Bump the java-production-dependencies group with 5 updates

[dependabot]

Bumps the java-production-dependencies group with 5 updates:

Package	From	To
org.cryptomator:siv-mode	1.4.4	1.5.0
com.google.code.gson:gson	2.8.9	2.10.1
com.google.guava:guava	32.0.0-jre	33.0.0-jre
org.slf4j:slf4j-api	1.7.35	2.0.11
org.slf4j:slf4j-simple	1.7.35	2.0.11

Updates org.cryptomator:siv-mode from 1.4.4 to 1.5.0

Release notes

Sourced from org.cryptomator:siv-mode's releases.

1.5.0

Maven Coordinates

  <dependency>
    <groupId>org.cryptomator</groupId>
    <artifactId>siv-mode</artifactId>
    <version>1.5.0</version>
  </dependency>

Artifact Checksums

dd4298094ef9ce7d658edf9b5416e28ca9c30a961c4ea67a756f9951180e870d  target/original-siv-mode-1.5.0.jar
7f5a4740c2575c5d5ff86bf818c3f1d68411ff6035b6549176a381e0eacb2c6b  target/siv-mode-1.5.0-javadoc.jar
16694b858fb988f6827b8ffc0f15d75bb713f17ec81c61bf8ad23636a6f3cbb5  target/siv-mode-1.5.0-sources.jar
08334a3047a61908c68b049877b0ace081367a2a84dee1a346e4c6c5de620b32  target/siv-mode-1.5.0.jar

See README.md section regarding reproducing this build.

What's Changed

What's New 🎉

• Added org.jetbrains.annotations (compile-time)
• #19 Make build reproducible

Other Changes 📎

• Bump build & test dependencies

Full Changelog: cryptomator/siv-mode@1.4.4...1.5.0

Commits

• 7a1fe68 Merge branch 'release/1.5.0'
• 1acf5ff prepare version 1.5.0
• 773590b Merge pull request #19 from cryptomator/feature/reproducible-builds
• 715d6a9 attempt to fix multiline string output
• b99619e include sha256 sums of artifacts in release notes
• a45630e use a fixed locale for javadoc generation
• 98fc890 fix javadoc warning
• 41dc1d1 set outputTimestamp within valid range
• 6e6673d Merge branch 'develop' into feature/reproducible-builds
• 6f6fdd5 remove codacy coverage report
• Additional commits viewable in compare view

Updates com.google.code.gson:gson from 2.8.9 to 2.10.1

Release notes

Sourced from com.google.code.gson:gson's releases.

Gson 2.10.1

This is technically a minor release rather than a patch release because there is one small API change: a new JsonObject.isEmpty() method.

What's Changed: User-Visible Changes

• Added JsonObject method isEmpty() by @​dhoard in google/gson#2233
• Fix non-threadsafe creation of adapter for type with cyclic dependency by @​Marcono1234 in google/gson#1832
• Remove EOFException special casing of JsonStreamParser.next() by @​Marcono1234 in google/gson#2281
• Improve exception message for duplicate field names by @​Marcono1234 in google/gson#2251
• Fix the javadoc of JsonDeserializer.deserialize() by @​MaicolAntali in google/gson#2243
• Bump os-maven-plugin from 1.7.0 to 1.7.1 by @​dependabot in google/gson#2235
• Bump jackson-databind from 2.13.4.2 to 2.14.0 by @​dependabot in google/gson#2234
• Bump maven-release-plugin from 3.0.0-M6 to 3.0.0-M7 by @​dependabot in google/gson#2232
• Bump japicmp-maven-plugin from 0.16.0 to 0.17.1 by @​dependabot in google/gson#2238
• Bump jackson-databind from 2.14.0 to 2.14.1 by @​dependabot in google/gson#2241
• Bump bnd-maven-plugin from 6.3.1 to 6.4.0 by @​dependabot in google/gson#2245

Site Documentation and Maintenance Changes (these were already visible)

• Add troubleshooting guide by @​Marcono1234 in google/gson#2285
• Replace custom user guide header anchors by @​Marcono1234 in google/gson#2289
• Improve variable names in user guide by @​Marcono1234 in google/gson#2290
• Add 2.10 changes to CHANGELOG; minor release follow-ups by @​Marcono1234 in google/gson#2229
• Mention in CHANGELOG that GitHub Releases are used in the future by @​Marcono1234 in google/gson#2230
• GitHub Workflows security hardening by @​sashashura in google/gson#2274

