antville/helma
antville/helma
1
1
Fork 0
Code Issues 5 Pull requests 5 Projects Releases 5 Activity Actions

build(deps): bump gson from 2.8.6 to 2.8.9 #35

Merged
dependabot[bot] merged 1 commit from dependabot/gradle/com.google.code.gson-gson-2.8.9 into helma-🐜 2021-12-11 17:05:51 +00:00
Conversation 0 Commits 1 Files changed 1 +1 -1
dependabot[bot] commented 2021-11-01 09:08:09 +00:00 (Migrated from github.com)
Copy link

Bumps gson from 2.8.6 to 2.8.9.

Release notes

Sourced from gson's releases.

Gson 2.8.9

  • Make OSGi bundle's dependency on sun.misc optional (#1993).
  • Deprecate Gson.excluder() exposing internal Excluder class (#1986).
  • Prevent Java deserialization of internal classes (#1991).
  • Improve number strategy implementation (#1987).
  • Fix LongSerializationPolicy null handling being inconsistent with Gson (#1990).
  • Support arbitrary Number implementation for Object and Number deserialization (#1290).
  • Bump proguard-maven-plugin from 2.4.0 to 2.5.1 (#1980).
  • Don't exclude static local classes (#1969).
  • Fix RuntimeTypeAdapterFactory depending on internal Streams class (#1959).
  • Improve Maven build (#1964).
  • Make dependency on java.sql optional (#1707).

Gson 2.8.8

  • Fixed issue with recursive types (#1390).
  • Better behaviour with Java 9+ and Unsafe if there is a security manager (#1712).
  • EnumTypeAdapter now works better when ProGuard has obfuscated enum fields (#1495).
Changelog

Sourced from gson's changelog.

Version 2.8.9

  • Make OSGi bundle's dependency on sun.misc optional (#1993).
  • Deprecate Gson.excluder() exposing internal Excluder class (#1986).
  • Prevent Java deserialization of internal classes (#1991).
  • Improve number strategy implementation (#1987).
  • Fix LongSerializationPolicy null handling being inconsistent with Gson (#1990).
  • Support arbitrary Number implementation for Object and Number deserialization (#1290).
  • Bump proguard-maven-plugin from 2.4.0 to 2.5.1 (#1980).
  • Don't exclude static local classes (#1969).
  • Fix RuntimeTypeAdapterFactory depending on internal Streams class (#1959).
  • Improve Maven build (#1964).
  • Make dependency on java.sql optional (#1707).

Version 2.8.8

  • Fixed issue with recursive types (#1390).
  • Better behaviour with Java 9+ and Unsafe if there is a security manager (#1712).
  • EnumTypeAdapter now works better when ProGuard has obfuscated enum fields (#1495).

Version 2.8.7

  • Fixed ISO8601UtilsTest failing on systems with UTC+X.
  • Improved javadoc for JsonStreamParser.
  • Updated proguard.cfg (#1693).
  • Fixed IllegalStateException in JsonTreeWriter (#1592).
  • Added JsonArray.isEmpty() (#1640).
  • Added new test cases (#1638).
  • Fixed OSGi metadata generation to work on JavaSE < 9 (#1603).
Commits
  • 6a368d8 [maven-release-plugin] prepare release gson-parent-2.8.9
  • ba96d53 Fix missing bounds checks for JsonTreeReader.getPath() (#2001)
  • ca1df7f #1981: Optional OSGi bundle's dependency on sun.misc package (#1993)
  • c54caf3 Deprecate Gson.excluder() exposing internal Excluder class (#1986)
  • e6fae59 Prevent Java deserialization of internal classes (#1991)
  • bda2e3d Improve number strategy implementation (#1987)
  • cd748df Fix LongSerializationPolicy null handling being inconsistent with Gson (#1990)
  • fe30b85 Support arbitrary Number implementation for Object and Number deserialization...
  • 1cc1627 Fix incorrect feature request template label (#1982)
  • 7b9a283 Bump bnd-maven-plugin from 5.3.0 to 6.0.0 (#1985)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps [gson](https://github.com/google/gson) from 2.8.6 to 2.8.9. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/gson/releases">gson's releases</a>.</em></p> <blockquote> <h2>Gson 2.8.9</h2> <ul> <li>Make OSGi bundle's dependency on <code>sun.misc</code> optional (<a href="https://github-redirect.dependabot.com/google/gson/issues/1993">#1993</a>).</li> <li>Deprecate <code>Gson.excluder()</code> exposing internal <code>Excluder</code> class (<a href="https://github-redirect.dependabot.com/google/gson/issues/1986">#1986</a>).</li> <li>Prevent Java deserialization of internal classes (<a href="https://github-redirect.dependabot.com/google/gson/issues/1991">#1991</a>).</li> <li>Improve number strategy implementation (<a href="https://github-redirect.dependabot.com/google/gson/issues/1987">#1987</a>).</li> <li>Fix LongSerializationPolicy null handling being inconsistent with Gson (<a href="https://github-redirect.dependabot.com/google/gson/issues/1990">#1990</a>).</li> <li>Support arbitrary Number implementation for Object and Number deserialization (<a href="https://github-redirect.dependabot.com/google/gson/issues/1290">#1290</a>).</li> <li>Bump proguard-maven-plugin from 2.4.0 to 2.5.1 (<a href="https://github-redirect.dependabot.com/google/gson/issues/1980">#1980</a>).</li> <li>Don't exclude static local classes (<a href="https://github-redirect.dependabot.com/google/gson/issues/1969">#1969</a>).</li> <li>Fix <code>RuntimeTypeAdapterFactory</code> depending on internal <code>Streams</code> class (<a href="https://github-redirect.dependabot.com/google/gson/issues/1959">#1959</a>).</li> <li>Improve Maven build (<a href="https://github-redirect.dependabot.com/google/gson/issues/1964">#1964</a>).</li> <li>Make dependency on <code>java.sql</code> optional (<a href="https://github-redirect.dependabot.com/google/gson/issues/1707">#1707</a>).</li> </ul> <h2>Gson 2.8.8</h2> <ul> <li>Fixed issue with recursive types (<a href="https://github-redirect.dependabot.com/google/gson/issues/1390">#1390</a>).</li> <li>Better behaviour with Java 9+ and <code>Unsafe</code> if there is a security manager (<a href="https://github-redirect.dependabot.com/google/gson/issues/1712">#1712</a>).</li> <li><code>EnumTypeAdapter</code> now works better when ProGuard has obfuscated enum fields (<a href="https://github-redirect.dependabot.com/google/gson/issues/1495">#1495</a>).</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/google/gson/blob/master/CHANGELOG.md">gson's changelog</a>.</em></p> <blockquote> <h2>Version 2.8.9</h2> <ul> <li>Make OSGi bundle's dependency on <code>sun.misc</code> optional (<a href="https://github-redirect.dependabot.com/google/gson/issues/1993">#1993</a>).</li> <li>Deprecate <code>Gson.excluder()</code> exposing internal <code>Excluder</code> class (<a href="https://github-redirect.dependabot.com/google/gson/issues/1986">#1986</a>).</li> <li>Prevent Java deserialization of internal classes (<a href="https://github-redirect.dependabot.com/google/gson/issues/1991">#1991</a>).</li> <li>Improve number strategy implementation (<a href="https://github-redirect.dependabot.com/google/gson/issues/1987">#1987</a>).</li> <li>Fix LongSerializationPolicy null handling being inconsistent with Gson (<a href="https://github-redirect.dependabot.com/google/gson/issues/1990">#1990</a>).</li> <li>Support arbitrary Number implementation for Object and Number deserialization (<a href="https://github-redirect.dependabot.com/google/gson/issues/1290">#1290</a>).</li> <li>Bump proguard-maven-plugin from 2.4.0 to 2.5.1 (<a href="https://github-redirect.dependabot.com/google/gson/issues/1980">#1980</a>).</li> <li>Don't exclude static local classes (<a href="https://github-redirect.dependabot.com/google/gson/issues/1969">#1969</a>).</li> <li>Fix <code>RuntimeTypeAdapterFactory</code> depending on internal <code>Streams</code> class (<a href="https://github-redirect.dependabot.com/google/gson/issues/1959">#1959</a>).</li> <li>Improve Maven build (<a href="https://github-redirect.dependabot.com/google/gson/issues/1964">#1964</a>).</li> <li>Make dependency on <code>java.sql</code> optional (<a href="https://github-redirect.dependabot.com/google/gson/issues/1707">#1707</a>).</li> </ul> <h2>Version 2.8.8</h2> <ul> <li>Fixed issue with recursive types (<a href="https://github-redirect.dependabot.com/google/gson/issues/1390">#1390</a>).</li> <li>Better behaviour with Java 9+ and <code>Unsafe</code> if there is a security manager (<a href="https://github-redirect.dependabot.com/google/gson/issues/1712">#1712</a>).</li> <li><code>EnumTypeAdapter</code> now works better when ProGuard has obfuscated enum fields (<a href="https://github-redirect.dependabot.com/google/gson/issues/1495">#1495</a>).</li> </ul> <h2>Version 2.8.7</h2> <ul> <li>Fixed <code>ISO8601UtilsTest</code> failing on systems with UTC+X.</li> <li>Improved javadoc for <code>JsonStreamParser</code>.</li> <li>Updated proguard.cfg (<a href="https://github-redirect.dependabot.com/google/gson/issues/1693">#1693</a>).</li> <li>Fixed <code>IllegalStateException</code> in <code>JsonTreeWriter</code> (<a href="https://github-redirect.dependabot.com/google/gson/issues/1592">#1592</a>).</li> <li>Added <code>JsonArray.isEmpty()</code> (<a href="https://github-redirect.dependabot.com/google/gson/issues/1640">#1640</a>).</li> <li>Added new test cases (<a href="https://github-redirect.dependabot.com/google/gson/issues/1638">#1638</a>).</li> <li>Fixed OSGi metadata generation to work on JavaSE &lt; 9 (<a href="https://github-redirect.dependabot.com/google/gson/issues/1603">#1603</a>).</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/google/gson/commit/6a368d89da37917be7714c3072b8378f4120110a"><code>6a368d8</code></a> [maven-release-plugin] prepare release gson-parent-2.8.9</li> <li><a href="https://github.com/google/gson/commit/ba96d53bad35f7466073f14cb3d89d09383e1a2d"><code>ba96d53</code></a> Fix missing bounds checks for JsonTreeReader.getPath() (<a href="https://github-redirect.dependabot.com/google/gson/issues/2001">#2001</a>)</li> <li><a href="https://github.com/google/gson/commit/ca1df7f7e09f6b1a763882029dd7057f475b31de"><code>ca1df7f</code></a> <a href="https://github-redirect.dependabot.com/google/gson/issues/1981">#1981</a>: Optional OSGi bundle's dependency on sun.misc package (<a href="https://github-redirect.dependabot.com/google/gson/issues/1993">#1993</a>)</li> <li><a href="https://github.com/google/gson/commit/c54caf308c3f7d4a6088cf3085c2caa9617e0458"><code>c54caf3</code></a> Deprecate <code>Gson.excluder()</code> exposing internal <code>Excluder</code> class (<a href="https://github-redirect.dependabot.com/google/gson/issues/1986">#1986</a>)</li> <li><a href="https://github.com/google/gson/commit/e6fae590cf2a758c47cd5a17f9bf3780ce62c986"><code>e6fae59</code></a> Prevent Java deserialization of internal classes (<a href="https://github-redirect.dependabot.com/google/gson/issues/1991">#1991</a>)</li> <li><a href="https://github.com/google/gson/commit/bda2e3d16af776e0f607d56bbab6eac22f8f2d58"><code>bda2e3d</code></a> Improve number strategy implementation (<a href="https://github-redirect.dependabot.com/google/gson/issues/1987">#1987</a>)</li> <li><a href="https://github.com/google/gson/commit/cd748df7122ea4260d35dfe90cfab0c079a1504d"><code>cd748df</code></a> Fix LongSerializationPolicy null handling being inconsistent with Gson (<a href="https://github-redirect.dependabot.com/google/gson/issues/1990">#1990</a>)</li> <li><a href="https://github.com/google/gson/commit/fe30b85224316cabf19f5dd3223843437c297802"><code>fe30b85</code></a> Support arbitrary Number implementation for Object and Number deserialization...</li> <li><a href="https://github.com/google/gson/commit/1cc16274235f89650349884dd04760bf15a95d96"><code>1cc1627</code></a> Fix incorrect feature request template label (<a href="https://github-redirect.dependabot.com/google/gson/issues/1982">#1982</a>)</li> <li><a href="https://github.com/google/gson/commit/7b9a283a7a5d66878c9be01227b15e631afe2a5a"><code>7b9a283</code></a> Bump bnd-maven-plugin from 5.3.0 to 6.0.0 (<a href="https://github-redirect.dependabot.com/google/gson/issues/1985">#1985</a>)</li> <li>Additional commits viewable in <a href="https://github.com/google/gson/compare/gson-parent-2.8.6...gson-parent-2.8.9">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.google.code.gson:gson&package-manager=gradle&previous-version=2.8.6&new-version=2.8.9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
blocker

   
core

   
dependency

Pull request that updates a dependency file

  
major

   
needs-work

   
runtime

   
security

   
urgent
No labels
blocker
core
dependency
major
needs-work
runtime
security
urgent
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: antville/helma#35
No description provided.
Delete branch "dependabot/gradle/com.google.code.gson-gson-2.8.9"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?