upgrading com.google.code.gson to 2.9.0

[Anoop Chitreddy]

Hi, 

We currently using wildfly-26.0.1.Final built using wildfly feature pack. Recently we were notified by our security team to upgrade to the latest version of gson i.e.(2.9.0).

We would be safe to upgrade gson to version  2.9.0 . I am asking this question because the module file for com.google.code.gson in wildfly is marking it as  a private  dependency 

------------------------------------------------------------------------------------------------------------------------

<module name="com.google.code.gson" xmlns="urn:jboss:module:1.9">

    <properties>
        <property name="jboss.api" value="private"/>
    </properties>

    <resources>
        <resource-root path="gson-2.8.9.jar"/>
    </resources>

    <dependencies>
        <module name="java.sql"/>
        <module name="javax.sql.api"/>
        <module name="sun.jdk"/>
    </dependencies>
</module>

------------------------------------------------------------------------------------------------------------------------

 

Appreciate your help.

Anoop 

[Jason Lee]

That should be fine, though sometimes minor releases can break things, so you'll probably want to test to make sure the update hasn't broken anything. 

Generally speaking, modules that aren't intended for direct use but end-user applications are marked as private. To my knowledge, nothing prevents you from using them, but you would do so at your own risk. Here, though, if you're just updating the dependency to make your security team happy, that should be safe enough.

Jason Lee

Principal Software Engineer

Red Hat JBoss EAP

--
You received this message because you are subscribed to the Google Groups "WildFly" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wildfly+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wildfly/bb8061f7-38d7-40dd-85b2-e06cd9620ad8n%40googlegroups.com.