Bump the gradle group with 2 updates

[dependabot]

Bumps the gradle group with 2 updates: com.github.spotbugs and software.amazon.smithy:smithy-model.

Updates com.github.spotbugs from 6.4.4 to 6.4.8

Updates software.amazon.smithy:smithy-model from 1.63.0 to 1.65.0

Release notes

Sourced from software.amazon.smithy:smithy-model's releases.

Smithy CLI v1.65.0

1.65.0 (2025-12-09)

Features

• Added CloudWatch Metric Namespace to AWS service trait. (#2877)
• Add a new package with tests for rule engine (#2864)
• Fix null result handling in CFG terminal nodes (#2881)
• restXml and restJson1 should support the httpChecksum trait (#2867)
• Added a NodeValidationVisitor feature that enforces base64 encoding of blob values. (#2838)

Bug Fixes

• Fixes a bug in toNode generation for traits with members that have the idRef trait applied. (#2871)

Documentation

• Update smithy-java doc to reflect the latest artifact names (#2862)
• Fixed a broken ABNF specification in rules engine docs. (#2831)

Other

• Replace streams with loops (#2866)

Smithy CLI v1.64.0

1.64.0 (2025-11-04)

Features

• Updated LoaderShapeMap to use DependencyGraph to sort shapes instead of TopologicalShapeSort. This results in some error messages changing:

  • There is no longer a special message for missing transitive mixins.
  • The message for genrically missing mixins is now applied by ApplyMixin, which has a slightly different wording and which will trigger for each mising mixin.
  • The error message for detected cycles will now include the entire cycle that a shape is part of, rather than just the edges that it is directly connected to. (#2774)

• Added a space for plugins to write data that is intended to be consumable by

... (truncated)

Changelog

Sourced from software.amazon.smithy:smithy-model's changelog.

1.65.0 (2025-12-09)

Features

• Added CloudWatch Metric Namespace to AWS service trait. (#2877)
• Add a new package with tests for rule engine (#2864)
• Fix null result handling in CFG terminal nodes (#2881)
• restXml and restJson1 should support the httpChecksum trait (#2867)
• Added a NodeValidationVisitor feature that enforces base64 encoding of blob values. (#2838)

Bug Fixes

• Fixes a bug in toNode generation for traits with members that have the idRef trait applied. (#2871)

Documentation

• Update smithy-java doc to reflect the latest artifact names (#2862)
• Fixed a broken ABNF specification in rules engine docs. (#2831)

Other

• Replace streams with loops (#2866)

1.64.0 (2025-11-04)

Features

• Updated LoaderShapeMap to use DependencyGraph to sort shapes instead of TopologicalShapeSort. This results in some error messages changing:

  • There is no longer a special message for missing transitive mixins.
  • The message for genrically missing mixins is now applied by ApplyMixin, which has a slightly different wording and which will trigger for each mising mixin.
  • The error message for detected cycles will now include the entire cycle that a shape is part of, rather than just the edges that it is directly connected to. (#2774)

• Added a space for plugins to write data that is intended to be consumable by other plugins. This appears under a directory called shared in the the projection's output directory.

... (truncated)

Commits

• 1f94926 Bump version to 1.65.0 (#2882)
• 56f80e0 Fix null result handling in CFG terminal nodes (#2881)
• 555cf35 Revert "Bump version to 1.65.0 (#2879)" (#2880)
• 546e711 Bump version to 1.65.0 (#2879)
• fcfa6a9 Update changelog entry
• 839bbb2 Add CloudWatch Metric Namespace to AWS service trait
• ab22ebe Update JS deps
• 41d381a Bump swift-actions/setup-swift from 2 to 3
• ebe559b Update .changes/next-release/bugfix-6c01ebf25be52e4f1b87b8d498a5a0edc442ae3d....
• d9072db Fix trait codegen for members with idRef
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions