From e8cdabf296cd4c2c1550ed76cf27a1a8e0c4ec59 Mon Sep 17 00:00:00 2001
From: Lukas Rieger <TBlueF@users.noreply.github.com>
Date: Thu, 27 Jun 2024 19:26:30 +0200
Subject: [PATCH 1/5] Fix typeArguments array not being cloned when resolving
 ParameterizedType with changed owner (#2706)

---
 .../main/java/com/google/gson/internal/$Gson$Types.java  | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/gson/src/main/java/com/google/gson/internal/$Gson$Types.java b/gson/src/main/java/com/google/gson/internal/$Gson$Types.java
index 6ccdaa3eb5..8bef78afce 100644
--- a/gson/src/main/java/com/google/gson/internal/$Gson$Types.java
+++ b/gson/src/main/java/com/google/gson/internal/$Gson$Types.java
@@ -392,23 +392,24 @@ private static Type resolve(
         ParameterizedType original = (ParameterizedType) toResolve;
         Type ownerType = original.getOwnerType();
         Type newOwnerType = resolve(context, contextRawType, ownerType, visitedTypeVariables);
-        boolean changed = !equal(newOwnerType, ownerType);
+        boolean ownerChanged = !equal(newOwnerType, ownerType);
 
         Type[] args = original.getActualTypeArguments();
+        boolean argsChanged = false;
         for (int t = 0, length = args.length; t < length; t++) {
           Type resolvedTypeArgument =
               resolve(context, contextRawType, args[t], visitedTypeVariables);
           if (!equal(resolvedTypeArgument, args[t])) {
-            if (!changed) {
+            if (!argsChanged) {
               args = args.clone();
-              changed = true;
+              argsChanged = true;
             }
             args[t] = resolvedTypeArgument;
           }
         }
 
         toResolve =
-            changed
+            ownerChanged || argsChanged
                 ? newParameterizedTypeWithOwner(newOwnerType, original.getRawType(), args)
                 : original;
         break;

From 1c93dd9e1a35d2417b6faa09676b13157a3f0a7a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 1 Jul 2024 07:26:14 -0700
Subject: [PATCH 2/5] Bump the maven group with 8 updates (#2709)

Bumps the maven group with 8 updates:

| Package | From | To |
| --- | --- | --- |
| [com.google.truth:truth](https://github.com/google/truth) | `1.4.2` | `1.4.3` |
| [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) | `3.2.5` | `3.3.0` |
| [org.apache.maven.plugins:maven-jar-plugin](https://github.com/apache/maven-jar-plugin) | `3.4.1` | `3.4.2` |
| [org.apache.maven.plugins:maven-release-plugin](https://github.com/apache/maven-release) | `3.0.1` | `3.1.0` |
| [org.moditect:moditect-maven-plugin](https://github.com/moditect/moditect) | `1.2.1.Final` | `1.2.2.Final` |
| [org.junit.jupiter:junit-jupiter](https://github.com/junit-team/junit5) | `5.10.2` | `5.10.3` |
| [org.apache.maven.plugins:maven-failsafe-plugin](https://github.com/apache/maven-surefire) | `3.2.5` | `3.3.0` |
| [com.google.protobuf:protobuf-java](https://github.com/protocolbuffers/protobuf) | `4.27.0` | `4.27.2` |


Updates `com.google.truth:truth` from 1.4.2 to 1.4.3
- [Release notes](https://github.com/google/truth/releases)
- [Commits](https://github.com/google/truth/compare/v1.4.2...v1.4.3)

Updates `org.apache.maven.plugins:maven-surefire-plugin` from 3.2.5 to 3.3.0
- [Release notes](https://github.com/apache/maven-surefire/releases)
- [Commits](https://github.com/apache/maven-surefire/compare/surefire-3.2.5...surefire-3.3.0)

Updates `org.apache.maven.plugins:maven-jar-plugin` from 3.4.1 to 3.4.2
- [Release notes](https://github.com/apache/maven-jar-plugin/releases)
- [Commits](https://github.com/apache/maven-jar-plugin/compare/maven-jar-plugin-3.4.1...maven-jar-plugin-3.4.2)

Updates `org.apache.maven.plugins:maven-release-plugin` from 3.0.1 to 3.1.0
- [Release notes](https://github.com/apache/maven-release/releases)
- [Commits](https://github.com/apache/maven-release/compare/maven-release-3.0.1...maven-release-3.1.0)

Updates `org.moditect:moditect-maven-plugin` from 1.2.1.Final to 1.2.2.Final
- [Release notes](https://github.com/moditect/moditect/releases)
- [Commits](https://github.com/moditect/moditect/compare/1.2.1.Final...1.2.2.Final)

Updates `org.junit.jupiter:junit-jupiter` from 5.10.2 to 5.10.3
- [Release notes](https://github.com/junit-team/junit5/releases)
- [Commits](https://github.com/junit-team/junit5/compare/r5.10.2...r5.10.3)

Updates `org.apache.maven.plugins:maven-failsafe-plugin` from 3.2.5 to 3.3.0
- [Release notes](https://github.com/apache/maven-surefire/releases)
- [Commits](https://github.com/apache/maven-surefire/compare/surefire-3.2.5...surefire-3.3.0)

Updates `com.google.protobuf:protobuf-java` from 4.27.0 to 4.27.2
- [Release notes](https://github.com/protocolbuffers/protobuf/releases)
- [Changelog](https://github.com/protocolbuffers/protobuf/blob/main/protobuf_release.bzl)
- [Commits](https://github.com/protocolbuffers/protobuf/commits)

---
updated-dependencies:
- dependency-name: com.google.truth:truth
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: maven
- dependency-name: org.apache.maven.plugins:maven-surefire-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: maven
- dependency-name: org.apache.maven.plugins:maven-jar-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: maven
- dependency-name: org.apache.maven.plugins:maven-release-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: maven
- dependency-name: org.moditect:moditect-maven-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: maven
- dependency-name: org.junit.jupiter:junit-jupiter
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: maven
- dependency-name: org.apache.maven.plugins:maven-failsafe-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: maven
- dependency-name: com.google.protobuf:protobuf-java
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: maven
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 gson/pom.xml                    | 2 +-
 pom.xml                         | 8 ++++----
 proto/pom.xml                   | 2 +-
 test-graal-native-image/pom.xml | 2 +-
 test-shrinker/pom.xml           | 2 +-
 5 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/gson/pom.xml b/gson/pom.xml
index 9170ee5a26..642e48c22a 100644
--- a/gson/pom.xml
+++ b/gson/pom.xml
@@ -263,7 +263,7 @@
       <plugin>
         <groupId>org.moditect</groupId>
         <artifactId>moditect-maven-plugin</artifactId>
-        <version>1.2.1.Final</version>
+        <version>1.2.2.Final</version>
         <executions>
           <execution>
             <id>add-module-info</id>
diff --git a/pom.xml b/pom.xml
index f7e07e562e..ea48e65115 100644
--- a/pom.xml
+++ b/pom.xml
@@ -100,7 +100,7 @@
       <dependency>
         <groupId>com.google.truth</groupId>
         <artifactId>truth</artifactId>
-        <version>1.4.2</version>
+        <version>1.4.3</version>
       </dependency>
     </dependencies>
   </dependencyManagement>
@@ -338,12 +338,12 @@
         <plugin>
           <groupId>org.apache.maven.plugins</groupId>
           <artifactId>maven-surefire-plugin</artifactId>
-          <version>3.2.5</version>
+          <version>3.3.0</version>
           </plugin>
         <plugin>
           <groupId>org.apache.maven.plugins</groupId>
           <artifactId>maven-jar-plugin</artifactId>
-          <version>3.4.1</version>
+          <version>3.4.2</version>
         </plugin>
         <plugin>
           <groupId>org.apache.maven.plugins</groupId>
@@ -380,7 +380,7 @@
         <plugin>
           <groupId>org.apache.maven.plugins</groupId>
           <artifactId>maven-release-plugin</artifactId>
-          <version>3.0.1</version>
+          <version>3.1.0</version>
           <configuration>
             <autoVersionSubmodules>true</autoVersionSubmodules>
             <!-- Disable Maven Super POM release profile and instead use own one -->
diff --git a/proto/pom.xml b/proto/pom.xml
index 96dafcc8a7..77245fb111 100644
--- a/proto/pom.xml
+++ b/proto/pom.xml
@@ -31,7 +31,7 @@
     <!-- This is duplicated here because that is recommended by `artifact:check-buildplan` -->
     <project.build.outputTimestamp>2024-05-19T18:54:10Z</project.build.outputTimestamp>
 
-    <protobufVersion>4.27.0</protobufVersion>
+    <protobufVersion>4.27.2</protobufVersion>
 
     <!-- Overwrite property from parent; this module is currently not deployed -->
     <gson.isInternalModule>true</gson.isInternalModule>
diff --git a/test-graal-native-image/pom.xml b/test-graal-native-image/pom.xml
index 3d99364e08..35321fde8a 100644
--- a/test-graal-native-image/pom.xml
+++ b/test-graal-native-image/pom.xml
@@ -48,7 +48,7 @@
     <dependency>
       <groupId>org.junit.jupiter</groupId>
       <artifactId>junit-jupiter</artifactId>
-      <version>5.10.2</version>
+      <version>5.10.3</version>
       <scope>test</scope>
     </dependency>
 
diff --git a/test-shrinker/pom.xml b/test-shrinker/pom.xml
index bd23c2984a..afc7e3a084 100644
--- a/test-shrinker/pom.xml
+++ b/test-shrinker/pom.xml
@@ -198,7 +198,7 @@
       <plugin>
         <groupId>org.apache.maven.plugins</groupId>
         <artifactId>maven-failsafe-plugin</artifactId>
-        <version>3.2.5</version>
+        <version>3.3.0</version>
         <executions>
           <execution>
             <goals>

From c597156659c3485a8f920297755670f6a08c5469 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 1 Jul 2024 07:34:25 -0700
Subject: [PATCH 3/5] Bump the github-actions group with 3 updates (#2708)

Bumps the github-actions group with 3 updates: [actions/checkout](https://github.com/actions/checkout), [graalvm/setup-graalvm](https://github.com/graalvm/setup-graalvm) and [github/codeql-action](https://github.com/github/codeql-action).


Updates `actions/checkout` from 4.1.6 to 4.1.7
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/a5ac7e51b41094c92402da3b24376905380afc29...692973e3d937129bcbf40652eb9f2f61becf3332)

Updates `graalvm/setup-graalvm` from 1.2.1 to 1.2.2
- [Release notes](https://github.com/graalvm/setup-graalvm/releases)
- [Commits](https://github.com/graalvm/setup-graalvm/compare/2f25c0caae5b220866f732832d5e3e29ff493338...2911b2304bee2c2f59b9a67bf45f025a6b6de4b1)

Updates `github/codeql-action` from 3.25.7 to 3.25.11
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/f079b8493333aace61c81488f8bd40919487bd9f...b611370bb5703a7efb587f9d136a52ea24c5c38c)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: graalvm/setup-graalvm
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/build.yml                       | 8 ++++----
 .github/workflows/check-android-compatibility.yml | 2 +-
 .github/workflows/check-api-compatibility.yml     | 4 ++--
 .github/workflows/codeql-analysis.yml             | 6 +++---
 4 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 97f522e819..e842ff66c1 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -19,7 +19,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29  # v4.1.6
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332  # v4.1.7
       - name: "Set up JDK ${{ matrix.java }}"
         uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9  # v4.2.1
         with:
@@ -35,9 +35,9 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29  # v4.1.6
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332  # v4.1.7
       - name: "Set up GraalVM"
-        uses: graalvm/setup-graalvm@2f25c0caae5b220866f732832d5e3e29ff493338  # v1.2.1
+        uses: graalvm/setup-graalvm@2911b2304bee2c2f59b9a67bf45f025a6b6de4b1  # v1.2.2
         with:
           java-version: '17'
           distribution: 'graalvm'
@@ -54,7 +54,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29  # v4.1.6
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332  # v4.1.7
       - name: "Set up JDK 17"
         uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9  # v4.2.1
         with:
diff --git a/.github/workflows/check-android-compatibility.yml b/.github/workflows/check-android-compatibility.yml
index c21d6bd96f..b7af3bdad2 100644
--- a/.github/workflows/check-android-compatibility.yml
+++ b/.github/workflows/check-android-compatibility.yml
@@ -14,7 +14,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29  # v4.1.6
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332  # v4.1.7
 
       - name: Set up JDK 11
         uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9  # v4.2.1
diff --git a/.github/workflows/check-api-compatibility.yml b/.github/workflows/check-api-compatibility.yml
index 683f4bf1f5..21985e1881 100644
--- a/.github/workflows/check-api-compatibility.yml
+++ b/.github/workflows/check-api-compatibility.yml
@@ -19,7 +19,7 @@ jobs:
 
     steps:
       - name: Check out old version
-        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29  # v4.1.6
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332  # v4.1.7
         with:
           ref: ${{ github.event.pull_request.base.sha }}
           path: 'gson-old-japicmp'
@@ -40,7 +40,7 @@ jobs:
           mvn --batch-mode --no-transfer-progress install -DskipTests
 
       - name: Check out new version
-        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29  # v4.1.6
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332  # v4.1.7
 
       - name: Check API compatibility
         id: check-compatibility
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index c772663a8e..11c34fee53 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -25,7 +25,7 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29  # v4.1.6
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332  # v4.1.7
 
     - name: Set up JDK 17
       uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9  # v4.2.1
@@ -36,7 +36,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@f079b8493333aace61c81488f8bd40919487bd9f  # v3.25.7
+      uses: github/codeql-action/init@b611370bb5703a7efb587f9d136a52ea24c5c38c  # v3.25.11
       with:
         languages: ${{ matrix.language }}
         # Run all security queries and maintainability and reliability queries
@@ -50,4 +50,4 @@ jobs:
         mvn compile --batch-mode --no-transfer-progress
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@f079b8493333aace61c81488f8bd40919487bd9f  # v3.25.7
+      uses: github/codeql-action/analyze@b611370bb5703a7efb587f9d136a52ea24c5c38c  # v3.25.11

From 73b7781a936605578b1633b42a582809fbf3994e Mon Sep 17 00:00:00 2001
From: Hannes Wellmann <wellmann.hannes1@gmx.net>
Date: Fri, 5 Jul 2024 17:06:21 +0200
Subject: [PATCH 4/5] Remove duplicated declaration of required OSGi execution
 environment (#2711)

The bnd-maven-plugin used to generate the OSGi metadata can determine
the required EE automatically based on the version of the generated
class-files. This avoids inconsistencies if the release target is raised
in the future.
---
 gson/bnd.bnd | 2 --
 1 file changed, 2 deletions(-)

diff --git a/gson/bnd.bnd b/gson/bnd.bnd
index 626a0c5bec..725b7ae637 100644
--- a/gson/bnd.bnd
+++ b/gson/bnd.bnd
@@ -3,8 +3,6 @@ Bundle-Name: ${project.name}
 Bundle-Description: ${project.description}
 Bundle-Vendor: Google Gson Project
 Bundle-ContactAddress: ${project.parent.url}
-Bundle-RequiredExecutionEnvironment: JavaSE-1.7, JavaSE-1.8
-Require-Capability: osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))"
 
 # Optional dependency for JDK's sun.misc.Unsafe
 # https://bnd.bndtools.org/chapters/920-faq.html#remove-unwanted-imports-

From 18cf79aad1474c82bf2b775af2f7ed1023a6a76b Mon Sep 17 00:00:00 2001
From: Hannes Wellmann <wellmann.hannes1@gmx.net>
Date: Sun, 7 Jul 2024 15:00:32 +0200
Subject: [PATCH 5/5] Move bnd.bnd file configuration into 'bnd' element of
 bnd-maven-plugin (#2712)

---
 gson/bnd.bnd | 17 -----------------
 gson/pom.xml | 21 +++++++++++++++++++++
 2 files changed, 21 insertions(+), 17 deletions(-)
 delete mode 100644 gson/bnd.bnd

diff --git a/gson/bnd.bnd b/gson/bnd.bnd
deleted file mode 100644
index 725b7ae637..0000000000
--- a/gson/bnd.bnd
+++ /dev/null
@@ -1,17 +0,0 @@
-Bundle-SymbolicName: com.google.gson
-Bundle-Name: ${project.name}
-Bundle-Description: ${project.description}
-Bundle-Vendor: Google Gson Project
-Bundle-ContactAddress: ${project.parent.url}
-
-# Optional dependency for JDK's sun.misc.Unsafe
-# https://bnd.bndtools.org/chapters/920-faq.html#remove-unwanted-imports-
-Import-Package: sun.misc;resolution:=optional, *
-
--removeheaders: Private-Package
-
--exportcontents:\
-    com.google.gson,\
-    com.google.gson.annotations,\
-    com.google.gson.reflect,\
-    com.google.gson.stream
diff --git a/gson/pom.xml b/gson/pom.xml
index 642e48c22a..304715dd7f 100644
--- a/gson/pom.xml
+++ b/gson/pom.xml
@@ -131,6 +131,27 @@
             <goals>
               <goal>bnd-process</goal>
             </goals>
+            <configuration>
+              <bnd><![CDATA[
+                Bundle-SymbolicName: com.google.gson
+                Bundle-Name: ${project.name}
+                Bundle-Description: ${project.description}
+                Bundle-Vendor: Google Gson Project
+                Bundle-ContactAddress: ${project.parent.url}
+
+                # Optional dependency for JDK's sun.misc.Unsafe
+                # https://bnd.bndtools.org/chapters/920-faq.html#remove-unwanted-imports-
+                Import-Package: sun.misc;resolution:=optional, *
+
+                -removeheaders: Private-Package
+
+                -exportcontents:\
+                    com.google.gson,\
+                    com.google.gson.annotations,\
+                    com.google.gson.reflect,\
+                    com.google.gson.stream
+              ]]></bnd>
+            </configuration>
           </execution>
         </executions>
       </plugin>