* Adjust version numbers and a test to conform to the SemVer spec.
Gson releases since 2.8.0 have been following this spec. We mistakenly released 2.10
without the .0 patch version, and adjusted `GsonVersionDiagnosticsTest` so it would
accept that, as well as the two-digit `10`. Here we make the test no longer accept
versions without a patch number, while still accepting two-digit minor versions of course.
We also change the snapshot version to 2.11.0-SNAPSHOT instead of 2.11-SNAPSHOT.
* Add 2.10 changes to CHANGELOG; minor release follow-ups
* Use GitHub URLs in CHANGELOG
GitHub automatically displays them only as short reference with link and
additionally shows a preview when hovering over them.
* Add `id` to pom.xml developer entry
Otherwise BND plugin shows a warning.
* Run unit tests during release preparation
* Move git option before pathspec
* Automatically replace version references on `release:prepare`
* Specify encoding and improve placeholder replacements
* Add `since $next-version$` for `JsonArray.asList` and `JsonObject.asMap`
* Adjust Record adapter and extend test coverage
* Address review feedback
* Make constructor string more concise
* Add tests for Gson default behavior for static fields
* Improve exception for deserializing static final field
Previously it would report "Unexpected IllegalAccessException occurred..."
due to the uncaught IllegalAccessException.
* Improve handling of exception thrown by accessor
Such an exception is not 'unexpected' (which was claimed by the previous
exception handling) because user code could throw it.
* Improve constructor invocation exception handling and add tests
* Small adjustments to the new record code.
* Replace wildcard imports with single imports.
* Enable `Java17RecordTest` and fix its many previously-hidden problems.
* Use a `Map` to get primitive zero values rather than a potentially-expensive reflective trick.
* Apply some automated code fixes.
* Address review comments.
* Support Java Records when present in JVM.
Fixesgoogle/gson#1794
Added support in the ReflectionHelper to detect if a class is a record
on the JVM (via reflection), and if so, we will create a special
RecordAdapter to deserialize records, using the canoncial constructor.
The ReflectionTypeAdapterFactory had to be refactored a bit to support
this. The Adapter class inside the factory is now abstract, with
concrete implementations for normal field reflection and for Records.
The common code is in the Adapter, with each implementation
deserializing values into an intermediary object.
For the FieldReflectionAdapter, the intermediary is actually the final
result, and field access is used to write to fields as before. For the
RecordAdapter the intermediary is the Object[] to pass to the Record
constructor.
* Fixed comments from @Marcono1234
Also updated so that we now use the record accessor method to read out
values from a record, so that direct field access is not necessary.
Also added some tests, that should only execute on Java versions with
record support, and be ignored for other JVMs
* Fixed additional comments from @Marcono1234
* Made Adapter in ReflectiveTypeAdapterFactory public
Fix comment from @eamonnmcmanus
* Fix TypeAdapterRuntimeTypeWrapper not detecting reflective TreeTypeAdapter
Previously on serialization TypeAdapterRuntimeTypeWrapper preferred a
TreeTypeAdapter without `serializer` which falls back to the reflective
adapter. This behavior was incorrect because it caused the reflective
adapter for a Base class to be used for serialization (indirectly as
TreeTypeAdapter delegate) instead of using the reflective adapter for
a Subclass extending Base.
* Address review feedback
* Convert TypeAdapterRuntimeTypeWrapperTest to JUnit 4 test
* Prefer wrapped reflective adapter for serialization of subclass
* Detect reflective adapter used as delegate for Gson.FutureTypeAdapter
* Tiny style tweak.
Co-authored-by: Éamonn McManus <emcmanus@google.com>
* Fix JsonReader.skipValue() not behaving properly at end of document
JsonReader implementation erroneously reset `peeked` to PEEKED_NONE;
JsonTreeReader threw ArrayIndexOutOfBoundsException.
* Fix JsonReader.skipValue() not behaving properly at end of array and object
For JsonReader this caused an IllegalStateException (in the past it caused
JsonReader to get stuck in an infinite loop); for JsonTreeReader it only
popped the empty iterator but not the JsonArray or JsonObject, which caused
peek() to again report END_ARRAY or END_OBJECT.
* Only have JsonReader.skipValue() overwrite path name when name was skipped
This improves the JSON path when the value for a property was skipped and
before the subsequent property (or the end of the object) getPath() is called.
* Address feedback; improve test coverage
Co-authored-by: Éamonn McManus <emcmanus@google.com>
* Perform numeric conversion for primitive numeric type adapters
This should probably not be visible to the user unless they use the
non-typesafe `Gson.toJson(Object, Type)` where unrelated number types can
be used, or when malformed generic containers are used. For example a
`List<Byte>` containing a Float.
This change also has the advantage of avoiding `JsonWriter.value(Number)`
for primitive type adapters. That method has some overhead because it needs
to make sure that the value is a valid JSON number. However, for primitive
numbers this check is redundant.
* Don't call `JsonWriter.value(float)` for backward compatibility
* Fix typo in comments
* Add a currently-failing test for Java records and `@Ignore` it.
Also do the Maven gymastics required to ensure that this test only runs on Java
versions ≥17. (It would also work on Java 16, but 17 is all we have in the CI.)
Fix some compilation problems I saw when running locally, which for some reason
don't show up in the CI.
* Suppress some new lint options that trigger `-Werror`.
We may fix these later. (Every test will need an explicit constructor!)
* Select Java version with maven.compiler.release and maven.compiler.testRelease.
Use `assumeNotNull` rather than an if-statement.
* Specify <release>11</release> for javadoc.
* Restore the @see for AccessibleObject.
* Build on JDK 8 and 17 as well as 11.
* Remove JDK 8 for now.
`DefaultDateTypeAdapterTest` fails.
* Tweak javadoc to avoid warnings.
Mostly these are about using `<h3>` when the previous tag was `<h1>`,
and the like. This previous tag might be implicit (part of what javadoc
itself outputs rather than the HTML in doc comments).
Apparently JDK 11 puts method javadoc inside `<h2>` while JDK 11 puts it
inside `<h3>`. Or something like that. Anyway it doesn't appear to be
possible to use `<h3>` _or_ `<h4>` and please both.
* Add Gson.fromJson(..., TypeToken) overloads
Previously only Gson.fromJson(..., Type) existed which is however not
type-safe since the generic type parameter T used for the return type is
not bound.
Since these methods are often used in the form
gson.fromJson(..., new TypeToken<...>(){}.getType())
this commit now adds overloads which accept a TypeToken and are therefore
more type-safe.
Additional changes:
- Fixed some grammar mistakes
- Added javadoc @see tags
- Consistently write "JSON" in uppercase
- More precise placement of @SuppressWarnings("unchecked")
* Add to Gson.fromJson javadoc that JSON is fully consumed
The newly added documentation deliberately does not state which exception
is thrown because Gson.assertFullConsumption could throw either a
JsonIOException or a JsonSyntaxException.
* Remove unnecessary wrapping and unwrapping as TypeToken in Gson.fromJson
Since the actual implementation of Gson.fromJson is TypeToken based, the
TypeToken variant overloads are now the "main" implementation and the other
overloads delegate to them.
Previously the Type variant overloads were the "main" implementation which
caused `TypeToken.getType()` followed by `TypeToken.get(...)` when the
TypeToken variant overloads were used.
* Trim source code whitespaces
* Fix Gson.fromJson(JsonReader, Class) not casting read Object
To be consistent with the other Gson.fromJson(..., Class) overloads the
method should cast the result.
* Replace User Guide link in Gson documentation
* Remove more references to fromJson(..., Type)
* Extend documentation for fromJson(JsonReader, ...)
* Replace some TypeToken.getType() usages
* Address feedback; improve documentation
* Remove fromJson(JsonReader, Class) again
As noticed during review adding this method is source incompatible.
The oss-parent configuration has been applied manually to the root pom.xml,
except that now newer plugin versions are used for source and javadoc JAR
creation, and for GPG signing.
This required some reordering of the plugins for the gson module to make
sure they are executed in the correct order. Otherwise this would cause
failures for javadoc:jar.
* Verify that JsonTreeReader and JsonTreeWriter override all methods
If those classes do not override one of the JsonReader or JsonWriter methods
the user might encounter an AssertionError.
* Address review feedback
Previously when a GsonBuilder had created a Gson instance and was afterwards
reused and different type adapters were added, new GsonBuilder instances
obtained from the previous Gson instance through Gson.newBuilder() would have
been affected by the GsonBuilder changes.
This commit fixes this and additionally adds some more unit tests.
* Fix JsonReader / JsonWriter documentation regarding top-level value
RFC 7159 allows any top-level value (not only arrays or objects) [0],
however when #773 added this functionality it appears the author forgot
to update the documentation of these classes.
[0] https://tools.ietf.org/html/rfc7159#appendix-A
> Changed the definition of "JSON text" so that it can be any JSON
> value, removing the constraint that it be an object or array.
* Fix missing space
* Improve InternationalizationTest
- Remove "raw" tests since after compiling they are the same as the one with
escape sequences
- Add tests for supplementary code points (> \uFFFF)
* Improve variable names, fix incorrect escape sequences
* Convert null to JsonNull for `JsonArray.set`
All other methods perform the same implicit conversion.
* Mention null handling in JsonObject documentation
The JsonSerializer/Deserializer adapters used to ignore this attribute
which result in inconsistent behaviour for annotated adapters.
Fixes#1553
Signed-off-by: Dmitry Bufistov <dmitry@midokura.com>
Co-authored-by: Dmitry Bufistov <dmitry@midokura.com>
* Gson.toJson creates CharSequence which does not implement toString
* Improve Streams.AppendableWriter.CurrentWrite test
* Make setChars package-private
* Improve AppendableWriter performance
Override methods which by default create char arrays or convert
CharSequences to Strings.
This is not necessary for AppendableWriter because it can directly
append these values to the Appendable delegate.
* Add test for Streams.writerForAppendable
* Make Object and JsonElement deserialization iterative
Often when Object and JsonElement are deserialized the format of the JSON
data is unknown and it might come from an untrusted source. To avoid a
StackOverflowError from maliciously crafted JSON, deserialize Object and
JsonElement iteratively instead of recursively.
Concept based on 51fd2faab7
But implementation is not based on it.
* Improve imports grouping
* Address review feedback
Follow-up to comments on #2130, which introduced a new override which was not overridden by `JsonTreeWriter`. Also tweaks the doccomments for `float`, `double` and `Number` variants of `JsonWriter.value`.
Supplement to the fix for #1127.
* Add comments regarding multiple bounds of wildcard
* Remove WildcardType check in getCollectionElementType
The returned Type is never a wildcard due to the changes made to getSupertype
by commit b1fb9ca9a1.
* Remove redundant getRawType call from MapTypeAdapterFactory
getRawType(TypeToken.getType()) is the same as calling TypeToken.getRawType().
* Make TypeToken members private
* Remove incorrect statement about TypeToken wildcards
It is possible to use wildcards as part of the type argument, e.g.:
`new TypeToken<List<? extends CharSequence>>() {}`
* Only allow direct subclasses of TypeToken
Previously subclasses of subclasses (...) of TypeToken were allowed which
can behave incorrectly when retrieving the type argument, e.g.:
class SubTypeToken<T> extends TypeToken<Integer> {}
new SubTypeToken<String>() {}.getType()
This returned `String` despite the class extending TypeToken<Integer>.
* Throw exception when TypeToken captures type variable
Due to type erasure the runtime type argument for a type variable is not
available. Therefore there is no point in capturing a type variable and it
might even give a false sense of type-safety.
* Make $Gson$Types members private
* Rename $Gson$Types.getGenericSupertype parameter
Rename the method parameter to match the documentation of the method and
to be similar to getSupertype(...).
* Improve tests and handle raw TypeToken supertype better
* Make some $Gson$Types members package-private again to prevent synthetic accessors
* Remove TypeToken check for type variable
As mentioned in review comments, there are cases during serialization where
usage of the type variable is not so problematic (but still not ideal).
* Add support for reflection access filter
* Improve documentation
* Fix compilation errors
* Relax handling for BLOCK_ALL when invoking default constructor
* Improve handling for inherited fields
* Fix accessible test failing for static fields
* Simplify ReflectiveTypeAdapterFactory field writing
* Fix GsonBuilder changes affecting created Gson instances
* Improve documentation
* Improve handling for IllegalAccessException
For Java < 9, AccessibleObject.canAccess is not available and therefore checks
might pass even if object is not accessible, causing IllegalAccessException
later.
* Fix incorrect GsonBuilder.addReflectionAccessFilter documentation
* Added parsing support for enum that has overridden toString() method.
* Fix a tiny formatting problem
* Fixed formatting issue
Co-authored-by: Éamonn McManus <emcmanus@google.com>
* Add CodeQL GitHub code scanning workflow
* Only compile main sources for code scanning
* Move test .proto files to test sources
`annotations.proto` also seems to be only relevant for tests because the test
explicitly registers them as extensions. By default the Proto adapter does not
consider them.
* Address some code scanning findings
* Fix some more findings
* Fix consecutive Maven builds failing without performing `clean`
By default moditect-maven-plugin refuses to overwrite the JAR file it
generated in a previous run.
* Make GitHub Maven build workflow detect Javadoc issues
* Put module-info.class into Multi-Release JAR folder
Uses ModiTect to place module-info.class under Multi-Release JAR folder
`META-INF/versions/9`.
* Adjust pom.xml to drop support for Java 6
* Change doclint setting
All Javadoc errors have been solved previously; doclint can now be enabled
without causing build failures.
* Improve README Java requirements
Explicitly specifying dependencies only seems to be necessary when using
`<proguardVersion>` config element to override version (and even that might
not be necessary; only adding explicit dependencies might suffice). However,
when omitting it, plugin uses a recent ProGuard version on its own.
* Remove UnsafeReflectionAccessor
Revert #1218
Usage of sun.misc.Unsafe to change internal AccessibleObject.override field
to suppress JPMS warnings goes against the intentions of the JPMS and does not
work anymore in newer versions, see #1540.
Therefore remove it and instead create a descriptive exception when making a
member accessible fails. If necessary users can also still use `java` command
line flags to open external modules.
* Fix failing to serialize Collection or Map with inaccessible constructor
Also remove tests which rely on Java implementation details.
* Don't keep reference to access exception of ConstructorConstructor
This also avoids a confusing stack trace, since the previously caught
exception might have had a complete unrelated stack trace.
* Remove Maven toolchain requirement
* Address review feedback
* Add back test for Security Manager
* Improve TreeTypeAdapter thread-safety
Gson claims to be thread-safe so TreeTypeAdapter.delegate() might be
called by multiple threads. To guarantee that each thread sees a fully
constructed `delegate`, the field has to be `volatile`.
* Improve TreeTypeAdapter thread race comment
* Improve Gson newJsonWriter and newJsonReader documentation
* Consider lenient and HTML-safe setting for Gson.newJsonWriter
* Remove empty line between imports
There are situations where the stack of JsonTreeReader contains a JsonArray
or JsonObject without a subsequent Iterator, for example after calling peek()
or nextName().
When JsonTreeReader.getPath() is called afterwards it therefore must not
assume that a JsonArray or JsonObject is always followed by an Iterator.
The only reason why this never caused an ArrayIndexOutOfBoundsException in
the past is because the stack has an even default size (32) so it would just
have read the next `null`.
However, if the stack had for example the default size 31, a user created a
JsonTreeReader for 16 JSON arrays nested inside each other, then called 15
times beginArray(), followed by peek() and getPath() the exception would
occur.
* #1981: Avoid OSGi bundle's dependency on sun.misc package
* Specify optional dependency on sun.misc.Unsafe
* Adjusting the test to sun.misc import being optional
* Using Collections.list and for loop
* Let the fail message include name of package
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
* Closing the input stream
* Dedicated assertSubstring method
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
Adversaries might be able to forge data which can be abused for DoS attacks.
These classes are already writing a replacement JDK object during serialization
for a long time, so this change should not cause any issues.
Gson does not actually use the specified LongSerializationPolicy but instead
uses type adapters which emulate the behavior. However, previously Gson's
implementation did not match LongSerializationPolicy regarding null handling.
Because it is rather unlikely that LongSerializationPolicy has been used on
its own, this commit adjusts its implementation to match Gson's behavior
(instead of the other way around).
* Object and Number type adapters number deserialization can be configured
* Change wording of ToNumberStrategy documentation
* Use inline links in doc sparingly
If the element has already been linked before, don't create a link for
every subsequent occurrence.
See also (slightly dated)
https://www.oracle.com/technical-resources/articles/java/javadoc-tool.html#inlinelinks
* Link to default to-number policies in ToNumberStrategy doc
* Reduce code duplication for deserializing Number
* Hide default factory constants of NumberTypeAdapter and ObjectTypeAdapter
This encapsulates the logic a little bit better.
Additionally refactored factory created by NumberTypeAdapter to only create
TypeAdapter once and then have factory reuse that adapter for better
performance.
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
