WARNING: THIS SITE IS A MIRROR OF GITHUB.COM / IT CANNOT LOGIN OR REGISTER ACCOUNTS / THE CONTENTS ARE PROVIDED AS-IS / THIS SITE ASSUMES NO RESPONSIBILITY FOR ANY DISPLAYED CONTENT OR LINKS / IF YOU FOUND SOMETHING MAY NOT GOOD FOR EVERYONE, CONTACT ADMIN AT ilovescratch@foxmail.com
Skip to content
This repository was archived by the owner on Mar 22, 2021. It is now read-only.

Bump fastjson from 1.2.68 to 1.2.71 #19

Closed
dependabot-preview wants to merge 1 commit into from
Closed

Bump fastjson from 1.2.68 to 1.2.71 #19

dependabot-preview wants to merge 1 commit into from

Conversation

@dependabot-preview
Copy link

@dependabot-preview dependabot-preview bot commented Jun 15, 2020

Bumps fastjson from 1.2.68 to 1.2.71.

Release notes

Sourced from fastjson's releases.

fastjson 1.2.71版本发布,修复对kotlin支持和兼容JDK5

1.2.71在1.2.70的版本上修复对kotlin和JDK 5支持的问题。

Issues

  1. 修复对kotlin支持的bug #3223 #3248
  2. 支持JSONPatch
  3. 修复JSONValidator某些场景getType结果不对的问题
  4. 修复对下划线字段智能匹配的问题
  5. 修复对带对特别字符引用不支持的问题
  6. parseArray方法支持config
  7. 增强对JSONPath的支持
  8. 补充安全黑名单,无新增利用,预防性补充。
  9. 增强BigInteger和BigDecimal的边界检测
  10. JSONType支持配置AutoTypeCheckHandler
  11. 增强对enum类型的定制化序列化反序列化支持 https://github.com/alibaba/fastjson/wiki/enum_custom_serialization

相关链接

fastjson 1.2.70版本发布,提升兼容性

这是一个小的改进版本,主要是在1.2.69上做bug fixed,提升兼容性。

Issue

  1. 修复toJavaObject某些场景结果不对的问题
  2. 增强对kotlin的支持
  3. 增强对protobuf的支持
  4. 修复JSONPath set方法不能自动类型转换的问题
  5. 修复序列化有循环引用key带特殊字符结果不对的问题
  6. 安全加固,增加autoType黑名单

相关链接

fastjson 1.2.69版本发布,修复高危安全漏洞

这是一个关键的安全修复版本,修复新发现高危autotype开关绕过安全漏洞,请大家尽快升级到1.2.69或者更新版本。

Issues

  1. 安全修复,修复新发现高危autotype开关绕过安全漏洞
  2. 安全修复,补全autoType黑名单
  3. 修复JSONValidator不当抛出异常的问题
  4. 增强对geojson的支持
  5. 修复对java.sql.Timestamp带nano场景序列化结果不对的问题
  6. WriteClassName新增对LinkedHashSet的支持
  7. 修复当时间为1970-01-01 08:00:00 时,TypeUtils.castToTimestamp 转换异常的问题
... (truncated)
Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
  • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

  • Update frequency (including time of day and day of week)
  • Pull request limits (per update run and/or open at any time)
  • Out-of-range updates (receive only lockfile updates, if desired)
  • Security updates (receive only security updates, if desired)

@dependabot-preview
Bump fastjson from 1.2.68 to 1.2.71
58c34a6 
Bumps [fastjson](https://github.com/alibaba/fastjson) from 1.2.68 to 1.2.71.
- [Release notes](https://github.com/alibaba/fastjson/releases)
- [Commits](alibaba/fastjson@1.2.68...1.2.71)

Signed-off-by: dependabot-preview[bot] <[email protected]>
@dependabot-preview dependabot-preview bot added the dependencies Pull requests that update a dependency file label Jun 15, 2020
@dependabot-preview dependabot-preview bot mentioned this pull request Jun 15, 2020
Closed
@dependabot-preview
Copy link
Author

dependabot-preview bot commented Jun 29, 2020

Superseded by #21.

@dependabot-preview dependabot-preview bot deleted the dependabot/maven/com.alibaba-fastjson-1.2.71 branch June 29, 2020 08:43
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant