigation/android-sdk/release-notes

Edit 1 (strikethrough)

However, it's not clear why it's breaking now, it doesn't update any navigation libs. My guess is that the Compose BOM does upgrade it.

Edit 2:

Also here on the changelog for Lifecycle 2.10.0 there is:

The minSdk has changed from API 21 to API 23.

So I guess this is also the case, since this PR upgrades Lifecycle

Edit 3:
And on apilevels.com they say:

Jetpack/AndroidX libraries require a minSdk of 23 or higher since June 2025.

[ArnyminerZ]

In DAVx⁵, we are using a min SDK of 24:
https://github.com/bitfireAT/davx5-ose/blob/2d10cbb07dc67de902c3ba18e87708b8c4a30847/app/build.gradle.kts#L27

So I guess on our side we can upgrade the minSdk of cert4android to 23. I don't know how many people use cert4android, but I think we can safely assume it's not such a big deal to upgrade