build(deps): bump com.google.code.gson:gson from 2.13.2 to 2.14.0

[dependabot]

Bumps com.google.code.gson:gson from 2.13.2 to 2.14.0.

Release notes

Sourced from com.google.code.gson:gson's releases.

Gson 2.14.0

What's Changed

• Add type adapters for java.time classes by @​eamonnmcmanus in google/gson#2948

  When the java.time API is available, Gson automatically can read and write instances of classes like Instant and Duration. The format it uses essentially freezes the JSON representation that ReflectiveTypeAdapterFactory established by default, based on the private fields of java.time classes. That's not a great representation, but it is understandable. Changing it to anything else would break compatibility with systems that are expecting the current format.

  With this change, Gson no longer tries to access private fields of these classes using reflection. So it is no longer necessary to run with --add-opens for these classes on recent JDKs.

• Remove com.google.gson.graph by @​eamonnmcmanus in google/gson#2990.

  This package was not part of any released artifact and depended on Gson internals in potentially problematic ways.

• Validate that strings being parsed as integers consist of ASCII characters by @​eamonnmcmanus in google/gson#2995

  Previously, strings could contain non-ASCII Unicode digits and still be parsed as integers. That's inconsistent with how JSON numbers are treated.

• Fix duplicate key detection when first value is null by @​andrewstellman in google/gson#3006

  This could potentially break code that was relying on the incorrect behaviour. For example, this JSON string was previously accepted but will no longer be: {"foo": null, "foo": bar}.

• Remove Serializable from internal Type implementation classes. by @​eamonnmcmanus in google/gson#3011

  The nested classes ParameterizedTypeImpl, GenericArrayTypeImpl, and WildcardTypeImpl in GsonTypes are implementations of the corresponding types (without Impl) in java.lang.reflect. For some reason, they were serializable, even though the java.lang.reflect implementations are not. Having unnecessarily serializable classes could conceivably have been a security problem if they were part of a larger exploit using serialization. (We do not consider this a likely scenario and do not suggest that you need to update Gson just to get this change.)

• Add LegacyProtoTypeAdapterFactory. by @​eamonnmcmanus in google/gson#3014

  This is not part of any released artifact, but may be of use when trying to fix code that is currently accessing the internals of protobuf classes via reflection.

• Make AppendableWriter do flush and close if delegation object supports by @​MukjepScarlet in google/gson#2925

Other less visible changes

• Add default capacity to EnumTypeAdapter maps by @​MukjepScarlet in google/gson#2959
• refactor: move derived adapters from Gson to TypeAdapters by @​MukjepScarlet in google/gson#2951
• Optimize new Gson() by @​MukjepScarlet in google/gson#2864

New Contributors

• @​ThirdGoddess made their first contribution in google/gson#2944
• @​lmj798 made their first contribution in google/gson#2988
• @​Eng-YasminKotb made their first contribution in google/gson#3005
• @​andrewstellman made their first contribution in google/gson#3006

Full Changelog: google/gson@gson-parent-2.13.2...gson-parent-2.14.0

Commits

• 3ff35d6 [maven-release-plugin] prepare release gson-parent-2.14.0
• a3024fd Bump the maven group with 13 updates (#3002)
• 5689ffe Bump the github-actions group across 1 directory with 3 updates (#3018)
• 48db33c Add LegacyProtoTypeAdapterFactory. (#3014)
• 53d703e Update outdated comment regarding serializable types (#3012)
• 0189b72 Remove Serializable from internal Type implementation classes. (#3011)
• f4d371d Fix duplicate key detection when first value is null (#3006)
• 27d9ba1 Fix typo in README (JPMS dependencies section) (#3005)
• 1fa9b7a Validate that strings being parsed as integers consist of ASCII characters (#...
• b7d5954 Add iterator fail-fast tests for LinkedTreeMap.clear() (#2992)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 3 package(s) with unknown licenses.

See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA b0641d0.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

citizen-intelligence-agency/pom.xml

Package	Version	License	Issue Type
com.google.code.gson:gson	2.14.0	Null	Unknown License

service.data.impl/pom.xml

Package	Version	License	Issue Type
com.google.code.gson:gson	2.14.0	Null	Unknown License

web-widgets/pom.xml

Package	Version	License	Issue Type
com.google.code.gson:gson	2.14.0	Null	Unknown License

OpenSSF Scorecard

Package	Version	Score	Details
maven/com.google.code.gson:gson	2.14.0	🟢 9.3	Details Check Score Reason Dependency-Update-Tool 🟢 10 update tool detected Code-Review 🟢 7 Found 18/23 approved changesets -- score normalized to 7 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Maintained 🟢 10 23 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 Pinned-Dependencies 🟢 7 dependency not pinned by hash detected -- score normalized to 7 Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected SAST 🟢 10 SAST tool is run on all commits License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Fuzzing 🟢 10 project is fuzzed Security-Policy 🟢 10 security policy file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Vulnerabilities 🟢 10 0 existing vulnerabilities detected CI-Tests 🟢 10 28 out of 28 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 12 contributing companies or organizations
maven/com.google.code.gson:gson	2.14.0	🟢 9.3	Details Check Score Reason Dependency-Update-Tool 🟢 10 update tool detected Code-Review 🟢 7 Found 18/23 approved changesets -- score normalized to 7 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Maintained 🟢 10 23 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 Pinned-Dependencies 🟢 7 dependency not pinned by hash detected -- score normalized to 7 Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected SAST 🟢 10 SAST tool is run on all commits License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Fuzzing 🟢 10 project is fuzzed Security-Policy 🟢 10 security policy file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Vulnerabilities 🟢 10 0 existing vulnerabilities detected CI-Tests 🟢 10 28 out of 28 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 12 contributing companies or organizations
maven/com.google.code.gson:gson	2.14.0	🟢 9.3	Details Check Score Reason Dependency-Update-Tool 🟢 10 update tool detected Code-Review 🟢 7 Found 18/23 approved changesets -- score normalized to 7 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Maintained 🟢 10 23 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 Pinned-Dependencies 🟢 7 dependency not pinned by hash detected -- score normalized to 7 Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected SAST 🟢 10 SAST tool is run on all commits License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Fuzzing 🟢 10 project is fuzzed Security-Policy 🟢 10 security policy file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Vulnerabilities 🟢 10 0 existing vulnerabilities detected CI-Tests 🟢 10 28 out of 28 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 12 contributing companies or organizations

Scanned Files

• citizen-intelligence-agency/pom.xml
• service.data.impl/pom.xml
• web-widgets/pom.xml

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[github-actions]

📚 Javadoc Generated

The Javadoc documentation has been generated for this PR. Download the javadoc artifact from the workflow run to view the complete API documentation with UML diagrams.