Skip to content

Bump the java-production-dependencies group across 1 directory with 3 updates #101

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

Bump the java-production-dependencies group across 1 directory with 3 updates #101

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 22, 2026

Bumps the java-production-dependencies group with 3 updates in the / directory: org.bouncycastle:bcpkix-jdk18on, com.google.code.gson:gson and com.google.guava:guava.

Updates org.bouncycastle:bcpkix-jdk18on from 1.80 to 1.83

Changelog

Sourced from org.bouncycastle:bcpkix-jdk18on's changelog.

2.1.1 Version Release: 1.84 Date:      TBD

2.2.1 Version Release: 1.83 Date:      2025, November 27th.

... (truncated)

Commits

Updates com.google.code.gson:gson from 2.12.1 to 2.13.2

Release notes

Sourced from com.google.code.gson:gson's releases.

Gson 2.13.2

The main changes in this release are just newer dependencies.

What's Changed

New Contributors

Full Changelog: google/gson@gson-parent-2.13.1...gson-parent-2.13.2

Gson 2.13.1

What's Changed

New Contributors

Full Changelog: google/gson@gson-parent-2.13.0...gson-parent-2.13.1

Gson 2.13.0

What's Changed

  • A bug in deserializing collections has been fixed. Previously, if you did something like this:

    gson.fromJson(jsonString, new TypeToken<ImmutableList<String>>() {})

    then the inferred type would be ImmutableList<String>, but Gson actually gave you an ArrayList<String>. Usually that would lead to an immediate ClassCastException, but in some circumstances the code might sometimes succeed despite the wrong type. Now you will see an exception like this:

    com.google.gson.JsonIOException: Abstract classes can't be instantiated!
Adjust the R8 configuration or register an InstanceCreator or a TypeAdapter for this type.
Class name: com.google.common.collect.ImmutableList

    because Gson now really is trying to create an ImmutableList through its constructor, but that isn't possible. Either change the requested type (in the TypeToken) to List<String>, or register a TypeAdapter or JsonDeserializer for ImmutableList.

  • The internal classes $Gson$Types and $Gson$Preconditions have been renamed to remove the $ characters. Since these are internal classes (as signaled not only by the package name but by the $ characters), client code should not be affected. If your code was depending on these classes then we suggest making a copy of the class (subject to the license) rather than depending on the new names.

Full Changelog: google/gson@gson-parent-2.12.1...gson-parent-2.13.0

Commits
  • 686fad7 [maven-release-plugin] prepare release gson-parent-2.13.2
  • c2d252a Switch to using central-publishing-maven-plugin. (#2900)
  • 69cb755 Bump the github-actions group with 5 updates (#2894)
  • ea552c2 Bump the maven group across 1 directory with 3 updates (#2898)
  • fdc616d Set top-level permissions for CodeQL workflow (#2889)
  • 9334715 Create scorecard.yml (#2888)
  • f7de5c2 Bump the maven group with 8 updates (#2885)
  • 8c23cd3 Update sources to satisfy a new Error Prone check. (#2887)
  • 5eab3ed Bump the github-actions group with 2 updates (#2886)
  • 5f5c200 Bump the maven group across 1 directory with 10 updates (#2872)
  • Additional commits viewable in compare view

Updates com.google.guava:guava from 33.4.0-jre to 33.5.0-jre

Release notes

Sourced from com.google.guava:guava's releases.

33.5.0

Maven

<dependency>
  <groupId>com.google.guava</groupId>
  <artifactId>guava</artifactId>
  <version>33.5.0-jre</version>
  <!-- or, for Android: -->
  <version>33.5.0-android</version>
</dependency>

Jar files

Guava requires one runtime dependency, which you can download here:

Javadoc

JDiff

Changelog

  • Restored the Automatic-Module-Name to guava-android. (It, unlike, guava-jre, is not a proper module.) (7a04a8a955)
  • For users of guava-gwt: Google has moved off GWT internally. We plan to continue to release guava-gwt for users of GWT and J2CL, but the artifact is no longer tested for GWT-specific issues, and we have limited resources to fix any unexpected issues that might arise. While we do not anticipate any specific problems, we can't guarantee how long support will continue.
  • Increased our Android minSdkVersion to 23 (Marshmallow). This follows the minimum of Google's foundational Android libraries, and we expect it to have no practical impact on users. (5c23347cc1)
  • Listed the JSpecify annotations as an optional dependency in our OSGi metadata. (2dfd572981)
  • cache: Improved the handling of exceptions from compute functions in Cache.asMap(). (We do still recommend using Caffeine rather than com.google.common.cache.) (087f2c4a80)
  • collect: Improved Iterators.mergeSorted() to preserve stability for equal elements. (4dc93be9a8)
  • math: Added saturatedAbs methods to IntMath and LongMath. (ed0e518f20)
  • net: Added image/avif to MediaType. (53344caba6)
  • testing: Made CollectorTester available to Android users. (294c251079)
  • util.concurrent: Added Striped.custom. (1586eb271d)

33.4.8

Guava 33.4.8 fixes a problem that we introduced while starting to migrate guava-android off Unsafe in 33.4.7.

Even if you're not upgrading from Guava 33.4.0 or earlier, still read the release notes for Guava 33.4.1. Those release notes contain information about the effects of Guava 33.4.5 and higher on the module system.

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the java-production-dependencies group across 1 directory with 3…
869de28 
… updates

Bumps the java-production-dependencies group with 3 updates in the / directory: [org.bouncycastle:bcpkix-jdk18on](https://github.com/bcgit/bc-java), [com.google.code.gson:gson](https://github.com/google/gson) and [com.google.guava:guava](https://github.com/google/guava).


Updates `org.bouncycastle:bcpkix-jdk18on` from 1.80 to 1.83
- [Changelog](https://github.com/bcgit/bc-java/blob/main/docs/releasenotes.html)
- [Commits](https://github.com/bcgit/bc-java/commits)

Updates `com.google.code.gson:gson` from 2.12.1 to 2.13.2
- [Release notes](https://github.com/google/gson/releases)
- [Changelog](https://github.com/google/gson/blob/main/CHANGELOG.md)
- [Commits](google/gson@gson-parent-2.12.1...gson-parent-2.13.2)

Updates `com.google.guava:guava` from 33.4.0-jre to 33.5.0-jre
- [Release notes](https://github.com/google/guava/releases)
- [Commits](https://github.com/google/guava/commits)

---
updated-dependencies:
- dependency-name: org.bouncycastle:bcpkix-jdk18on
  dependency-version: '1.83'
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: java-production-dependencies
- dependency-name: com.google.code.gson:gson
  dependency-version: 2.13.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: java-production-dependencies
- dependency-name: com.google.guava:guava
  dependency-version: 33.5.0-jre
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: java-production-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Jan 22, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file java Pull requests that update Java code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant