Merge branch 'master' into marcono1234/gsonbuilder-reuse

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,49 @@
+---
+name: Bug report
+about: Report a Gson bug.
+title: ''
+labels: bug
+assignees: ''
+
+---
+
+# Gson version
+<!-- Gson version you are using, for example '2.8.8' -->
+
+
+# Java / Android version
+<!-- Version of the Java or Android platform on which the bug occurred -->
+
+
+# Used tools
+<!-- List relevant build tools and plugins with version number here which might affect Gson -->
+- [ ] Maven; version: 
+- [ ] Gradle; version: 
+- [ ] ProGuard (attach the configuration file please); version: 
+- [ ] ...
+
+# Description
+<!-- Describe the bug you experienced -->
+
+
+## Expected behavior
+<!-- What behavior did you expect? -->
+
+
+## Actual behavior
+<!-- What happened instead? -->
+
+
+# Reproduction steps
+<!-- Provide exact reproduction steps for reproducing the bug -->
+<!-- Provide a short code snippet or link to a demo project -->
+
+1. ...
+2. ...
+
+# Exception stack trace
+<!-- In case an exception occurred, paste the COMPLETE exception stack trace in the code block below or attach it as file -->
+
+```
+
+```

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,4 @@
+contact_links:
+  - name: Usage question
+    url: https://stackoverflow.com/questions/tagged/gson
+    about: Ask usage questions on StackOverflow.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Request a feature. ⚠️ Gson is in maintenance mode; large feature requests might be rejected.
+title: ''
+labels: enhancement
+assignees: ''
+
+---
+
+# Problem solved by the feature
+<!-- Describe which problem the requested feature solves -->
+
+
+# Feature description
+<!-- Describe the feature -->
+
+
+# Alternatives / workarounds
+<!-- Describe alternatives or workarounds in case you are aware of any -->
+

.github/dependabot.yml

@@ -0,0 +1,6 @@
+version: 2
+updates:
+  - package-ecosystem: "maven"
+    directory: "/"
+    schedule:
+      interval: "daily"

.github/workflows/build.yml

@@ -0,0 +1,19 @@
+name: Build
+
+on: [push, pull_request]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v2
+      - name: Set up JDK 11
+        uses: actions/setup-java@v2
+        with:
+          distribution: 'temurin'
+          java-version: '11'
+          cache: 'maven'
+      - name: Build with Maven
+        # This also runs javadoc:javadoc to detect any issues with the Javadoc
+        run: mvn --batch-mode --update-snapshots verify javadoc:javadoc

.github/workflows/cifuzz.yml

@@ -0,0 +1,25 @@
+name: CIFuzz
+on: [pull_request]
+jobs:
+  Fuzzing:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Build Fuzzers
+      id: build
+      uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
+      with:
+        oss-fuzz-project-name: 'gson'
+        dry-run: false
+        language: jvm
+    - name: Run Fuzzers
+      uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
+      with:
+        oss-fuzz-project-name: 'gson'
+        fuzz-seconds: 600
+        dry-run: false
+    - name: Upload Crash
+      uses: actions/upload-artifact@v1
+      if: failure() && steps.build.outcome == 'success'
+      with:
+        name: artifacts
+        path: ./out/artifacts

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,54 @@
+# Based on default config generated by GitHub, see also https://github.com/github/codeql-action
+
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+  schedule:
+    # Run every Monday at 16:10
+    - cron: '10 16 * * 1'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'java' ]
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+
+    # Initializes the CodeQL tools for scanning
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v2
+      with:
+        languages: ${{ matrix.language }}
+        # Run all security queries and maintainability and reliability queries
+        queries: +security-and-quality
+
+    - name: Cache local Maven repository
+      uses: actions/cache@v3
+      with:
+        path: ~/.m2/repository
+        key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
+        restore-keys: |
+          ${{ runner.os }}-maven-
+
+    # Only compile main sources, but ignore test sources because findings for them might not
+    # be that relevant (though GitHub security view also allows filtering by source type)
+    # Can replace this with github/codeql-action/autobuild action to run complete build
+    - name: Compile sources
+      run: |
+        mvn compile --batch-mode
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v2

CHANGELOG.md

@@ -1,6 +1,71 @@
 Change Log
 ==========
 
+## Version 2.9.1
+
+* Make `Object` and `JsonElement` deserialization iterative rather than
+  recursive (#1912)
+* Added parsing support for enum that has overridden toString() method (#1950)
+* Removed support for building Gson with Gradle (#2081)
+* Removed obsolete `codegen` hierarchy (#2099)
+* Add support for reflection access filter (#1905)
+* Improve `TypeToken` creation validation (#2072)
+* Add explicit support for `float` in `JsonWriter` (#2130, #2132)
+* Fail when parsing invalid local date (#2134)
+
+Also many small improvements to javadoc.
+
+## Version 2.9.0
+
+**The minimum supported Java version changes from 6 to 7.**
+
+* Change target Java version to 7 (#2043)
+* Put `module-info.class` into Multi-Release JAR folder (#2013)
+* Improve error message when abstract class cannot be constructed (#1814)
+* Support EnumMap deserialization (#2071)
+* Add LazilyParsedNumber default adapter (#2060)
+* Fix JsonReader.hasNext() returning true at end of document (#2061)
+* Remove Gradle build support. Build script was outdated and not actively
+  maintained anymore (#2063)
+* Add `GsonBuilder.disableJdkUnsafe()` (#1904)
+* Add `UPPER_CASE_WITH_UNDERSCORES` in FieldNamingPolicy (#2024)
+* Fix failing to serialize Collection or Map with inaccessible constructor (#1902)
+* Improve TreeTypeAdapter thread-safety (#1976)
+* Fix `Gson.newJsonWriter` ignoring lenient and HTML-safe setting (#1989)
+* Delete unused LinkedHashTreeMap (#1992)
+* Make default adapters stricter; improve exception messages (#2000)
+* Fix `FieldNamingPolicy.upperCaseFirstLetter` uppercasing non-letter (#2004)
+
+## Version 2.8.9
+
+* Make OSGi bundle's dependency on `sun.misc` optional (#1993).
+* Deprecate `Gson.excluder()` exposing internal `Excluder` class (#1986).
+* Prevent Java deserialization of internal classes (#1991).
+* Improve number strategy implementation (#1987).
+* Fix LongSerializationPolicy null handling being inconsistent with Gson (#1990).
+* Support arbitrary Number implementation for Object and Number deserialization (#1290).
+* Bump proguard-maven-plugin from 2.4.0 to 2.5.1 (#1980).
+* Don't exclude static local classes (#1969).
+* Fix `RuntimeTypeAdapterFactory` depending on internal `Streams` class (#1959).
+* Improve Maven build (#1964).
+* Make dependency on `java.sql` optional (#1707).
+
+## Version 2.8.8
+
+* Fixed issue with recursive types (#1390).
+* Better behaviour with Java 9+ and `Unsafe` if there is a security manager (#1712).
+* `EnumTypeAdapter` now works better when ProGuard has obfuscated enum fields (#1495).
+
+## Version 2.8.7
+
+* Fixed `ISO8601UtilsTest` failing on systems with UTC+X.
+* Improved javadoc for `JsonStreamParser`.
+* Updated proguard.cfg (#1693).
+* Fixed `IllegalStateException` in `JsonTreeWriter` (#1592).
+* Added `JsonArray.isEmpty()` (#1640).
+* Added new test cases (#1638).
+* Fixed OSGi metadata generation to work on JavaSE < 9 (#1603).
+
 ## Version 2.8.6
 _2019-10-04_  [GitHub Diff](https://github.com/google/gson/compare/gson-parent-2.8.5...gson-parent-2.8.6)
  * Added static methods `JsonParser.parseString` and `JsonParser.parseReader` and deprecated instance method `JsonParser.parse`

README.md

@@ -5,6 +5,8 @@ Gson can work with arbitrary Java objects including pre-existing objects that yo
 
 There are a few open-source projects that can convert Java objects to JSON. However, most of them require that you place Java annotations in your classes; something that you can not do if you do not have access to the source-code. Most also do not fully support the use of Java Generics. Gson considers both of these as very important design goals.
 
+:information_source: Gson is currently in maintenance mode; existing bugs will be fixed, but large new features will likely not be added. If you want to add a new feature, please first search for existing GitHub issues, or create a new one to discuss the feature and get feedback.
+
 ### Goals
   * Provide simple `toJson()` and `fromJson()` methods to convert Java objects to JSON and vice-versa
   * Allow pre-existing unmodifiable objects to be converted to and from JSON
@@ -17,7 +19,7 @@ There are a few open-source projects that can convert Java objects to JSON. Howe
 Gradle:
 ```gradle
 dependencies {
-  implementation 'com.google.code.gson:gson:2.8.6'
+  implementation 'com.google.code.gson:gson:2.9.1'
 }
 ```
 
@@ -26,21 +28,40 @@ Maven:
 <dependency>
   <groupId>com.google.code.gson</groupId>
   <artifactId>gson</artifactId>
-  <version>2.8.6</version>
+  <version>2.9.1</version>
 </dependency>
 ```
 
 [Gson jar downloads](https://maven-badges.herokuapp.com/maven-central/com.google.code.gson/gson) are available from Maven Central.
 
-[![Build Status](https://travis-ci.org/google/gson.svg?branch=master)](https://travis-ci.org/google/gson)
+![Build Status](https://github.com/google/gson/actions/workflows/build.yml/badge.svg)
+
+### Requirements
+#### Minimum Java version
+- Gson 2.9.0 and newer: Java 7
+- Gson 2.8.9 and older: Java 6
+
+Despite supporting older Java versions, Gson also provides a JPMS module descriptor (module name `com.google.gson`) for users of Java 9 or newer.
+
+#### JPMS dependencies (Java 9+)
+These are the optional Java Platform Module System (JPMS) JDK modules which Gson depends on.
+This only applies when running Java 9 or newer.
+
+- `java.sql` (optional since Gson 2.8.9)  
+When this module is present, Gson provides default adapters for some SQL date and time classes.
+
+- `jdk.unsupported`, respectively class `sun.misc.Unsafe` (optional)  
+When this module is present, Gson can use the `Unsafe` class to create instances of classes without no-args constructor.
+However, care should be taken when relying on this. `Unsafe` is not available in all environments and its usage has some pitfalls,
+see [`GsonBuilder.disableJdkUnsafe()`](https://javadoc.io/doc/com.google.code.gson/gson/latest/com.google.gson/com/google/gson/GsonBuilder.html#disableJdkUnsafe()).
 
 ### Documentation
   * [API Javadoc](https://www.javadoc.io/doc/com.google.code.gson/gson): Documentation for the current release
   * [User guide](https://github.com/google/gson/blob/master/UserGuide.md): This guide contains examples on how to use Gson in your code.
   * [Change log](https://github.com/google/gson/blob/master/CHANGELOG.md): Changes in the recent versions
   * [Design document](https://github.com/google/gson/blob/master/GsonDesignDocument.md): This document discusses issues we faced while designing Gson. It also includes a comparison of Gson with other Java libraries that can be used for Json conversion
 
-Please use the 'gson' tag on StackOverflow or the [google-gson Google group](https://groups.google.com/group/google-gson) to discuss Gson or to post questions.
+Please use the ['gson' tag on StackOverflow](https://stackoverflow.com/questions/tagged/gson) or the [google-gson Google group](https://groups.google.com/group/google-gson) to discuss Gson or to post questions.
 
 ### Related Content Created by Third Parties
   * [Gson Tutorial](https://www.studytrails.com/java/json/java-google-json-introduction/) by `StudyTrails`