You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@avro.apache.org by GitBox <gi...@apache.org> on 2020/11/17 13:52:00 UTC
[GitHub] [avro] dependabot[bot] opened a new pull request #990: Bump Newtonsoft.Json from 10.0.3 to 12.0.3 in /lang/csharp
dependabot[bot] opened a new pull request #990:
URL: https://github.com/apache/avro/pull/990
Bumps [Newtonsoft.Json](https://github.com/JamesNK/Newtonsoft.Json) from 10.0.3 to 12.0.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/JamesNK/Newtonsoft.Json/releases">Newtonsoft.Json's releases</a>.</em></p>
<blockquote>
<h2>12.0.3</h2>
<ul>
<li>New feature - Added support for nullable reference types</li>
<li>New feature - Added KebabCaseNamingStrategy</li>
<li>Change - Package now uses embedded package icon</li>
<li>Fix - Fixed bug when merging JToken with itself</li>
<li>Fix - Fixed performance of calling ICustomTypeDescriptor.GetProperties</li>
<li>Fix - Fixed serializing Enumerable.Empty and empty arrays on .NET Core 3.0</li>
<li>Fix - Fixed deserializing some collection types with constructor</li>
<li>Fix - Fixed deserializing IImmutableSet to ImmutableHashSet instead of ImmutableSortedSet</li>
<li>Fix - Fixed deserializing IImmutableDictionary to ImmutableDictionary instead of ImmutableSortedDictionary</li>
<li>Fix - Fixed deserializing into constructors with more than 256 parameters</li>
<li>Fix - Fixed hang when deserializing JTokenReader with preceding comment</li>
<li>Fix - Fixed JSONPath scanning with nested indexer</li>
<li>Fix - Fixed deserializing incomplete JSON object to JObject</li>
<li>Fix - Fixed using StringEnumConverter with naming strategy and specified values</li>
</ul>
<h2>12.0.2</h2>
<ul>
<li>New feature - Added MissingMemberHandling to JsonObjectAttribute and JsonObjectContract</li>
<li>New feature - Added constructor to JTokenReader to specify initial path</li>
<li>New feature - Added JsonProperty.IsRequiredSpecified</li>
<li>New feature - Added JsonContract.InternalConverter</li>
<li>Change - Moved embedded debug symbols in NuGet package to a symbol package on NuGet.org</li>
<li>Fix - Fixed deserializing nullable struct collections</li>
<li>Fix - Fixed memory link when serializing enums to named values</li>
<li>Fix - Fixed error when setting JsonLoadSettings.DuplicatePropertyNameHandling to Replace</li>
</ul>
<h2>12.0.1</h2>
<ul>
<li>New feature - Added NuGet package signing</li>
<li>New feature - Added Authenticode assembly signing</li>
<li>New feature - Added SourceLink support</li>
<li>New feature - Added constructors to StringEnumConverter for setting AllowIntegerValue</li>
<li>New feature - Added JsonNameTable and JsonTextReader.PropertyNameTable</li>
<li>New feature - Added line information to JsonSerializationException</li>
<li>New feature - Added JObject.Property overload with a StringComparison</li>
<li>New feature - Added JsonMergeSettings.PropertyNameComparison</li>
<li>New feature - Added support for multiple Date constructors with JavaScriptDateTimeConverter</li>
<li>New feature - Added support for strict equals and strict not equals in JSON Path queries</li>
<li>New feature - Added EncodeSpecialCharacters setting to XmlNodeConverter</li>
<li>New feature - Added trace message for serializing to non-writable properties</li>
<li>New feature - Added support for NamingStrategy to StringEnumConverter</li>
<li>New feature - Added JsonLoadSettings.DuplicatePropertyNameHandling setting</li>
<li>Change - JTokenReader now uses JsonReader.DateTimeZoneHandling setting for date values</li>
<li>Change - Excluded TargetSite when serializing Exceptions without SerializableAttribute</li>
<li>Change - Changed StringEnumConverter.ctor(bool camelCaseText) to obsolete</li>
<li>Change - Changed StringEnumConverter.CamelCaseText to obsolete</li>
<li>Fix - Fixed incorrect overflow when reading decimal values from JSON</li>
<li>Fix - Fixed error message when trying to deserialize an abstract serializable type</li>
<li>Fix - Fixed parsing decimals from a string with an exponent</li>
<li>Fix - Fixed losing DateTime.Kind when deserializing ISO date strings</li>
<li>Fix - Fixed calling constructors with ref and in parameters</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/JamesNK/Newtonsoft.Json/commit/7c3d7f8da7e35dde8fa74188b0decff70f8f10e3"><code>7c3d7f8</code></a> Update version to 12.0.3</li>
<li><a href="https://github.com/JamesNK/Newtonsoft.Json/commit/0688f3f206eefb1ad5e4f2d8dfe89eafa5988443"><code>0688f3f</code></a> Embiggen package icon</li>
<li><a href="https://github.com/JamesNK/Newtonsoft.Json/commit/cb09e67abe181d3a2b6eda424f9023cecf191493"><code>cb09e67</code></a> Update package to use embedded PackageIcon</li>
<li><a href="https://github.com/JamesNK/Newtonsoft.Json/commit/e27710ffaa6d31e0d3f6d03f9760ad1474bab2a8"><code>e27710f</code></a> Update version to 12.0.3-beta2</li>
<li><a href="https://github.com/JamesNK/Newtonsoft.Json/commit/23be46f665887c9be03faf7864ae98890ca08246"><code>23be46f</code></a> Fix using StringEnumConverter with naming strategy and specifie… (<a href="https://github-redirect.dependabot.com/JamesNK/Newtonsoft.Json/issues/2186">#2186</a>)</li>
<li><a href="https://github.com/JamesNK/Newtonsoft.Json/commit/ff6f51b667b7bb05b7f595c331074ecb6c93bd56"><code>ff6f51b</code></a> Added KebabCaseNamingStrategy</li>
<li><a href="https://github.com/JamesNK/Newtonsoft.Json/commit/baa1e21612cae4fb3d3b495e022e327afa50b946"><code>baa1e21</code></a> Fix deserializing incomplete JSON object to JObject (<a href="https://github-redirect.dependabot.com/JamesNK/Newtonsoft.Json/issues/2181">#2181</a>)</li>
<li><a href="https://github.com/JamesNK/Newtonsoft.Json/commit/541eab2fbd5495e77798af5b25f549cb2fbd15c6"><code>541eab2</code></a> Fix JSONPath scanning with nested indexer (<a href="https://github-redirect.dependabot.com/JamesNK/Newtonsoft.Json/issues/2180">#2180</a>)</li>
<li><a href="https://github.com/JamesNK/Newtonsoft.Json/commit/c89d6addf118745c4c14536ce64fd69566ebd644"><code>c89d6ad</code></a> Update dependencies from .NET Core 3.0 (<a href="https://github-redirect.dependabot.com/JamesNK/Newtonsoft.Json/issues/2179">#2179</a>)</li>
<li><a href="https://github.com/JamesNK/Newtonsoft.Json/commit/3219c47f74f279351548e8763946653f8cdc527e"><code>3219c47</code></a> Fix hang when deserializing JTokenReader with preceding comment (<a href="https://github-redirect.dependabot.com/JamesNK/Newtonsoft.Json/issues/2178">#2178</a>)</li>
<li>Additional commits viewable in <a href="https://github.com/JamesNK/Newtonsoft.Json/compare/10.0.3...12.0.3">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/configuring-github-dependabot-security-updates)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [avro] blachniet commented on a change in pull request #990: Bump Newtonsoft.Json from 10.0.3 to 12.0.3 in /lang/csharp
Posted by GitBox <gi...@apache.org>.
blachniet commented on a change in pull request #990:
URL: https://github.com/apache/avro/pull/990#discussion_r525723380
##########
File path: lang/csharp/src/apache/main/Avro.main.csproj
##########
@@ -56,7 +56,7 @@
<PrivateAssets>all</PrivateAssets>
<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
</PackageReference>
- <PackageReference Include="Newtonsoft.Json" Version="10.0.3" />
+ <PackageReference Include="Newtonsoft.Json" Version="12.0.3" />
Review comment:
Hey @iemejia,
We actually don't want to update this dependency in this library. There's an extended description of the problem [here](https://github.com/apache/avro/pull/981#discussion_r525692847).
The [docs here](https://dependabot.com/docs/config-file/) show how I can configure `ignored_updates` in the `dependabot.yml`. Is there a way I can test out locally that the configuration change is working?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [avro] iemejia commented on a change in pull request #990: Bump Newtonsoft.Json from 10.0.3 to 12.0.3 in /lang/csharp
Posted by GitBox <gi...@apache.org>.
iemejia commented on a change in pull request #990:
URL: https://github.com/apache/avro/pull/990#discussion_r525967084
##########
File path: lang/csharp/src/apache/main/Avro.main.csproj
##########
@@ -56,7 +56,7 @@
<PrivateAssets>all</PrivateAssets>
<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
</PackageReference>
- <PackageReference Include="Newtonsoft.Json" Version="10.0.3" />
+ <PackageReference Include="Newtonsoft.Json" Version="12.0.3" />
Review comment:
No idea, maybe this would appear in https://github.com/apache/avro/network/updates of your fork but not sure. Maybe enabling this in your fork will help you see it somewhere, notice that if you enable this in your fork you will be swamped by PR requests.
The syntax for github's dependabot is not the same of the one on your link, it is v2 and I have not found the docs for that, the closest I found was VS Code helping me with suggestions (It uses this schema https://json.schemastore.org/dependabot-2.0).
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [avro] iemejia commented on pull request #990: Bump Newtonsoft.Json from 10.0.3 to 12.0.3 in /lang/csharp
Posted by GitBox <gi...@apache.org>.
iemejia commented on pull request #990:
URL: https://github.com/apache/avro/pull/990#issuecomment-779238705
@dependabot rebase
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [avro] iemejia commented on a change in pull request #990: Bump Newtonsoft.Json from 10.0.3 to 12.0.3 in /lang/csharp
Posted by GitBox <gi...@apache.org>.
iemejia commented on a change in pull request #990:
URL: https://github.com/apache/avro/pull/990#discussion_r525967084
##########
File path: lang/csharp/src/apache/main/Avro.main.csproj
##########
@@ -56,7 +56,7 @@
<PrivateAssets>all</PrivateAssets>
<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
</PackageReference>
- <PackageReference Include="Newtonsoft.Json" Version="10.0.3" />
+ <PackageReference Include="Newtonsoft.Json" Version="12.0.3" />
Review comment:
No idea, maybe this would appear in https://github.com/apache/avro/network/updates of your fork but not sure. Maybe enabling this in your fork will help you see it somewhere, notice that if you enable this in your fork you will be swamped by PR requests.
The syntax for github's dependabot is not the same of the one on your link, it is v2 and I have not found the docs for that, the closest I found was VS Code helping me with suggestions (It uses this schema https://json.schemastore.org/dependabot-2.0).
```
ignore:
- dependency-name: Newtonsoft.Json
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [avro] iemejia commented on a change in pull request #990: Bump Newtonsoft.Json from 10.0.3 to 12.0.3 in /lang/csharp
Posted by GitBox <gi...@apache.org>.
iemejia commented on a change in pull request #990:
URL: https://github.com/apache/avro/pull/990#discussion_r525967524
##########
File path: lang/csharp/src/apache/main/Avro.main.csproj
##########
@@ -56,7 +56,7 @@
<PrivateAssets>all</PrivateAssets>
<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
</PackageReference>
- <PackageReference Include="Newtonsoft.Json" Version="10.0.3" />
+ <PackageReference Include="Newtonsoft.Json" Version="12.0.3" />
Review comment:
Feel free to close this PR then if we should not take this update.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [avro] dependabot[bot] commented on pull request #990: Bump Newtonsoft.Json from 10.0.3 to 12.0.3 in /lang/csharp
Posted by GitBox <gi...@apache.org>.
dependabot[bot] commented on pull request #990:
URL: https://github.com/apache/avro/pull/990#issuecomment-808846426
Superseded by #1160.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [avro] dependabot[bot] closed pull request #990: Bump Newtonsoft.Json from 10.0.3 to 12.0.3 in /lang/csharp
Posted by GitBox <gi...@apache.org>.
dependabot[bot] closed pull request #990:
URL: https://github.com/apache/avro/pull/990
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org