AnimatedFrames
AnimatedFrames copied to clipboard
InventivetalentDev
Update dependency com.google.code.gson:gson to v2.8.9 [SECURITY]
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| com.google.code.gson:gson | 2.8.5 -> 2.8.9 |
GitHub Vulnerability Alerts
CVE-2022-25647
The package com.google.code.gson:gson before 2.8.9 is vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to denial of service attacks.
Release Notes
google/gson
v2.8.9
- Make OSGi bundle's dependency on
sun.miscoptional (https://github.com/google/gson/pull/1993). - Deprecate
Gson.excluder()exposing internalExcluderclass (https://github.com/google/gson/pull/1986). - Prevent Java deserialization of internal classes (https://github.com/google/gson/pull/1991).
- Improve number strategy implementation (https://github.com/google/gson/pull/1987).
- Fix LongSerializationPolicy null handling being inconsistent with Gson (https://github.com/google/gson/pull/1990).
- Support arbitrary Number implementation for Object and Number deserialization (https://github.com/google/gson/pull/1290).
- Bump proguard-maven-plugin from 2.4.0 to 2.5.1 (https://github.com/google/gson/pull/1980).
- Don't exclude static local classes (https://github.com/google/gson/pull/1969).
- Fix
RuntimeTypeAdapterFactorydepending on internalStreamsclass (https://github.com/google/gson/pull/1959). - Improve Maven build (https://github.com/google/gson/pull/1964).
- Make dependency on
java.sqloptional (https://github.com/google/gson/pull/1707).
v2.8.8
- Fixed issue with recursive types (https://github.com/google/gson/issues/1390).
- Better behaviour with Java 9+ and
Unsafeif there is a security manager (https://github.com/google/gson/pull/1712). -
EnumTypeAdapternow works better when ProGuard has obfuscated enum fields (https://github.com/google/gson/pull/1495).
v2.8.7
- Fixed
ISO8601UtilsTestfailing on systems with UTC+X. - Improved javadoc for
JsonStreamParser. - Updated proguard.cfg (https://github.com/google/gson/pull/1693).
- Fixed
IllegalStateExceptioninJsonTreeWriter(https://github.com/google/gson/issues/1592). - Added
JsonArray.isEmpty()(https://github.com/google/gson/pull/1640). - Added new test cases (https://github.com/google/gson/pull/1638).
- Fixed OSGi metadata generation to work on JavaSE < 9 (https://github.com/google/gson/pull/1603).
v2.8.6
2019-10-04 GitHub Diff
- Added static methods
JsonParser.parseStringandJsonParser.parseReaderand deprecated instance methodJsonParser.parse - Java 9 module-info support
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
- [ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
![renovate[bot] avatar](https://avatars.githubusercontent.com/in/2740?v=4 "Published by a pub.dev verified publisher"){kind=small}