Other Changes

• Making consistent prefixs in PerformanceTest by @​CirQ in google/gson#1760
• Adjust version numbers and a test to conform to the SemVer spec. by @​eamonnmcmanus in google/gson#2237
• Remove covered condition in JsonNull.equals() by @​MaicolAntali in google/gson#2271
• Remove the final keyword from private method by @​MaicolAntali in google/gson#2276
• Code cleanup by @​MaicolAntali in google/gson#2282
• Unnecessary unboxing at JsonPrimitive.getAsBoolean() by @​MaicolAntali in google/gson#2277
• Rewrite the testParsingDatesFormattedWithSystemLocale(), Fix #2199 by @​MaicolAntali in google/gson#2287
• Port tests from JUnit 3 to JUnit 4 by @​MaicolAntali in google/gson#2294

New Contributors (thanks!)

• @​CirQ made their first contribution in google/gson#1760
• @​dhoard made their first contribution in google/gson#2233
• @​MaicolAntali made their first contribution in google/gson#2243
• @​sashashura made their first contribution in google/gson#2274

Full Changelog: google/gson@gson-parent-2.10...gson-parent-2.10.1

Gson 2.10

Most important changes

• Support for serializing and deserializing Java records, on Java ≥ 16. (#2201)

• Add JsonArray.asList and JsonObject.asMap view methods (#2225)

• Fix TypeAdapterRuntimeTypeWrapper not detecting reflective TreeTypeAdapter and FutureTypeAdapter (#1787)

... (truncated)

Changelog

Sourced from com.google.code.gson:gson's changelog.

Change Log

The change log for versions newer than 2.10 is available only on the GitHub Releases page.

Version 2.10

• Support for serializing and deserializing Java records, on Java ≥ 16. (google/gson#2201)
• Add JsonArray.asList and JsonObject.asMap view methods (google/gson#2225)
• Fix TypeAdapterRuntimeTypeWrapper not detecting reflective TreeTypeAdapter and FutureTypeAdapter (google/gson#1787)
• Improve JsonReader.skipValue() (google/gson#2062)
• Perform numeric conversion for primitive numeric type adapters (google/gson#2158)
• Add Gson.fromJson(..., TypeToken) overloads (google/gson#1700)
• Fix changes to GsonBuilder affecting existing Gson instances (google/gson#1815)
• Make JsonElement conversion methods more consistent and fix javadoc (google/gson#2178)
• Throw UnsupportedOperationException when JsonWriter.jsonValue is not supported (google/gson#1651)
• Disallow JsonObject Entry.setValue(null) (google/gson#2167)
• Fix TypeAdapter.toJson throwing AssertionError for custom IOException (google/gson#2172)
• Convert null to JsonNull for JsonArray.set (google/gson#2170)
• Fixed nullSafe usage. (google/gson#1555)
• Validate TypeToken.getParameterized arguments (google/gson#2166)
• Fix #1702: Gson.toJson creates CharSequence which does not implement toString (google/gson#1703)
• Prefer existing adapter for concurrent Gson.getAdapter calls (google/gson#2153)
• Improve ArrayTypeAdapter for Object[] (google/gson#1716)
• Improve AppendableWriter performance (google/gson#1706)

Version 2.9.1

• Make Object and JsonElement deserialization iterative rather than recursive (google/gson#1912)
• Added parsing support for enum that has overridden toString() method (google/gson#1950)
• Removed support for building Gson with Gradle (google/gson#2081)
• Removed obsolete codegen hierarchy (google/gson#2099)
• Add support for reflection access filter (google/gson#1905)
• Improve TypeToken creation validation (google/gson#2072)
• Add explicit support for float in JsonWriter (google/gson#2130, google/gson#2132)
• Fail when parsing invalid local date (google/gson#2134)

Also many small improvements to javadoc.

Version 2.9.0

The minimum supported Java version changes from 6 to 7.

