greg6775/Hadder
1
0
Fork 0
Code Issues 9 Pull requests 5 Projects Releases 54 Packages Wiki Activity Actions

Bump json from 20220924 to 20230227 #744

Open
dependabot[bot] wants to merge 1 commit from dependabot/maven/greg-dev/org.json-json-20230227 into greg-dev
pull from: dependabot/maven/greg-dev/org.json-json-20230227
merge into: greg6775:greg-dev
Conversation 0 Commits 1 Files changed 1 +1 -1
dependabot[bot] commented 2023-03-01 14:56:43 +01:00 (Migrated from github.com)
Copy link

Bumps json from 20220924 to 20230227.

Release notes

Sourced from json's releases.

20230227

Pull Request Description
#723 Protect JSONML from stack overflow exceptions caused by recursion
#720 Limit the XML nesting depth for CVE-2022-45688
#711 Revert pull 707 - interviewbit spam
#704 Move javadoc comments above the interface definition to make it visible
#703 Update Releases.md for JSONObject(Map): Throws NPE if key is null
#696 Update JSONPointerTest for NonDex compatibility
#694 Pretty print XML
#692 Example.md syntax highlight and indentation
#691 Create unit tests for various number formats
Changelog

Sourced from json's changelog.

20230227 Fix for CVE-2022-45688 and recent commits

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps [json](https://github.com/douglascrockford/JSON-java) from 20220924 to 20230227. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/douglascrockford/JSON-java/releases">json's releases</a>.</em></p> <blockquote> <h2>20230227</h2> <table> <thead> <tr> <th>Pull Request</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github-redirect.dependabot.com/douglascrockford/JSON-java/issues/723">#723</a></td> <td>Protect JSONML from stack overflow exceptions caused by recursion</td> </tr> <tr> <td><a href="https://github-redirect.dependabot.com/douglascrockford/JSON-java/issues/720">#720</a></td> <td>Limit the XML nesting depth for CVE-2022-45688</td> </tr> <tr> <td><a href="https://github-redirect.dependabot.com/douglascrockford/JSON-java/issues/711">#711</a></td> <td>Revert pull 707 - interviewbit spam</td> </tr> <tr> <td><a href="https://github-redirect.dependabot.com/douglascrockford/JSON-java/issues/704">#704</a></td> <td>Move javadoc comments above the interface definition to make it visible</td> </tr> <tr> <td><a href="https://github-redirect.dependabot.com/douglascrockford/JSON-java/issues/703">#703</a></td> <td>Update Releases.md for JSONObject(Map): Throws NPE if key is null</td> </tr> <tr> <td><a href="https://github-redirect.dependabot.com/douglascrockford/JSON-java/issues/696">#696</a></td> <td>Update JSONPointerTest for NonDex compatibility</td> </tr> <tr> <td><a href="https://github-redirect.dependabot.com/douglascrockford/JSON-java/issues/694">#694</a></td> <td>Pretty print XML</td> </tr> <tr> <td><a href="https://github-redirect.dependabot.com/douglascrockford/JSON-java/issues/692">#692</a></td> <td>Example.md syntax highlight and indentation</td> </tr> <tr> <td><a href="https://github-redirect.dependabot.com/douglascrockford/JSON-java/issues/691">#691</a></td> <td>Create unit tests for various number formats</td> </tr> </tbody> </table> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/stleary/JSON-java/blob/master/docs/RELEASES.md">json's changelog</a>.</em></p> <blockquote> <p>20230227 Fix for CVE-2022-45688 and recent commits</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/douglascrockford/JSON-java/commits">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.json:json&package-manager=maven&previous-version=20220924&new-version=20230227)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
greg6775 (Migrated from github.com) reviewed 2023-03-01 14:56:43 +01:00
Schlauer-Hax (Migrated from github.com) reviewed 2023-03-01 14:56:43 +01:00
This pull request can be merged automatically.
You are not authorized to merge this pull request.
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin dependabot/maven/greg-dev/org.json-json-20230227:dependabot/maven/greg-dev/org.json-json-20230227
git checkout dependabot/maven/greg-dev/org.json-json-20230227

Merge

Merge the changes and update on Forgejo.

Warning: The "Autodetect manual merge" setting is not enabled for this repository, you will have to mark this pull request as manually merged afterwards.

git checkout greg-dev
git merge --no-ff dependabot/maven/greg-dev/org.json-json-20230227
git checkout dependabot/maven/greg-dev/org.json-json-20230227
git rebase greg-dev
git checkout greg-dev
git merge --ff-only dependabot/maven/greg-dev/org.json-json-20230227
git checkout dependabot/maven/greg-dev/org.json-json-20230227
git rebase greg-dev
git checkout greg-dev
git merge --no-ff dependabot/maven/greg-dev/org.json-json-20230227
git checkout greg-dev
git merge --squash dependabot/maven/greg-dev/org.json-json-20230227
git checkout greg-dev
git merge --ff-only dependabot/maven/greg-dev/org.json-json-20230227
git checkout greg-dev
git merge dependabot/maven/greg-dev/org.json-json-20230227
git push origin greg-dev
Sign in to join this conversation.
Reviewers
No reviewers
greg6775
Schlauer-Hax
Labels
Clear labels   
bug

   
dependencies

Pull requests that update a dependency file

  
duplicate

   
enhancement

   
feedback

   
help wanted

   
pending-deploy

   
planned

   
question

   
wontfix
No labels
bug
dependencies
duplicate
enhancement
feedback
help wanted
pending-deploy
planned
question
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: greg6775/Hadder#744
No description provided.
Delete branch "dependabot/maven/greg-dev/org.json-json-20230227"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?