dependabot[bot] opened a new pull request, #657: URL: https://github.com/apache/directory-kerby/pull/657
Bumps [com.google.code.gson:gson](https://github.com/google/gson) from 2.13.2 to 2.14.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/gson/releases";>com.google.code.gson:gson's releases</a>.</em></p> <blockquote> <h2>Gson 2.14.0</h2> <h2>What's Changed</h2> <ul> <li> <p>Add type adapters for <code>java.time</code> classes by <a href="https://github.com/eamonnmcmanus";><code>@eamonnmcmanus</code></a> in <a href="https://redirect.github.com/google/gson/pull/2948";>google/gson#2948</a></p> <p>When the <code>java.time</code> API is available, Gson automatically can read and write instances of classes like <code>Instant</code> and <code>Duration</code>. The format it uses essentially freezes the JSON representation that <code>ReflectiveTypeAdapterFactory</code> established by default, based on the private fields of <code>java.time</code> classes. That's not a great representation, but it is understandable. Changing it to anything else would break compatibility with systems that are expecting the current format.</p> <p>With this change, Gson no longer tries to access private fields of these classes using reflection. So it is no longer necessary to run with <code>--add-opens</code> for these classes on recent JDKs.</p> </li> <li> <p>Remove <code>com.google.gson.graph</code> by <a href="https://github.com/eamonnmcmanus";><code>@eamonnmcmanus</code></a> in <a href="https://redirect.github.com/google/gson/pull/2990";>google/gson#2990</a>.</p> <p>This package was not part of any released artifact and depended on Gson internals in potentially problematic ways.</p> </li> <li> <p>Validate that strings being parsed as integers consist of ASCII characters by <a href="https://github.com/eamonnmcmanus";><code>@eamonnmcmanus</code></a> in <a href="https://redirect.github.com/google/gson/pull/2995";>google/gson#2995</a></p> <p>Previously, strings could contain non-ASCII Unicode digits and still be parsed as integers. That's inconsistent with how JSON numbers are treated.</p> </li> <li> <p>Fix duplicate key detection when first value is null by <a href="https://github.com/andrewstellman";><code>@andrewstellman</code></a> in <a href="https://redirect.github.com/google/gson/pull/3006";>google/gson#3006</a></p> <p>This could potentially break code that was relying on the incorrect behaviour. For example, this JSON string was previously accepted but will no longer be: <code>{"foo": null, "foo": bar}</code>.</p> </li> <li> <p>Remove <code>Serializable</code> from internal <code>Type</code> implementation classes. by <a href="https://github.com/eamonnmcmanus";><code>@eamonnmcmanus</code></a> in <a href="https://redirect.github.com/google/gson/pull/3011";>google/gson#3011</a></p> <p>The nested classes <code>ParameterizedTypeImpl</code>, <code>GenericArrayTypeImpl</code>, and <code>WildcardTypeImpl</code> in <code>GsonTypes</code> are implementations of the corresponding types (without <code>Impl</code>) in <code>java.lang.reflect</code>. For some reason, they were serializable, even though the <code>java.lang.reflect</code> implementations are not. Having unnecessarily serializable classes could <em>conceivably</em> have been a security problem if they were part of a larger exploit using serialization. (We do not consider this a likely scenario and do not suggest that you need to update Gson just to get this change.)</p> </li> <li> <p>Add <code>LegacyProtoTypeAdapterFactory</code>. by <a href="https://github.com/eamonnmcmanus";><code>@eamonnmcmanus</code></a> in <a href="https://redirect.github.com/google/gson/pull/3014";>google/gson#3014</a></p> <p>This is not part of any released artifact, but may be of use when trying to fix code that is currently accessing the internals of protobuf classes via reflection.</p> </li> <li> <p>Make AppendableWriter do flush and close if delegation object supports by <a href="https://github.com/MukjepScarlet";><code>@MukjepScarlet</code></a> in <a href="https://redirect.github.com/google/gson/pull/2925";>google/gson#2925</a></p> </li> </ul> <h2>Other less visible changes</h2> <ul> <li>Add default capacity to EnumTypeAdapter maps by <a href="https://github.com/MukjepScarlet";><code>@MukjepScarlet</code></a> in <a href="https://redirect.github.com/google/gson/pull/2959";>google/gson#2959</a></li> <li>refactor: move derived adapters from Gson to TypeAdapters by <a href="https://github.com/MukjepScarlet";><code>@MukjepScarlet</code></a> in <a href="https://redirect.github.com/google/gson/pull/2951";>google/gson#2951</a></li> <li>Optimize <code>new Gson()</code> by <a href="https://github.com/MukjepScarlet";><code>@MukjepScarlet</code></a> in <a href="https://redirect.github.com/google/gson/pull/2864";>google/gson#2864</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/ThirdGoddess";><code>@ThirdGoddess</code></a> made their first contribution in <a href="https://redirect.github.com/google/gson/pull/2944";>google/gson#2944</a></li> <li><a href="https://github.com/lmj798";><code>@lmj798</code></a> made their first contribution in <a href="https://redirect.github.com/google/gson/pull/2988";>google/gson#2988</a></li> <li><a href="https://github.com/Eng-YasminKotb";><code>@Eng-YasminKotb</code></a> made their first contribution in <a href="https://redirect.github.com/google/gson/pull/3005";>google/gson#3005</a></li> <li><a href="https://github.com/andrewstellman";><code>@andrewstellman</code></a> made their first contribution in <a href="https://redirect.github.com/google/gson/pull/3006";>google/gson#3006</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/google/gson/compare/gson-parent-2.13.2...gson-parent-2.14.0";>https://github.com/google/gson/compare/gson-parent-2.13.2...gson-parent-2.14.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/google/gson/commit/3ff35d6269894901ab8006258395aafc4b9765cd";><code>3ff35d6</code></a> [maven-release-plugin] prepare release gson-parent-2.14.0</li> <li><a href="https://github.com/google/gson/commit/a3024fde2a5c12b9a9a0b6b914ae4899aa574d81";><code>a3024fd</code></a> Bump the maven group with 13 updates (<a href="https://redirect.github.com/google/gson/issues/3002";>#3002</a>)</li> <li><a href="https://github.com/google/gson/commit/5689ffe44952ca6ed44c595886b9043286311b23";><code>5689ffe</code></a> Bump the github-actions group across 1 directory with 3 updates (<a href="https://redirect.github.com/google/gson/issues/3018";>#3018</a>)</li> <li><a href="https://github.com/google/gson/commit/48db33cbf93af6b2f5b117dfdfd826de47f7229c";><code>48db33c</code></a> Add <code>LegacyProtoTypeAdapterFactory</code>. (<a href="https://redirect.github.com/google/gson/issues/3014";>#3014</a>)</li> <li><a href="https://github.com/google/gson/commit/53d703ee76ca3e951fa4a727307c1f28dbcaf3aa";><code>53d703e</code></a> Update outdated comment regarding serializable types (<a href="https://redirect.github.com/google/gson/issues/3012";>#3012</a>)</li> <li><a href="https://github.com/google/gson/commit/0189b727761f31596d1a27b7c60b42478dc9f331";><code>0189b72</code></a> Remove <code>Serializable</code> from internal <code>Type</code> implementation classes. (<a href="https://redirect.github.com/google/gson/issues/3011";>#3011</a>)</li> <li><a href="https://github.com/google/gson/commit/f4d371d29c04066dbe7fdb31f642831f9c7f40cd";><code>f4d371d</code></a> Fix duplicate key detection when first value is null (<a href="https://redirect.github.com/google/gson/issues/3006";>#3006</a>)</li> <li><a href="https://github.com/google/gson/commit/27d9ba1eeeeb156540cf5397504a4f9f256e911f";><code>27d9ba1</code></a> Fix typo in README (JPMS dependencies section) (<a href="https://redirect.github.com/google/gson/issues/3005";>#3005</a>)</li> <li><a href="https://github.com/google/gson/commit/1fa9b7a0a994b006b3be00e2df9de778e71e6807";><code>1fa9b7a</code></a> Validate that strings being parsed as integers consist of ASCII characters (#...</li> <li><a href="https://github.com/google/gson/commit/b7d59549188867deb42e46073fb38735a5beda1c";><code>b7d5954</code></a> Add iterator fail-fast tests for LinkedTreeMap.clear() (<a href="https://redirect.github.com/google/gson/issues/2992";>#2992</a>)</li> <li>Additional commits viewable in <a href="https://github.com/google/gson/compare/gson-parent-2.13.2...gson-parent-2.14.0";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