• Change target Java version to 7 (google/gson#2043)
• Put module-info.class into Multi-Release JAR folder (google/gson#2013)
• Improve error message when abstract class cannot be constructed (google/gson#1814)
• Support EnumMap deserialization (google/gson#2071)
• Add LazilyParsedNumber default adapter (google/gson#2060)
• Fix JsonReader.hasNext() returning true at end of document (google/gson#2061)

... (truncated)

Commits

• 2ce6a61 [maven-release-plugin] prepare release gson-parent-2.10.1
• 1a2170b Port tests from JUnit 3 to JUnit 4 (#2294)
• 4aaf138 Improve variable names in user guide (#2290)
• a19d53f Replace custom user guide header anchors (#2289)
• 6c12ded Rewrite the testParsingDatesFormattedWithSystemLocale(), Fix #2199 (#2287)
• f2f53fb Add troubleshooting guide (#2285)
• f63a1b8 Remove EOFException special casing of JsonStreamParser.next() (#2281)
• 6c3cf22 Unnecessary unboxing at JsonPrimitive.getAsBoolean() (#2277)
• 0a42c31 Code cleanup (#2282)
• 28affcb Remove the final keyword from private method (#2276)
• Additional commits viewable in compare view

Updates com.google.guava:guava from 32.0.0-jre to 33.0.0-jre

Release notes

Sourced from com.google.guava:guava's releases.

33.0.0

Maven

<dependency>
  <groupId>com.google.guava</groupId>
  <artifactId>guava</artifactId>
  <version>33.0.0-jre</version>
  <!-- or, for Android: -->
  <version>33.0.0-android</version>
</dependency>

Jar files

• 33.0.0-jre.jar
• 33.0.0-android.jar

Guava requires one runtime dependency, which you can download here:

• failureaccess-1.0.1.jar

Javadoc

• 33.0.0-jre
• 33.0.0-android

JDiff

• 33.0.0-jre vs. 32.1.3-jre
• 33.0.0-android vs. 32.1.3-android
• 33.0.0-android vs. 33.0.0-jre

Changelog

• This version of guava-android contains some package-private methods whose signature includes the Java 8 Collector API. This is a test to identify any problems before we expose those methods publicly to users. Please report any problems that you encounter. (73dbf7ef26)
• Changed various classes to catch Exception instead of RuntimeException even when only RuntimeException is theoretically possible. This can help code that throws undeclared exceptions, as some bytecode rewriters (e.g., Robolectric) and languages (e.g., Kotlin) do. (c294c23760, 747924e, b2baf48)
• Added an Automatic-Module-Name to failureaccess, Guava's one strong runtime dependency. (280b5d2f60)
• reflect: In guava-android only, removed Invokable.getAnnotatedReturnType() and Parameter.getAnnotatedType(). These methods never worked in an Android VM, and to reflect that, they were born @Deprecated, @Beta, and @DoNotCall. They're now preventing us from rolling out some new Android compatibility testing. This is the only binary-incompatible change in this release, and it should have no effect in practice. Still, we bump the major version number to follow Semantic Versioning. (045cd8428f)
• util.concurrent: Changed our implementations to avoid eagerly initializing loggers during class loading. This can help performance, especially under Android. (4fe1df56bd)

32.1.3

Maven

<dependency>
  <groupId>com.google.guava</groupId>
  <artifactId>guava</artifactId>
  <version>32.1.3-jre</version>
  <!-- or, for Android: -->
</tr></table> 

... (truncated)

Commits

• See full diff in compare view

Updates org.slf4j:slf4j-api from 1.7.35 to 2.0.11

Updates org.slf4j:slf4j-simple from 1.7.35 to 2.0.11

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[coderabbitai]

Important

Auto Review Skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

• X
• Mastodon
• Reddit
• LinkedIn

---

Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>.
  • Generate unit-tests for this file.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit tests for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai generate interesting stats about this repository from git and render them as a table.
  • @coderabbitai show all the console.log statements in this repository.
  • @coderabbitai read src/utils.ts and generate unit tests.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger a review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• The JSON schema for the configuration file is available here.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/coderabbit-overrides.v2.json

CodeRabbit Discord Community

Join our Discord Community to get help, request features, and share feedback.

[infeo]

@dependabot rebase

[infeo]

@dependabot rebase

[overheadhunter]

@dependabot squash and merge