Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump com.cedarsoftware:json-io from 4.3.0 to 4.14.1 in /jskparser/javaparser #15

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 8, 2024

Bumps com.cedarsoftware:json-io from 4.3.0 to 4.14.1.

Changelog

Sourced from com.cedarsoftware:json-io's changelog.

4.14.1

  • JDK 1.8 is target class file format. @​laurgarn
  • JDK 11 is source file format. @​laurgarn
  • Bug fix: EnumSet support fixed. @​laurgarn
  • Bug fix: Null boxed primitives are preserved round-trip. @​laurgarn
  • Enhancement: Filter Blacklisted Fields Before Trying to Access them to prevent exceptions thrown by Proxies (improve hibernate support) @​kpartlow
  • Bug fix: Stack overflow error caused by json-io parsing of untrusted JSON String @​PoppingSnack
  • Enhancement: Create gradle-publish.yml @​devlynnx
  • Enhancement: Added record deserialization, which implies java 16 codebase @​reuschling
  • Bug fix: Fixed TestJavaScript @​h143570
  • Enhancement: Bump gson from 2.6.2 to 2.8.9 @​dependabot
  • Enhancement: support deserialization of Collections.EmptyList on JDK17 @​ozhelezniak-talend

4.14.0

  • Bug fix: Enum serialization error with Java 17 #155. According to @​wweng-talend, if you set : "--illegal-access=deny" on jvm parameters, it works the same between jdk11 and jdk17.
  • Bug fix: java.lang primitives serialization - JDK-8256358 - JDK 17 support #154. Fix by @​wwang-talend.
  • Bug fix: failed to deserialize EnumSet with json without type #120. Fix by @​sgandon and @​wwang-talend

4.13.0

  • Enhancement: Clear unresolved references after all have been processed, as opposed to removing each one after it was processed.

4.12.0

  • Bug fix: Enhancement #137 introduced bug for negative numbers on simple values when tolerant/lenient parsing of +/- infinity was turned on.

4.11.1

  • Enhancement (#140): New option flag added FORCE_MAP_FORMAT_ARRAY_KEYS_ITEMS:true|false to allow forcing JSON output format to always write Map as @keys/@items in the JSON (example: {"@keys":["a", "b"], "@values":[1, 2]}, rather than its default behavior of recognizing all String keys and writing the Map as a JSON object, example: {"a":1, "b":2}. The default value for this flag is false.

4.11.0

  • Enhancement (#137): Allow tolerant/lenient parser of +/- infinity and NaN. New API added, JsonReader.setAllowNanAndInfinity(boolean) and JsonWriter.setAllowNanAndInfinity(boolean). The default is false to match the JSON standard.
  • Enhancement (#129): JsonReader.jsonToJava("") or JsonReader.jsonToJava(null) now returns a null, rather than throwing an exception.
  • Bug fix (#123): Removed vulnerability by disallowing ProcessBuilder to be serialized.
  • Bug fix (#124): Illegal Reflective Access warning when using json-io in Java 9 or newer. This was do to call isAccessible() on Java's Field class. This has been removed.
  • Bug fix (#132, #133): There was instance when @​i was written when it should have been @​e, indicating items, when using SHORT_META_KEYS flag.
  • Bug fix (#135): When reading { "@type": "char", "value": "\"" }, the value was read in as \u0000. It now reads in correctly as a double quote character.

4.10.1

  • Enhancement: Made FastPushbackBufferedReader constructor public so that this stream reader can be used anywhere.

4.10.0

  • Bug fix: When reading into Maps, logical primitives that are not long, double, boolean, or null, were being kept in JsonObjects instead of being converted into their respective types (int, float, Date, etc.)

4.9.12

  • Bug fix: Line number was incorrectly being reported as column number in error output.

4.9.11

  • Enhancement: Added nice JSON-style argument format method, typically used for logging method calls. See MetaUtils.getLogMessage().

4.9.10

  • Bug fix: When system property file.encoding was not set to UTF-8, json-io was not correctly handling characters outside the ASCII space. @​rednoah

4.9.9

  • Enhancement: Missing field handler improvements. Submitted by @​sgandon

4.9.8

  • Enhancement: Missing field handler improvements. Submitted by @​sgandon

4.9.7

  • Enhancement: Added JsonReader.addReaderPermanent() and JsonWriter.addWriterPermanent() to allow for a static (lifecycle of JVM) reader / writer to be added. Now, custom readers and writers can be added that only exist per-instance of JsonReader / JsonWriter or permanently, so they do not have to be added each instantiation (through args or call .addReader() or .addWriter()).

4.9.6

  • Enhancement: Improved enum handling. Updated how enums are detected so that subclasses of enums are detected. ordinal and internal fields no longer output.

4.9.5

  • Bug fix: The new FastPushBackBytesReader was incorrectly reading a String byte-by-byte ignoring the code point boundaries. Because of this, it would blow up during parsing Strings with characters outside the ascii range. New test case added that causes the failure. For time being, the FastPushBackBytesReader has been removed.
  • Javadoc updates.

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [com.cedarsoftware:json-io](https://github.com/jdereg/json-io) from 4.3.0 to 4.14.1.
- [Changelog](https://github.com/jdereg/json-io/blob/master/changelog.md)
- [Commits](https://github.com/jdereg/json-io/commits/4.14.1)

---
updated-dependencies:
- dependency-name: com.cedarsoftware:json-io
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Nov 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants