CompactNPCLib icon indicating copy to clipboard operation
CompactNPCLib copied to clipboard

Published 20 hours ago verified publisher icon InventivetalentDev

Update dependency com.google.code.gson:gson to v2.8.9 [SECURITY]

Open renovate[bot] opened this issue 2 years ago • 0 comments

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
com.google.code.gson:gson 2.6.2 -> 2.8.9 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2022-25647

The package com.google.code.gson:gson before 2.8.9 is vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to denial of service attacks.

Release Notes

google/gson

v2.8.9

v2.8.8

v2.8.7

v2.8.6

2019-10-04 GitHub Diff

  • Added static methods JsonParser.parseString and JsonParser.parseReader and deprecated instance method JsonParser.parse
  • Java 9 module-info support

v2.8.5

2018-05-21 GitHub Diff

  • Print Gson version while throwing AssertionError and IllegalArgumentException
  • Moved utils.VersionUtils class to internal.JavaVersion. This is a potential backward incompatible change from 2.8.4
  • Fixed issue https://github.com/google/gson/issues/1310 by supporting Debian Java 9

v2.8.4

2018-05-01 GitHub Diff

  • Added a new FieldNamingPolicy, LOWER_CASE_WITH_DOTS that mapps JSON name someFieldName to some.field.name
  • Fixed issue https://github.com/google/gson/issues/1305 by removing compile/runtime dependency on sun.misc.Unsafe

v2.8.3

2018-04-27 GitHub Diff

  • Added a new API, GsonBuilder.newBuilder() that clones the current builder
  • Preserving DateFormatter behavior on JDK 9
  • Numerous other bugfixes

v2.8.2

2017-09-19 GitHub Diff

  • Introduced a new API, JsonElement.deepCopy()
  • Numerous other bugfixes

v2.8.1

2017-05-30 GitHub Diff

  • New: JsonObject.keySet()
  • @JsonAdapter annotation can now use JsonSerializer and JsonDeserializer as well.

v2.7

2016-06-14 GitHub Diff

  • Added support for JsonSerializer/JsonDeserializer in @​JsonAdapter annotation
  • Exposing Gson properties excluder(), fieldNamingStrategy(), serializeNulls(), htmlSafe()
  • Added JsonObject.size() method
  • Added JsonWriter.value(Boolean value) method
  • Using ArrayDeque, ConcurrentHashMap, and other JDK 1.6 features
  • Better error reporting
  • Plenty of other bug fixes

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • [ ] If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

renovate[bot] avatar Mar 16 '23 14:03 renovate[bot]