Bump the maven group across 5 directories with 23 updates

[dependabot]

Bumps the maven group with 19 updates in the / directory:

Package	From	To
org.eclipse.jetty:jetty-server	9.4.24.v20191120	9.4.51.v20230217
org.apache.thrift:libthrift	0.9.3	0.14.0
xerces:xercesImpl	2.11.0	2.12.2
commons-io:commons-io	2.6	2.7
org.xerial.snappy:snappy-java	1.1.2.6	1.1.10.4
org.apache.hadoop:hadoop-common	2.8.4	3.2.4
org.hsqldb:hsqldb	2.3.0	2.7.1
org.apache.avro:avro	1.7.6	1.11.3
com.amazonaws:aws-java-sdk-s3	1.11.281	1.12.261
org.apache.httpcomponents:httpclient	4.5.2	4.5.13
com.fasterxml.jackson.core:jackson-databind	2.10.1	2.12.7.1
com.google.protobuf:protobuf-java	2.5.0	3.16.3
io.grpc:grpc-protobuf	1.13.1	1.53.0
io.netty:netty-codec-http2	4.1.43.Final	4.1.100.Final
junit:junit	4.11	4.13.1
org.codehaus.plexus:plexus-archiver	2.2	4.8.0
com.google.code.gson:gson	2.8.1	2.8.9
org.springframework.security.oauth:spring-security-oauth2	2.3.3.RELEASE	2.3.5.RELEASE
org.xerial:sqlite-jdbc	3.20.1	3.41.2.2

Bumps the maven group with 2 updates in the /extensions/adapters/raster directory: com.google.protobuf:protobuf-java and org.codehaus.plexus:plexus-archiver.
Bumps the maven group with 1 update in the /extensions/datastores/dynamodb directory: junit:junit.
Bumps the maven group with 1 update in the /extensions/datastores/hbase directory: com.google.protobuf:protobuf-java.
Bumps the maven group with 3 updates in the /services/rest directory: com.google.code.gson:gson, org.springframework.security.oauth:spring-security-oauth2 and org.xerial:sqlite-jdbc.

Updates org.eclipse.jetty:jetty-server from 9.4.24.v20191120 to 9.4.51.v20230217

Updates org.eclipse.jetty:jetty-webapp from 9.4.24.v20191120 to 9.4.51.v20230217

Updates org.apache.thrift:libthrift from 0.9.3 to 0.14.0

Release notes

Sourced from org.apache.thrift:libthrift's releases.

Version 0.14.0

For release 0.14.0 head over to the official release download source: http://thrift.apache.org/download

The assets below are added by Github based on the release tag and they may therefore not match the checkums.

Version 0.13.0

For release 0.13.0 head over to the official release download source: http://thrift.apache.org/download

The assets below are added by Github based on the release tag and they may therefore not match the checkums.

Version 0.12.0

Apache Thrift Release 0.12.0

Version 0.9.3.1

This release is a backport of the security fix for CVE-2018-1320 as documented in THRIFT-4506. The only code change is in Java, and a 0.9.3-1 package was released to Maven Central.

This is marked in GitHub as a pre-release so that it does not become the "latest" release.

Changelog

Sourced from org.apache.thrift:libthrift's changelog.

0.14.0

Deprecated Languages

• THRIFT-5229 - Deprecate ActionScript 3 support

Removed Languages

• THRIFT-4980 - Remove deprecated C# and netcore bindings from the code base
• THRIFT-4981 - Remove deprecated netcore bindings from the code base
• THRIFT-4982 - Remove deprecated C# bindings from the code base

Breaking Changes

• THRIFT-4981 - Remove deprecated netcore bindings from the code base
• THRIFT-4982 - Remove deprecated csharp bindings from the code base
• THRIFT-4990 - Upgrade to .NET Core 3.1 (LTS)
• THRIFT-5006 - Implement DEFAULT_MAX_LENGTH at TFramedTransport
• THRIFT-5069 - In Go library TDeserializer.Transport is now typed *TMemoryBuffer instead of TTransport
• THRIFT-5072 - Haskell generator fails to distinguish between multiple enum types with conflicting enum identifiers
• THRIFT-5116 - Upgrade NodeJS to 10.x
• THRIFT-5138 - Swift generator does not escape keywords properly
• THRIFT-5164 - In Go library TProcessor interface now includes ProcessorMap and AddToProcessorMap functions.
• THRIFT-5186 - cpp: use all getaddrinfo() results when retrying failed bind() in T{Nonblocking,}ServerSocket
• THRIFT-5233 - go: Now all Read*, Write* and Skip functions in TProtocol accept context arg
• THRIFT-5152 - go: TSocket and TSSLSocket now have separated connect timeout and socket timeout
• c++: dropped support for Windows XP
• THRIFT-5326 - go: TException interface now has a new function: TExceptionType
• THRIFT-4914 - go: TClient.Call now returns ResponseMeta in addition to error

Known Open Issues (Blocker or Critical)

• THRIFT-3877 - C++: library don't work with HTTP (csharp server, cpp client; need cross test enhancement)
• THRIFT-5098 - Deprecated: "The high level Network interface is no longer supported. Please use Network.Socket." and other Haskell issues
• THRIFT-5245 - NPE when the value of map's key is null
• THRIFT-4687 - Add thrift 0.12.0 to pypi and/or enable more maintainers

Build Process

• THRIFT-4976 - Docker build: Test failure for StalenessCheckTest on MacOS
• THRIFT-5087 - test/test.py fails with "AssertionError: Python 3.3 or later is required for proper operation."
• THRIFT-5097 - Incorrect THRIFT_VERSION in ThriftConfig.cmake
• THRIFT-5109 - Misc CMake improvements
• THRIFT-5147 - Add uninstall function
• THRIFT-5218 - Automated Github release artifacts do not match checksums provided
• THRIFT-5249 - travis-ci : Failed to run FastbinaryTest.py

C glib

• THRIFT-4873 - Memory leak in c_glib

... (truncated)

Commits

• 8411e18 Version 0.14.0
• 0be1b7d Version 0.14.0
• 705f377 Version 0.14.0
• ebfa771 THRIFT-5274: Enforce Java 8 compatibility
• 518163a Update README.md
• de523c7 Updated CHANGES to reflect Version 0.14.0
• 7ae1ec3 THRIFT-5297: Improve TThreadPoolServer Handling of Incoming Connections
• ebc2ab5 THRIFT-5345: Allow the ServerContext to be Unwrapped Programmatically
• 55016bf THRIFT-5343: TTlsSocketTransport does not resolve IPv4 addresses or validate ...
• 4aaef75 THRIFT-5337 Go set fields write improvement
• Additional commits viewable in compare view

Updates xerces:xercesImpl from 2.11.0 to 2.12.2

Updates commons-io:commons-io from 2.6 to 2.7

Updates org.xerial.snappy:snappy-java from 1.1.2.6 to 1.1.10.4

Release notes

Sourced from org.xerial.snappy:snappy-java's releases.

v1.1.10.4

What's Changed

Security Fix

• CVE-2023-43642 Fixed SnappyInputStream so as not to allocate too large memory when decompressing data with an extremely large chunk size by @​tunnelshade (code change)
  • This does not affect users only using Snappy.compress/uncompress methods

🚀 Features

• feature: Upgrade the internal snappy version to 1.1.10 (1.1.8 was wrongly used before) by @​xerial in xerial/snappy-java#508
• Support JDK21 (no internal change)

🔗 Dependency Updates

• Update scalafmt-core to 3.7.11 by @​xerial-bot in xerial/snappy-java#485
• Update sbt to 1.9.3 by @​xerial-bot in xerial/snappy-java#483
• Update scalafmt-core to 3.7.12 by @​xerial-bot in xerial/snappy-java#487
• Bump actions/checkout from 3 to 4 by @​dependabot in xerial/snappy-java#502
• Update sbt to 1.9.4 by @​xerial-bot in xerial/snappy-java#496
• Update scalafmt-core to 3.7.14 by @​xerial-bot in xerial/snappy-java#501
• Update sbt to 1.9.6 by @​xerial-bot in xerial/snappy-java#505
• Update native libraries by @​github-actions in xerial/snappy-java#503

🛠 Internal Updates

• Update airframe-log to 23.7.4 by @​xerial-bot in xerial/snappy-java#486
• Update airframe-log to 23.8.0 by @​xerial-bot in xerial/snappy-java#488
• Update sbt-scalafmt to 2.5.2 by @​xerial-bot in xerial/snappy-java#500
• Update airframe-log to 23.8.6 by @​xerial-bot in xerial/snappy-java#497
• Update sbt-scalafmt to 2.5.1 by @​xerial-bot in xerial/snappy-java#499
• Update airframe-log to 23.9.1 by @​xerial-bot in xerial/snappy-java#504
• Update airframe-log to 23.9.2 by @​xerial-bot in xerial/snappy-java#509

Other Changes

• Update NOTICE by @​imsudiproy in xerial/snappy-java#492

Full Changelog: xerial/snappy-java@v1.1.10.3...v1.1.10.4

v1.1.10.3

What's Changed

🐛 Bug Fixes

• Fix the GLIBC_2.32 not found issue of libsnappyjava.so in certain Linux distributions on s390x by @​kun-lu20 in xerial/snappy-java#481

🔗 Dependency Updates

• Update scalafmt-core to 3.7.10 by @​xerial-bot in xerial/snappy-java#480
• Update native libraries by @​github-actions in xerial/snappy-java#482

New Contributors

• @​kun-lu20 made their first contribution in xerial/snappy-java#481

... (truncated)

Commits

• 9f8c3cf Merge pull request from GHSA-55g7-9cwv-5qfv
• 49d7001 Update airframe-log to 23.9.2 (#509)
• 1f07c31 Update native libraries for f2e97f27be0dc6c691369040ba8a673bface484c (#503)
• 13f8db1 Update sbt to 1.9.6 (#505)
• f2e97f2 feature: Upgrade the internal snappy version to 1.1.10 (1.1.8 was wrongly use...
• 98b2225 Update airframe-log to 23.9.1 (#504)
• 9f29b5c Update NOTICE (#492)
• 55639b5 Update sbt-scalafmt to 2.5.1 (#499)
• a5d81a6 Update airframe-log to 23.8.6 (#497)
• 6495da1 Update scalafmt-core to 3.7.14 (#501)
• Additional commits viewable in compare view

Updates org.apache.hadoop:hadoop-common from 2.8.4 to 3.2.4

Updates org.hsqldb:hsqldb from 2.3.0 to 2.7.1

Updates org.apache.avro:avro from 1.7.6 to 1.11.3

Updates com.amazonaws:aws-java-sdk-s3 from 1.11.281 to 1.12.261

Changelog

Sourced from com.amazonaws:aws-java-sdk-s3's changelog.

1.12.261 2022-07-14

AWS Config

• Features

  • Update ResourceType enum with values for Route53Resolver, Batch, DMS, Workspaces, Stepfunctions, SageMaker, ElasticLoadBalancingV2, MSK types

AWS Glue

• Features

  • This release adds an additional worker type for Glue Streaming jobs.

AWS Outposts

• Features

  • This release adds the ShipmentInformation and AssetInformationList fields to the GetOrder API response.

AWSKendraFrontendService

• Features

  • This release adds AccessControlConfigurations which allow you to redefine your document level access control without the need for content re-indexing.

Amazon Athena

• Features

  • This release updates data types that contain either QueryExecutionId, NamedQueryId or ExpectedBucketOwner. Ids must be between 1 and 128 characters and contain only non-whitespace characters. ExpectedBucketOwner must be 12-digit string.

Amazon Elastic Compute Cloud

• Features

  • This release adds flow logs for Transit Gateway to allow customers to gain deeper visibility and insights into network traffic through their Transit Gateways.

Amazon S3

• Bugfixes

  • Fixed possible issue in TransferManager's downloadDirectory operation where files could be downloaded to some sibling directories of the destination directory if the key contained specially-crafted relative paths.

Amazon SageMaker Service

• Features

  • This release adds support for G5, P4d, and C6i instance types in Amazon SageMaker Inference and increases the number of hyperparameters that can be searched from 20 to 30 in Amazon SageMaker Automatic Model Tuning

AmazonNimbleStudio

• Features

  • Amazon Nimble Studio adds support for IAM-based access to AWS resources for Nimble Studio components and custom studio components. Studio Component scripts use these roles on Nimble Studio workstation to mount filesystems, access S3 buckets, or other configured resources in the Studio's AWS account

CodeArtifact

• Features

  • This release introduces Package Origin Controls, a mechanism used to counteract Dependency Confusion attacks. Adds two new APIs, PutPackageOriginConfiguration and DescribePackage, and updates the ListPackage, DescribePackageVersion and ListPackageVersion APIs in support of the feature.

Firewall Management Service

• Features

  • Adds support for strict ordering in stateful rule groups in Network Firewall policies.

Inspector2

• Features

  • This release adds support for Inspector V2 scan configurations through the get and update configuration APIs. Currently this allows configuring ECR automated re-scan duration to lifetime or 180 days or 30 days.

1.12.260 2022-07-13

... (truncated)

Commits

• cb66c50 AWS SDK for Java 1.12.261
• 685134e Update GitHub version number to 1.12.261-SNAPSHOT
• 5555d84 AWS SDK for Java 1.12.260
• ae88c8a Update GitHub version number to 1.12.260-SNAPSHOT
• 93a0a7f AWS SDK for Java 1.12.259
• 5ec7cb7 Update GitHub version number to 1.12.259-SNAPSHOT
• 75fe4e1 AWS SDK for Java 1.12.258
• 8b6bdb0 Update GitHub version number to 1.12.258-SNAPSHOT
• eba6423 AWS SDK for Java 1.12.257
• d2f0b05 Update GitHub version number to 1.12.257-SNAPSHOT
• Additional commits viewable in compare view

Updates org.apache.httpcomponents:httpclient from 4.5.2 to 4.5.13

Updates com.fasterxml.jackson.core:jackson-databind from 2.10.1 to 2.12.7.1

Commits

• See full diff in compare view

Updates com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 2.10.1 to 2.12.7.1

Updates com.google.protobuf:protobuf-java from 2.5.0 to 3.16.3

Release notes

Sourced from com.google.protobuf:protobuf-java's releases.

Protobuf Release v3.16.3

Java

• Refactoring java full runtime to reuse sub-message builders and prepare to migrate parsing logic from parse constructor to builder.
• Move proto wireformat parsing functionality from the private "parsing constructor" to the Builder class.
• Change the Lite runtime to prefer merging from the wireformat into mutable messages rather than building up a new immutable object before merging. This way results in fewer allocations and copy operations.
• Make message-type extensions merge from wire-format instead of building up instances and merging afterwards. This has much better performance.
• Fix TextFormat parser to build up recurring (but supposedly not repeated) sub-messages directly from text rather than building a new sub-message and merging the fully formed message into the existing field.
• This release addresses a Security Advisory for Java users

Protocol Buffers v3.16.1

Java

• Improve performance characteristics of UnknownFieldSet parsing (#9371)

Protocol Buffers v3.16.0

C++

• Fix compiler warnings issue found in conformance_test_runner #8189 (#8190)
• Fix MinGW-w64 build issues. (#8286)
• [Protoc] C++ Resolved an issue where NO_DESTROY and CONSTINIT are in incorrect order (#8296)
• Fix PROTOBUF_CONSTINIT macro redefinition (#8323)
• Delete StringPiecePod (#8353)
• Fix gcc error: comparison of unsigned expression in '>= 0' is always … (#8309)
• Fix cmake install on iOS (#8301)
• Create a CMake option to control whether or not RTTI is enabled (#8347)
• Fix endian.h location on FreeBSD (#8351)
• Refactor util::Status (#8354)
• Make util::Status more similar to absl::Status (#8405)
• Fix -Wsuggest-destructor-override for generated C++ proto classes. (#8408)
• Refactor StatusOr and StringPiece (#8406)
• Refactor uint128 (#8416)
• The ::pb namespace is no longer exposed due to conflicts.
• Allow MessageDifferencer::TreatAsSet() (and friends) to override previous calls instead of crashing.
• Reduce the size of generated proto headers for protos with string or bytes fields.
• Move arena() operation on uncommon path to out-of-line routine
• For iterator-pair function parameter types, take both iterators by value.
• Code-space savings and perhaps some modest performance improvements in RepeatedPtrField.
• Eliminate nullptr check from every tag parse.
• Remove unused _$name$cached_byte_size fields.
• Serialize extension ranges together when not broken by a proto field in the middle.
• Do out-of-line allocation and deallocation of string object in ArenaString.

... (truncated)

Commits

• b8c2488 Updating version.json and repo version numbers to: 16.3
• 42e47e5 Refactoring Java parsing (3.16.x) (#10668)
• 98884a8 Merge pull request #10556 from deannagarcia/3.16.x
• 450b648 Cherrypick ruby fixes for monterey
• b17bb39 Merge pull request #10548 from protocolbuffers/3.16.x-202209131829
• c18f5e7 Updating changelog
• 6f4e817 Updating version.json and repo version numbers to: 16.2
• a7d4e94 Merge pull request #10547 from deannagarcia/3.16.x
• 55815e4 Apply patch
• 152d7bf Update version.json with "lts": true (#10535)
• Additional commits viewable in compare view

Updates io.grpc:grpc-protobuf from 1.13.1 to 1.53.0

Release notes

Sourced from io.grpc:grpc-protobuf's releases.

v1.53.0

New Features

• googleapis: Allow user set c2p bootstrap config (#9856)
• xds: Add contain and stringMatcher in RouteConfiguration (#9845)
• core: Add grpc-previous-rpc-attempts to the initial response metadata (#9686)
• servlet: Implement gRPC server as a Servlet (#8596)
• authz: Implement static authorization server interceptor (#8934)

Examples

• servlet: Add servlet example (#8596)

Bug Fixes

• xds: Update xds error handling logic. Specifically:
  • When the ads stream is closed only send errors to subscribers that haven't yet gotten results
  • Timers to detect missing resources don’t start until the adsStream is ready (#9745)
  • Call subscriber onError callback when xds client fails to connect to server (#9827)
• core: Delay retriable stream master listener close until all sub streams are closed. This fixes the call executor lifecycle and prevents potential RejectedExecutionException. (#9754)
• core: Free unused MessageProducer in RetriableStream (#9853), fixing a Netty buffer memory leak for cancelled RPCs
• api: Fail with NullPointerException when a Metadata.Marshaller returns null bytes (#9781). This would previously cause a NullPointerException later during the RPC. Now the return value of the Marshaller is checked immediately, to help find the broken Marshaller

Behavior Changes

• xds: Disallow duplicate addresses in the RingHashLB. (#9776)
• xds: EDS weight sums are allowed up to max unsigned int (was max signed int) (#9765)
• xds: Drop xds v2 support (#9760)

Dependencies

• JUnit upgraded to 4.13.2
• bazel: Dropped support for Bazel 4. We track the two most recent major versions of Bazel, Bazel 5 and 6. Bazel 4 may still work, but we are no longer testing it
• bazel: Include Tomcat annotations dependency for @Generated as used by autovalue (#9762). Necessary for building xds and rls on Java 9+
• bazel: Export deps from Maven Central-specific stand-in targets (#9780). Some Maven Central artifacts are a combination of multiple Bazel targets, like grpc-core is composed of //core:inprocess, //core:internal, //core:util, //api. There is a “//core:core_maven” target used by maven_install that uses the other targets. Previously the target used runtime_deps to discourage their use by Bazel users, but that could cause compilation failures from lack of hjars. These targets now use exports

Acknowledgement

@​cpovirk @​niloc132 @​stephenh @​olderwei @​pandaapo @​panxuefeng

v1.52.1

Bug Fixes

• xds: Fix an internal bug in xds resource subscription that might cause xds stream not accepting response update for that resource type entirely. (#9810)

v1.52.0

gRPC Java 1.52.0 Release Notes

grpc-xds starting with 1.51.0 had a regression where resources might stop receiving updates. The trigger could happen hours or days after the binary had started. xDS users should avoid this release and use 1.50.x until patch releases with the fix are available. grpc/grpc-java#9809

API Changes

... (truncated)

Commits

• 4ca6de0 Bump version to 1.53.0
• 2a1bb12 Update README etc to reference 1.53.0
• b1b2424 rls:Fix throttling in route lookup (b/262779100) (#9874) (#9879)
• 501ca8f xds: Update logic so that an error being reported when stream is closed gets ...
• b0635fa googleapis: Allow user set c2p bootstrap config (#9856)
• b289519 xds: fixed RouteConfiguration not supporting contain and stringMatcher (#9845)
• 706646f servlet: Implement gRPC server as a Servlet (#8596)
• 44847bf Upgrade JUnit to 4.13.2
• 5a2c94b core: Free unused MessageProducer in RetriableStream
• 9de989b okhttp: Avoid DNS lookup in test
• Additional commits viewable in compare view

Updates io.netty:netty-codec-http2 from 4.1.43.Final to 4.1.100.Final

Commits

• 58df783 [maven-release-plugin] prepare release netty-4.1.100.Final
• 58f75f6 Merge pull request from GHSA-xpw8-rcwv-8f8p
• 4911448 Do not fail when compressing empty HttpContent (#13655)
• caca5e5 When read PoolSubpage's variant fields, it should lock on PoolSubpage's head ...
• d97f2a5 Update checkout action to latest version (#13649)
• 275341f Fix issue with unrecognized JVM option while running with Java 11 (#13648)
• 5db037b Speedup max direct memory estimation via Unsafe (#13643)
• ce5c78c Update actions to the latest version (#13644)
• d7a8169 [maven-release-plugin] prepare for next development iteration
• 8e3fe28 [maven-release-plugin] prepare release netty-4.1.99.Final
• Additional commits viewable in compare view

Updates io.netty:netty-codec from 4.1.43.Final to 4.1.100.Final

Commits

• 58df783 [maven-release-plugin] prepare release netty-4.1.100.Final
• 58f75f6 Merge pull request from GHSA-xpw8-rcwv-8f8p
• 4911448 Do not fail when compressing empty HttpContent (#13655)
• caca5e5 When read PoolSubpage's variant fields, it should lock on PoolSubpage's head ...
• d97f2a5 Update checkout action to latest version (#13649)
• 275341f Fix issue with unrecognized JVM option while running with Java 11 (#13648)
• 5db037b Speedup max direct memory estimation via Unsafe (#13643)
• ce5c78c Update actions to the latest version (#13644)
• d7a8169 [maven-release-plugin] prepare for next development iteration
• 8e3fe28 [maven-release-plugin] prepare release netty-4.1.99.Final
• Additional commits viewable in compare view

Updates io.netty:netty-handler from 4.1.43.Final to 4.1.100.Final

Commits

• 58df783 [maven-release-plugin] prepare release netty-4.1.100.Final
• 58f75f6 Merge pull request from GHSA-xpw8-rcwv-8f8p
• 4911448 Do not fail when compressing empty HttpContent (#13655)
• caca5e5 When read PoolSubpage's variant fields, it should lock on PoolSubpage's head ...
• d97f2a5 Update checkout action to latest version (#13649)
• 275341f Fix issue with unrecognized JVM option while running with Java 11 (#13648)
• 5db037b Speedup max direct memory estimation via Unsafe (#13643)
• ce5c78c Update actions to the latest version (#13644)
• d7a8169 [maven-release-plugin] prepare for next development iteration
• 8e3fe28 [maven-release-plugin] prepare release netty-4.1.99.Final
• Additional commits viewable in compare view

Updates junit:junit from 4.11 to 4.13.1

Release notes

Sourced from junit:junit's releases.

JUnit 4.13.1

Please refer to the release notes for details.

JUnit 4.13

Please refer to the release notes for details.

JUnit 4.13 RC 2

Please refer to the release notes for details.

JUnit 4.13 RC 1

Please refer to the release notes for details.

JUnit 4.13 Beta 3

Please refer to the release notes for details.

JUnit 4.13 Beta 2

Please refer to the release notes for details.

JUnit 4.13 Beta 1

Please refer to the release notes for details.

JUnit 4.12

Please refer to the release notes for details.

JUnit 4.12 Beta 3

Please refer to the release notes for details.

JUnit 4.12 Beta 2

No release notes provided.

JUnit 4.12 Beta 1

No release notes provided.

Commits

• 1b683f4 [maven-release-plugin] prepare release r4.13.1
• ce6ce3a Draft 4.13.1 release notes
• c29dd82 Change version to 4.13.1-SNAPSHOT
• 1d17486 Add a link to assertThrows in exception testing
• 543905d Use separate line for annotation in Javadoc
• 510e906 Add sub headlines to class Javadoc
• 610155b Merge pull request from GHSA-269g-pwp5-87pp
• b6cfd1e Explicitly wrap float parameter for consistency (#1671)
• a5d205c Fix GitHub link in FAQ (#1672)
• 3a5c6b4 Deprecated since jdk9 replacing constructor instance of Double and Float (#1660)
• Additional commits viewable in compare view

Updates org.codehaus.plexus:plexus-archiver from 2.2 to 4.8.0

Release notes

Sourced from org.codehaus.plexus:plexus-archiver's releases.

4.8.0

🚀 New features and improvements

• Add tzst alias for tar.zst archiver/unarchived (#274) @​slawekjaranowski

🐛 Bug Fixes

• detect permissions for addFile (#293) @​hboutemy

📦 Dependency updates

• Bump org.codehaus.plexus:plexus from 13 to 14 (#296) @​dependabot
• Bump zstd-jni from 1.5.5-4 to 1.5.5-5 (#295) @​dependabot
• Bump Eclipse Sisu and from 0.3.5 to 0.9.0.M2 (#289) @​slachiewicz
• Bump commons-io from 2.12.0 to 2.13.0 (#288) @​dependabot
• Bump zstd-jni from 1.5.5-3 to 1.5.5-4 (#287) @​dependabot
• Bump plexus-utils from 3.5.1 to 4.0.0 (#283) @​dependabot
• Bump commons-io from 2.11.0 to 2.12.0 (#277) @​dependabot
• Bump zstd-jni from 1.5.5-2 to 1.5.5-3 (#284) @​dependabot
• Bump guice from 5.1.0 to 6.0.0 (#278) @​dependabot
• Bump plexus from 10 to 13 (#280) @​dependabot

👻 Maintenance

• Remove public modifier from JUnit 5 tests (#294) @​slawekjaranowski
• Use https in scm/url (#291) @​slawekjaranowski
• Remove junit-jupiter-engine from project dependencies (#292) @​slawekjaranowski
• Remove parent and reports menu from site (#282) @​slawekjaranowski
• Cleanup after "veryLargeJar" test (#281) @​slachiewicz
• Override project.url (#279) @​slawekjaranowski

Plexus Archiver 4.7.1

🐛 Bug Fixes

• don't apply umask on unknown perms (Win) (#273) @​hboutemy

Plexus Archiver 4.7.0

🚀 New features and improvements

• add umask support and use 022 in RB mode (#271) @​hboutemy
• Use NIO Files for creating temporary files (#270) @​slawekjaranowski
• Deprecate the JAR Index feature (JDK-8302819) (#268) @​jorsol
• Add Archiver aliases for tar.* (#266) @​slawekjaranowski

📦 Dependency updates

• Bump junitVersion from 5.9.2 to 5.9.3 (#267) @​dependabot

... (truncated)

Changelog

Sourced from org.codehaus.plexus:plexus-archiver's changelog.

Plexus Archiver Release Notes

Newer release

Newer release notes are maintained on GitHub releases

Plexus Archiver 4.2.1

Bugs

• [Issue #126][issue-126] - Fixed broken javadoc for Archiver#configureReproducible.
• [Issue #127][issue-127] - Fixed reproducible zip entry time depends on local daylight saving time.

Plexus Archiver 4.2.0

Improvements

• [Pull Request #121][pr-121] - Add API to configure reproducible archives - Archiver#configureReproducible.
• Add option to force the user and group for all archive entries.
• Add option to force the last modified date for all archive entries.
• [Issue #114][issue-114] - Add option to provide Comparator for Archiver. The archive entries will be added in the order specified by the provided comparator.
• [Pull Request #117][pr-117] - Add option to limit the output size for AbstractZipUnArchiver as a way of protection against ZIP bombs. Thanks to Sergey Patrikeev and Semyon Atamas.
• Various code improvements. Thanks to Semyon Atamas and Sergey Patrikeev.

Bugs

• [Issue #94][issue-94] - Fixed setting archiver destination to the working directory causes NullPointerException.

Tasks

• [Issue #119][issue-119] - Updated dependencies: commons-compress to 1.18, plexus-io to 3.2.0 and plexus-utils to 3.3.0.

Plexus Archiver 4.1.0

Improvements

... (truncated)

Commits

• See full diff in compare view

Updates com.google.code.gson:gson from 2.8.1 to 2.8.9

Release notes

Sourced from com.google.code.gson:gson's releases.

Gson 2.8.9

• Make OSGi bundle's dependency on sun.misc optional (#1993).
• Deprecate Gson.excluder() exposing internal Excluder class (#1986).
• Prevent Java deserialization of internal classes (#1991).
• Improve number strategy implementation (#1987).
• Fix LongSerializationPolicy null handling being inconsistent with Gson (#1990).
• Support arbitrary Number implementation for Object and Number deserialization (#1290).
• Bump proguard-maven-plugin from 2.4.0 to 2.5.1 (#1980).
• Don't exclude static local classes (#1969).
• Fix RuntimeTypeAdapterFactory depending on internal Streams class (#1959).
• Improve Maven build (#1964).
• Make dependency on java.sql optional (#1707).

Gson 2.8.8

• Fixed issue with recursive types (#1390).
• Better behaviour with Java 9+ and Unsafe if there is a security manager (#1712).
• EnumTypeAdapter now works better when ProGuard has obfuscated enum fields (#1495).

Changelog

Sourced from com.google.code.gson:gson's changelog.

Version 2.8.9

• Make OSGi bundle's dependency on sun.misc optional (google/gson#1993).
• Deprecate Gson.excluder() exposing internal Excluder class (google/gson#1986).
• Prevent Java deserialization of internal classes (google/gson#1991).
• Improve number strategy implementation (google/gson#1987).
• Fix LongSerializationPolicy null handling being inconsistent with Gson (google/gson#1990).
• Support arbitrary Number implementation for Object and Number deserialization (google/gson#1290).
• Bump proguard-maven-plugin from 2.4.0 to 2.5.1 (google/gson#1980).
• Don't exclude static local classes (google/gson#1969).
• Fix RuntimeTypeAdapterFactory depending on internal Streams class (google/gson#1959).
• Improve Maven build (google/gson#1964).
• Make dependency on java.sql optional (google/gson#1707).

Version 2.8.8

• Fixed issue with recursive types (google/gson#1390).
• Better behaviour with Java 9+ and Unsafe if there is a security manager (google/gson#1712).
• EnumTypeAdapter now works better when ProGuard has obfuscated enum fields (google/gson#1495).

Version 2.8.7

• Fixed ISO8601UtilsTest failing on systems with UTC+X.
• Improved javadoc for JsonStreamParser.
• Updated proguard.cfg (google/gson#1693).
• Fixed IllegalStateException in JsonTreeWriter (google/gson#1592).
• Added JsonArray.isEmpt...

  Description has been truncated