Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency com.google.code.gson:gson to v2.8.9 [SECURITY] #99

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

Update dependency com.google.code.gson:gson to v2.8.9 [SECURITY] #99

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Mar 16, 2023
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
com.google.code.gson:gson 2.3.1 -> 2.8.9 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2022-25647

The package com.google.code.gson:gson before 2.8.9 is vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to denial of service attacks.

Release Notes

google/gson (com.google.code.gson:gson)

v2.8.9

v2.8.8

v2.8.7

v2.8.6

2019-10-04 GitHub Diff

  • Added static methods JsonParser.parseString and JsonParser.parseReader and deprecated instance method JsonParser.parse
  • Java 9 module-info support

v2.8.5

2018-05-21 GitHub Diff

  • Print Gson version while throwing AssertionError and IllegalArgumentException
  • Moved utils.VersionUtils class to internal.JavaVersion. This is a potential backward incompatible change from 2.8.4
  • Fixed issue https://github.com/google/gson/issues/1310 by supporting Debian Java 9

v2.8.4

2018-05-01 GitHub Diff

  • Added a new FieldNamingPolicy, LOWER_CASE_WITH_DOTS that mapps JSON name someFieldName to some.field.name
  • Fixed issue https://github.com/google/gson/issues/1305 by removing compile/runtime dependency on sun.misc.Unsafe

v2.8.3

2018-04-27 GitHub Diff

  • Added a new API, GsonBuilder.newBuilder() that clones the current builder
  • Preserving DateFormatter behavior on JDK 9
  • Numerous other bugfixes

v2.8.2

2017-09-19 GitHub Diff

  • Introduced a new API, JsonElement.deepCopy()
  • Numerous other bugfixes

v2.8.1

2017-05-30 GitHub Diff

  • New: JsonObject.keySet()
  • @JsonAdapter annotation can now use JsonSerializer and JsonDeserializer as well.

v2.7

2016-06-14 GitHub Diff

  • Added support for JsonSerializer/JsonDeserializer in @​JsonAdapter annotation
  • Exposing Gson properties excluder(), fieldNamingStrategy(), serializeNulls(), htmlSafe()
  • Added JsonObject.size() method
  • Added JsonWriter.value(Boolean value) method
  • Using ArrayDeque, ConcurrentHashMap, and other JDK 1.6 features
  • Better error reporting
  • Plenty of other bug fixes

v2.6.2

2016-02-26 GitHub Diff

  • Fixed an NPE bug with @​JsonAdapter annotation
  • Added back OSGI manifest
  • Some documentation typo fixes

v2.6.1

2016-02-11 GitHub Diff

  • Fix: The 2.6 release targeted Java 1.7, but we intend to target Java 1.6. The
    2.6.1 release is identical to 2.6, but it targets Java 1.6.

v2.6

2016-02-26 GitHub Diff

  • Fixed an NPE bug with @​JsonAdapter annotation
  • Added back OSGI manifest
  • Some documentation typo fixes

v2.5

2015-11-24 GitHub Diff

  • Updated minimum JDK version to 1.6
  • Improved Date Deserialization by accepting many date formats
  • Added support for java.util.Currency, AtomicLong, AtomicLongArray, AtomicInteger, AtomicIntegerArray, AtomicBoolean. This change is backward-incompatible because the earlier version of Gson used the default serialization which wasn't intuitive. We hope that these classes are not used enough to actually cause problems in the field.
  • Improved debugging information when some exceptions are thrown

v2.4

2015-10-04

  • Drop IOException from TypeAdapter.toJson(). This is a binary-compatible change, but may
    cause compiler errors where IOExceptions are being caught but no longer thrown. The correct fix
    for this problem is to remove the unnecessary catch clause.
  • New: Gson.newJsonWriter method returns configured JsonWriter instances.
  • New: @SerializedName now works with [AutoValue’s][autovalue] abstract property methods.
  • New: @SerializedName permits alternate names when deserializing.
  • New: JsonWriter#jsonValue writes raw JSON values.
  • New: APIs to add primitives directly to JsonArray instances.
  • New: ISO 8601 date type adapter. Find this in extras.
  • Fix: FieldNamingPolicy now works properly when running on a device with a Turkish locale.
    [autovalue]: https://redirect.github.com/google/auto/tree/main/value

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot force-pushed the renovate/maven-com.google.code.gson-gson-vulnerability branch from 6fe1c26 to 745cb3e Compare February 17, 2024 16:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants