Skip to content
This repository was archived by the owner on Mar 22, 2021. It is now read-only.

Bump fastjson from 1.2.68 to 1.2.70 #18

Closed
dependabot-preview wants to merge 1 commit into from
Closed

Bump fastjson from 1.2.68 to 1.2.70 #18

dependabot-preview wants to merge 1 commit into from

Conversation

@dependabot-preview
Copy link

@dependabot-preview dependabot-preview bot commented Jun 5, 2020

Bumps fastjson from 1.2.68 to 1.2.70.

Release notes

Sourced from fastjson's releases.

fastjson 1.2.70版本发布,提升兼容性

这是一个小的改进版本,主要是在1.2.69上做bug fixed,提升兼容性。

Issue

  1. 修复toJavaObject某些场景结果不对的问题
  2. 增强对kotlin的支持
  3. 增强对protobuf的支持
  4. 修复JSONPath set方法不能自动类型转换的问题
  5. 修复序列化有循环引用key带特殊字符结果不对的问题
  6. 安全加固,增加autoType黑名单

相关链接

fastjson 1.2.69版本发布,修复高危安全漏洞

这是一个关键的安全修复版本,修复新发现高危autotype开关绕过安全漏洞,请大家尽快升级到1.2.69或者更新版本。

Issues

  1. 安全修复,修复新发现高危autotype开关绕过安全漏洞
  2. 安全修复,补全autoType黑名单
  3. 修复JSONValidator不当抛出异常的问题
  4. 增强对geojson的支持
  5. 修复对java.sql.Timestamp带nano场景序列化结果不对的问题
  6. WriteClassName新增对LinkedHashSet的支持
  7. 修复当时间为1970-01-01 08:00:00 时,TypeUtils.castToTimestamp 转换异常的问题
  8. 修复当@type为白名单是抛空指针的问题 #3109
  9. 修复EasyMock场景报NPE的问题 #3119
  10. 修复某些场景下反序列化enum报错的问题 #2065
  11. 修复JSONPath keySet不能之别Number/Date/UUID类型的问题
  12. JSONPath支持中文key
  13. 修复Feature.InitStringFieldAsEmpty启用时,某些场景结果不对的问题 #3050 #2387
  14. 支持中文package的类名序列化和反序列化
  15. 增强对kotlin的支持
  16. 优化序列化性能,在boolean和长字符串场景减少内存碎片

相关链接

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Note: This repo was added to Dependabot recently, so you'll receive a maximum of 5 PRs for your first few update runs. Once an update run creates fewer than 5 PRs we'll remove that limit.

You can always request more updates by clicking Bump now in your Dependabot dashboard.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
  • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

  • Update frequency (including time of day and day of week)
  • Pull request limits (per update run and/or open at any time)
  • Out-of-range updates (receive only lockfile updates, if desired)
  • Security updates (receive only security updates, if desired)

@dependabot-preview
Bump fastjson from 1.2.68 to 1.2.70
032c5f4 
Bumps [fastjson](https://github.com/alibaba/fastjson) from 1.2.68 to 1.2.70.
- [Release notes](https://github.com/alibaba/fastjson/releases)
- [Commits](alibaba/fastjson@1.2.68...1.2.70)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
@dependabot-preview dependabot-preview bot added the dependencies Pull requests that update a dependency file label Jun 5, 2020
@dependabot-preview
Copy link
Author

dependabot-preview bot commented Jun 15, 2020

Superseded by #19.

@dependabot-preview dependabot-preview bot deleted the dependabot/maven/com.alibaba-fastjson-1.2.70 branch June 15, 2020 09:03
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant