From 9401ae3c318ccda32964e562db39460726883b1e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 23 Apr 2024 13:03:20 -0700
Subject: [PATCH 1/2] Bump the github-actions group with 3 updates (#1272)

---
 .github/workflows/cifuzz.yml    | 2 +-
 .github/workflows/main.yml      | 2 +-
 .github/workflows/release.yml   | 2 +-
 .github/workflows/scorecard.yml | 6 +++---
 4 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml
index 3f6893d634..13089b9efc 100644
--- a/.github/workflows/cifuzz.yml
+++ b/.github/workflows/cifuzz.yml
@@ -27,7 +27,7 @@ jobs:
         dry-run: false
         language: jvm
     - name: Upload Crash
-      uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
+      uses: actions/upload-artifact@1746f4ab65b179e0ea60a494b83293b640dd5bba # v4.3.2
       if: failure() && steps.build.outcome == 'success'
       with:
         name: artifacts
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 8a51041473..c7d905ede0 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -30,7 +30,7 @@ jobs:
     env:
       JAVA_OPTS: "-XX:+TieredCompilation -XX:TieredStopAtLevel=1"
     steps:
-    - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+    - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
     - name: Set up JDK
       uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
       with:
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 804d9102ad..34db713a80 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -28,7 +28,7 @@ jobs:
       - name: Validate version name
         run: |
           [[ "$TAG" =~ jackson-core-[0-9]+\.[0-9]+\.[0-9]+(-rc[0-9]+)? ]] || exit 1
-      - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+      - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
       - name: Set up JDK
         uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
         with:
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index bf7e152373..6ae0d15441 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -29,7 +29,7 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+        uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
         with:
           persist-credentials: false
 
@@ -52,7 +52,7 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
+        uses: actions/upload-artifact@1746f4ab65b179e0ea60a494b83293b640dd5bba # v4.3.2
         with:
           name: SARIF file
           path: results.sarif
@@ -60,6 +60,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@df5a14dc28094dc936e103b37d749c6628682b60 # v3.25.0
+        uses: github/codeql-action/upload-sarif@c7f9125735019aa87cfc361530512d50ea439c71 # v3.25.1
         with:
           sarif_file: results.sarif

From d4b08c00c0d2ac9fc89d1e3657170ee9a9896bfd Mon Sep 17 00:00:00 2001
From: PJ Fanning <pjfanning@users.noreply.github.com>
Date: Sat, 27 Apr 2024 04:10:18 +0200
Subject: [PATCH 2/2] add serialization test (#1275)

---
 .../jackson/core/JDKSerializabilityTest.java  | 25 ++------------
 .../core/util/JdkSerializationTestUtils.java  | 34 +++++++++++++++++++
 .../core/util/TestSerializedString.java       | 24 ++++++++++++-
 3 files changed, 59 insertions(+), 24 deletions(-)
 create mode 100644 src/test/java/com/fasterxml/jackson/core/util/JdkSerializationTestUtils.java

diff --git a/src/test/java/com/fasterxml/jackson/core/JDKSerializabilityTest.java b/src/test/java/com/fasterxml/jackson/core/JDKSerializabilityTest.java
index 4da19ea005..2710170cc0 100644
--- a/src/test/java/com/fasterxml/jackson/core/JDKSerializabilityTest.java
+++ b/src/test/java/com/fasterxml/jackson/core/JDKSerializabilityTest.java
@@ -9,6 +9,8 @@
 import com.fasterxml.jackson.core.util.DefaultPrettyPrinter;
 import com.fasterxml.jackson.core.util.JsonRecyclerPools;
 
+import static com.fasterxml.jackson.core.util.JdkSerializationTestUtils.jdkDeserialize;
+import static com.fasterxml.jackson.core.util.JdkSerializationTestUtils.jdkSerialize;
 import static org.junit.jupiter.api.Assertions.*;
 
 /**
@@ -259,29 +261,6 @@ void pointerSerializationEmpty() throws Exception
     /**********************************************************
      */
 
-    protected byte[] jdkSerialize(Object o) throws IOException
-    {
-        ByteArrayOutputStream bytes = new ByteArrayOutputStream(1000);
-        ObjectOutputStream obOut = new ObjectOutputStream(bytes);
-        obOut.writeObject(o);
-        obOut.close();
-        return bytes.toByteArray();
-    }
-
-    @SuppressWarnings("unchecked")
-    protected <T> T jdkDeserialize(byte[] raw) throws IOException
-    {
-        ObjectInputStream objIn = new ObjectInputStream(new ByteArrayInputStream(raw));
-        try {
-            return (T) objIn.readObject();
-        } catch (ClassNotFoundException e) {
-            fail("Missing class: "+e.getMessage());
-            return null;
-        } finally {
-            objIn.close();
-        }
-    }
-
     @SuppressWarnings("resource")
     protected String _copyJson(JsonFactory f, String json, boolean useBytes) throws IOException
     {
diff --git a/src/test/java/com/fasterxml/jackson/core/util/JdkSerializationTestUtils.java b/src/test/java/com/fasterxml/jackson/core/util/JdkSerializationTestUtils.java
new file mode 100644
index 0000000000..21bcccda7e
--- /dev/null
+++ b/src/test/java/com/fasterxml/jackson/core/util/JdkSerializationTestUtils.java
@@ -0,0 +1,34 @@
+package com.fasterxml.jackson.core.util;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.ObjectInputStream;
+import java.io.ObjectOutputStream;
+
+import static org.junit.jupiter.api.Assertions.fail;
+
+public class JdkSerializationTestUtils {
+    public static byte[] jdkSerialize(Object o) throws IOException
+    {
+        ByteArrayOutputStream bytes = new ByteArrayOutputStream(1000);
+        ObjectOutputStream obOut = new ObjectOutputStream(bytes);
+        obOut.writeObject(o);
+        obOut.close();
+        return bytes.toByteArray();
+    }
+
+    @SuppressWarnings("unchecked")
+    public static <T> T jdkDeserialize(byte[] raw) throws IOException
+    {
+        ObjectInputStream objIn = new ObjectInputStream(new ByteArrayInputStream(raw));
+        try {
+            return (T) objIn.readObject();
+        } catch (ClassNotFoundException e) {
+            fail("Missing class: "+e.getMessage());
+            return null;
+        } finally {
+            objIn.close();
+        }
+    }
+}
diff --git a/src/test/java/com/fasterxml/jackson/core/util/TestSerializedString.java b/src/test/java/com/fasterxml/jackson/core/util/TestSerializedString.java
index be7b6e4c30..8be473112c 100644
--- a/src/test/java/com/fasterxml/jackson/core/util/TestSerializedString.java
+++ b/src/test/java/com/fasterxml/jackson/core/util/TestSerializedString.java
@@ -9,6 +9,8 @@
 import org.junit.jupiter.api.Test;
 import com.fasterxml.jackson.core.io.SerializedString;
 
+import static com.fasterxml.jackson.core.util.JdkSerializationTestUtils.jdkDeserialize;
+import static com.fasterxml.jackson.core.util.JdkSerializationTestUtils.jdkSerialize;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 
 /**
@@ -18,11 +20,12 @@
 class TestSerializedString
         extends com.fasterxml.jackson.core.JUnit5TestBase
 {
+    private static final String QUOTED = "\\\"quo\\\\ted\\\"";
+
     @Test
     void appending() throws IOException
     {
         final String INPUT = "\"quo\\ted\"";
-        final String QUOTED = "\\\"quo\\\\ted\\\"";
 
         SerializableString sstr = new SerializedString(INPUT);
         // sanity checks first:
@@ -63,4 +66,23 @@ void failedAccess() throws IOException
         assertEquals(-1, sstr.appendUnquoted(ch, 0));
         assertEquals(-1, sstr.putUnquotedUTF8(bbuf));
     }
+
+    @Test
+    void testAppendQuotedUTF8() throws IOException {
+        SerializedString sstr = new SerializedString(QUOTED);
+        assertEquals(QUOTED, sstr.getValue());
+        final byte[] buffer = new byte[100];
+        final int len = sstr.appendQuotedUTF8(buffer, 3);
+        assertEquals("\\\\\\\"quo\\\\\\\\ted\\\\\\\"", new String(buffer, 3, len));
+    }
+
+    @Test
+    void testJdkSerialize() throws IOException {
+        final byte[] bytes = jdkSerialize(new SerializedString(QUOTED));
+        SerializedString sstr = jdkDeserialize(bytes);
+        assertEquals(QUOTED, sstr.getValue());
+        final byte[] buffer = new byte[100];
+        final int len = sstr.appendQuotedUTF8(buffer, 3);
+        assertEquals("\\\\\\\"quo\\\\\\\\ted\\\\\\\"", new String(buffer, 3, len));
+    }
 }