Merge branch 'FasterXML:2.15' into mixin_extension_function

FasterXML · Apr 5, 2023 · 9f0bb82 · 9f0bb82
2 parents a33a7fd + 82ad938
commit 9f0bb82
Show file tree

Hide file tree

Showing 58 changed files with 3,288 additions and 517 deletions.
diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -11,7 +11,14 @@ assignees: ''
 A clear and concise description of what the bug is.
 
 **To Reproduce**
-Test case or steps to reproduce the behavior or.
+Test case or steps to reproduce the behavior.  
+It would be appreciated if you could provide code that can be executed with as few changes as possible,
+such as include `import` statements.
+
+Also, it would be appreciated if you could confirm in advance that the problem is reproduced
+only when using `Kotlin` or `kotlin-module`.  
+For issues that are reproduced only in `Java`, please submit them to the appropriate repository,
+such as [FasterXML/jackson-databind](https://github.com/FasterXML/jackson-databind).
 
 **Expected behavior**
 A clear and concise description of what you expected to happen.

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -4,50 +4,62 @@ on:
     branches:
     - master
     - "3.0"
-    - "2.14"
-    - "2.13"
+    - "2.15"
     paths-ignore:
     - "README.md"
     - "release-notes/*"
   pull_request:
     branches:
     - master
-    - "2.14"
+    - "3.0"
+    - "2.15"
     paths-ignore:
     - "README.md"
     - "release-notes/*"
+
+permissions:
+  contents: read
+
 jobs:
   build:
     runs-on: ${{ matrix.os }}
     strategy:
       fail-fast: false
       matrix:
-        java_version: ['8', '11', '14']
+        java_version: ['8', '11', '17']
+        # Jackson 2.15 drops support for Kotlin 1.4
+        kotlin_version: ['1.5.32', '1.6.21', '1.7.20', '1.8.10', '1.8.20-RC']
         os: ['ubuntu-20.04']
     env:
       JAVA_OPTS: "-XX:+TieredCompilation -XX:TieredStopAtLevel=1"
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
     - name: Set up JDK
-      uses: actions/setup-java@v2
+      uses: actions/setup-java@v3
       with:
-        distribution: "adopt"
+        distribution: 'temurin'
         java-version: ${{ matrix.java_version }}
+        cache: 'maven'
         server-id: sonatype-nexus-snapshots
         server-username: CI_DEPLOY_USERNAME
         server-password: CI_DEPLOY_PASSWORD
-    - uses: actions/cache@v2.1.6
-      with:
-        path: ~/.m2/repository
-        key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
-        restore-keys: |
-          ${{ runner.os }}-maven-
+        # See https://github.com/actions/setup-java/blob/v2/docs/advanced-usage.md#Publishing-using-Apache-
+        # gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} # Value of the GPG private key to import
+        # gpg-passphrase: MAVEN_GPG_PASSPHRASE # env variable for GPG private key passphrase
+
     - name: Build
-      run: ./mvnw -V -B -ff -ntp verify
+      # Note: build separately first using default kotlin-core
+      run: ./mvnw -B -q -ff -ntp -DskipTests clean package
+    - name: Test
+      # Note: actual testing should use matrix kotlin-core version (note: MUST specify test phase)
+      run: ./mvnw -B -q -ff -ntp -Dversion.kotlin=${{ matrix.kotlin_version }} surefire:test
+    - name: Extract project Maven version
+      id: projectVersion
+      run: echo "version=$(./mvnw org.apache.maven.plugins:maven-help-plugin:3.3.0:evaluate -DforceStdout -Dexpression=project.version -q)" >> $GITHUB_OUTPUT
     - name: Deploy snapshot
-      if: github.event_name != 'pull_request' && matrix.java_version == '8'
+      if: github.event_name != 'pull_request' && matrix.java_version == '8' && matrix.kotlin_version == '1.5.32' && endsWith(steps.projectVersion.outputs.version, '-SNAPSHOT')
       env:
         CI_DEPLOY_USERNAME: ${{ secrets.CI_DEPLOY_USERNAME }}
         CI_DEPLOY_PASSWORD: ${{ secrets.CI_DEPLOY_PASSWORD }}
         # MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}
-      run: ./mvnw -V -B -ff -DskipTests -ntp source:jar deploy
+      run: ./mvnw -B -q -ff -DskipTests -ntp source:jar deploy
diff --git a/.mvn/wrapper/MavenWrapperDownloader.java b/.mvn/wrapper/MavenWrapperDownloader.java
diff --git a/.mvn/wrapper/maven-wrapper.jar b/.mvn/wrapper/maven-wrapper.jar
diff --git a/.mvn/wrapper/maven-wrapper.properties b/.mvn/wrapper/maven-wrapper.properties
@@ -1,2 +1,18 @@
-distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.6.3/apache-maven-3.6.3-bin.zip
-wrapperUrl=https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.5.6/maven-wrapper-0.5.6.jar
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.8.7/apache-maven-3.8.7-bin.zip
+wrapperUrl=https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.1.1/maven-wrapper-3.1.1.jar
diff --git a/README.md b/README.md
@@ -1,34 +1,33 @@
-[![Kotlin](https://img.shields.io/badge/kotlin-1.5.x-blue.svg)](http://kotlinlang.org) [![Kotlin Slack](https://img.shields.io/badge/chat-kotlin%20slack-orange.svg)](http://slack.kotlinlang.org/)
+[![Kotlin](https://img.shields.io/badge/kotlin-1.5.x-blue.svg)](https://kotlinlang.org) [![Kotlin Slack](https://img.shields.io/badge/chat-kotlin%20slack-orange.svg)](https://slack.kotlinlang.org/)
 
 # Overview
 
-Module that adds support for serialization/deserialization of [Kotlin](http://kotlinlang.org)
+Module that adds support for serialization/deserialization of [Kotlin](https://kotlinlang.org)
 classes and data classes.
 Previously a default constructor must have existed on the Kotlin object for Jackson to deserialize into the object.
 With this module, single constructor classes can be used automatically,
 and those with secondary constructors or static factories are also supported.
 
 # Status
 
-* release `2.13.0` (for Jackson `2.13.x`) [![GitHub Actions build](https://github.com/FasterXML/jackson-module-kotlin/actions/workflows/main.yml/badge.svg?branch=2.13)](https://github.com/FasterXML/jackson-module-kotlin/actions?query=branch%3A2.13)
-* release `2.12.3` (for Jackson `2.12.x`) [![CircleCI](https://circleci.com/gh/FasterXML/jackson-module-kotlin/tree/2.12.svg?style=svg)](https://circleci.com/gh/FasterXML/jackson-module-kotlin/tree/2.12)
+* release `2.14.2` (for Jackson `2.14.x`) [![GitHub Actions build](https://github.com/FasterXML/jackson-module-kotlin/actions/workflows/main.yml/badge.svg?branch=2.14)](https://github.com/FasterXML/jackson-module-kotlin/actions?query=branch%3A2.14)
+* release `2.13.5` (for Jackson `2.13.x`) [![GitHub Actions build](https://github.com/FasterXML/jackson-module-kotlin/actions/workflows/main.yml/badge.svg?branch=2.13)](https://github.com/FasterXML/jackson-module-kotlin/actions?query=branch%3A2.13)
+* release `2.12.7` (for Jackson `2.12.x`) [![CircleCI](https://circleci.com/gh/FasterXML/jackson-module-kotlin/tree/2.12.svg?style=svg)](https://circleci.com/gh/FasterXML/jackson-module-kotlin/tree/2.12)
 * release `2.11.4` (for Jackson `2.11.x`) [![CircleCI](https://circleci.com/gh/FasterXML/jackson-module-kotlin/tree/2.11.svg?style=svg)](https://circleci.com/gh/FasterXML/jackson-module-kotlin/tree/2.11)
-* release `2.10.5` (for Jackson `2.10.x`)
-* release `2.9.10` (for Jackson `2.9.x`)
 
 Releases require that you have included Kotlin stdlib and reflect libraries already.
 
 Gradle:
 ```
-implementation "com.fasterxml.jackson.module:jackson-module-kotlin:2.13.+"
+implementation "com.fasterxml.jackson.module:jackson-module-kotlin:2.14.+"
 ```
 
 Maven:
 ```xml
 <dependency>
     <groupId>com.fasterxml.jackson.module</groupId>
     <artifactId>jackson-module-kotlin</artifactId>
-    <version>2.13.0</version>
+    <version>2.14.2</version>
 </dependency>
 ```
 
@@ -124,6 +123,17 @@ arrayNode += "bar".toByteArray()
 println(arrayNode.toString()) // ["foo",true,1,1.0,"YmFy"]
 ```
 
+# Compatibility
+
+(NOTE: incomplete! Please submit corrections/additions via PRs!)
+
+Different `kotlin-core` versions are supported by different Jackson Kotlin module minor versions.
+Here is an incomplete list of supported versions:
+
+* Jackson 2.15.x: Kotlin-core 1.5 - 1.8
+* Jackson 2.14.x: Kotlin-core 1.4 - 1.8
+* Jackson 2.13.x: Kotlin-core 1.4 - 1.7
+
 # Annotations
 
 You can intermix non-field values in the constructor and `JsonProperty` annotation in the constructor.
@@ -192,9 +202,12 @@ see the [inline documentation](https://github.com/FasterXML/jackson-module-kotli
 for details on what options are available and what they do.
 
 ```kotlin
+val kotlinModule = KotlinModule.Builder()
+    .enable(KotlinFeature.StrictNullChecks)
+    .build()
 val mapper = JsonMapper.builder()
-        .addModule(KotlinModule(strictNullChecks = true))
-        .build()
+    .addModule(kotlinModule)
+    .build()
 ```
 
 If your `ObjectMapper` is constructed in Java, there is a builder method
@@ -217,8 +230,10 @@ Following developers have committer access to this project.
 
 * Author: Jayson Minard (@apatrida) wrote this module; still helps issues from time to time
 * Active Maintainers:
+    * Dmitry Spikhalskiy (@Spikhalskiy) -- since 2.14
     * Drew Stephens (@dinomite)
     * Vyacheslav Artemyev (@viartemev)
+    * WrongWrong (@k163377) -- since 2.15
 * Co-maintainers:
     * Tatu Saloranta (@cowtowncoder)
 
@@ -246,8 +261,8 @@ See the [main Jackson contribution guidlines](https://github.com/FasterXML/jacks
 
 If you are going to write code, choose the appropriate base branch:
 
-- `2.12` for bugfixes against the current stable version
-- `2.13` for additive functionality & features or [minor](https://semver.org), backwards compatible changes to existing behavior to be included in the next minor version release
+- `2.14` for bugfixes against the current stable version
+- `2.15` for additive functionality & features or [minor](https://semver.org), backwards compatible changes to existing behavior to be included in the next minor version release
 - `master` for significant changes to existing behavior, which will be part of Jackson 3.0
 
 ### Failing tests

diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,32 @@
+# Security Policy
+
+Last Updated: 2022-09-20
+
+## Supported Versions
+
+Current status of open branches, with new releases, can be found from [Jackson Releases](https://github.com/FasterXML/jackson/wiki/Jackson-Releases)
+wiki page
+
+## Reporting a Vulnerability
+
+The recommended mechanism for reporting possible security vulnerabilities follows
+so-called "Coordinated Disclosure Plan" (see [definition of DCP](https://vuls.cert.org/confluence/display/Wiki/Coordinated+Vulnerability+Disclosure+Guidance)
+for general idea). The first step is to file a [Tidelift security contact](https://tidelift.com/security):
+Tidelift will route all reports via their system to maintainers of relevant package(s), and start the
+process that will evaluate concern and issue possible fixes, send update notices and so on.
+Note that you do not need to be a Tidelift subscriber to file a security contact.
+
+Alternatively you may also report possible vulnerabilities to `info` at fasterxml dot com
+mailing address. Note that filing an issue to go with report is fine, but if you do that please
+DO NOT include details of security problem in the issue but only in email contact.
+This is important to give us time to provide a patch, if necessary, for the problem.
+
+## Verifying Artifact signatures
+
+(for more in-depth explanation, see [Apache Release Signing](https://infra.apache.org/release-signing#keys-policy) document)
+
+To verify that any given Jackson artifact has been signed with a valid key, have a look at `KEYS` file of the main Jackson repo:
+
+https://github.com/FasterXML/jackson/blob/master/KEYS
+
+which lists all known valid keys in use.
diff --git a/docs/javadoc/2.14/allclasses-frame.html b/docs/javadoc/2.14/allclasses-frame.html
@@ -0,0 +1,19 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!-- NewPage -->
+<html lang="en">
+<head>
+<!-- Generated by javadoc -->
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<title>All Classes (jackson-module-kotlin 2.14.0 API)</title>
+<link rel="stylesheet" type="text/css" href="stylesheet.css" title="Style">
+<script type="text/javascript" src="script.js"></script>
+</head>
+<body>
+<h1 class="bar">All&nbsp;Classes</h1>
+<div class="indexContainer">
+<ul>
+<li><a href="com/fasterxml/jackson/module/kotlin/PackageVersion.html" title="class in com.fasterxml.jackson.module.kotlin" target="classFrame">PackageVersion</a></li>
+</ul>
+</div>
+</body>
+</html>