Upgrade dependencies

[chanikag]

failureaccess version to 1.0.3
json version to 3.0.0.wso2v7
gson version to 2.13.2

Purpose

Describe the problems, issues, or needs driving this feature/fix and include links to related issues in the following format: Resolves issue1, issue2, etc.

Goals

Describe the solutions that this feature/fix will introduce to resolve the problems described above

Approach

Describe how you are implementing the solutions. Include an animated GIF or screenshot if the change affects the UI (email [email protected] to review all UI text). Include a link to a Markdown file or Google doc if the feature write-up is too long to paste here.

User stories

Summary of user stories addressed by this change>

Release note

Brief description of the new feature or bug fix as it will appear in the release notes

Documentation

Link(s) to product documentation that addresses the changes of this PR. If no doc impact, enter “N/A” plus brief explanation of why there’s no doc impact

Training

Link to the PR for changes to the training content in https://github.com/wso2/WSO2-Training, if applicable

Certification

Type “Sent” when you have provided new/updated certification questions, plus four answers for each question (correct answer highlighted in bold), based on this change. Certification questions/answers should be sent to [email protected] and NOT pasted in this PR. If there is no impact on certification exams, type “N/A” and explain why.

Marketing

Link to drafts of marketing content that will describe and promote this feature, including product page changes, technical articles, blog posts, videos, etc., if applicable

Automation tests

• Unit tests

  Code coverage information

• Integration tests

  Details about the test cases and coverage

Security checks

• Followed secure coding standards in http://wso2.com/technical-reports/wso2-secure-engineering-guidelines? yes/no
• Ran FindSecurityBugs plugin and verified report? yes/no
• Confirmed that this PR doesn't commit any keys, passwords, tokens, usernames, or other secrets? yes/no

Samples

Provide high-level details about the samples related to this feature

Related PRs

List any other related PRs

Migrations (if applicable)

Describe migration steps and platforms on which migration has been tested

Test environment

List all JDK versions, operating systems, databases, and browser/versions on which this feature/fix was tested

Learning

Describe the research phase and any blog posts, patterns, libraries, or add-ons you used to solve the problem.

Summary by CodeRabbit

• Chores
  • Updated multiple dependency versions including Gson, Synapse, and JSON libraries to maintain compatibility and stability.
  • Added Gson as a dependency to the distribution module.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

The PR adds the Gson JSON library as a project dependency and updates versions for multiple Maven dependencies (Gson, JSON, Synapse, Carbon Analytics Common, and Failure Access) across three POM files.

Changes

Cohort / File(s)	Summary
Distribution module dependency distribution/pom.xml	Added com.google.code.gson:gson as a direct dependency
Integration module versions integration/pom.xml	Updated com.google.code.gson version 2.9.0 → 2.13.2; updated org.wso2.json version 3.0.0.wso2v4 → 3.0.0.wso2v7
Root POM dependency management and versions pom.xml	Added com.google.code.gson:gson to dependencyManagement and dependencies; bumped synapse.version (4.0.0-wso2v275 → 4.0.0-wso2v279), carbon.analytics.common.version (5.2.64 → 5.2.66), org.wso2.json.version (3.0.0.wso2v4 → 3.0.0.wso2v7), version.com.google.code.gson (2.13.1 → 2.13.2), and failureaccess.version (1.0.2 → 1.0.3)

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

🐰 Hopping through the JSON trees,
Gson versions float on the breeze,
Dependencies bundled, all neat and tight,
From WSO2 to the build's delight! 📦✨

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The PR description includes a brief summary of the dependency versions changed but leaves all required template sections (Purpose, Goals, Approach, etc.) as unfilled placeholders.	Fill in the required template sections, especially Purpose/Goals explaining why these specific versions were chosen, and Security checks confirming no keys/secrets were committed.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'Upgrade dependencies' accurately captures the main purpose of the PR, which updates three library dependency versions across multiple POM files.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0554564 and 911187a.

📒 Files selected for processing (3)

• distribution/pom.xml
• integration/pom.xml
• pom.xml

🔇 Additional comments (7)

distribution/pom.xml (1)

179-182: LGTM! New Gson dependency added correctly.

The dependency declaration correctly relies on version management from the parent POM, following Maven best practices for multi-module projects.

pom.xml (5)

1613-1617: LGTM! Gson dependency management added correctly.

The dependency is properly declared in dependencyManagement with version controlled by a property, enabling consistent version management across modules.

---

1712-1712: Synapse version updated to v279.

The update from v275 to v279 appears to be an incremental patch update. Verify that this version is compatible with other dependencies and contains the expected fixes or features.

---

1740-1740: LGTM! Carbon Analytics Common version updated.

The version update from 5.2.64 to 5.2.66 is an incremental patch update that should be safe.

---

1759-1759: LGTM! WSO2 JSON library version updated.

The update from wso2v4 to wso2v7 is an incremental build version update for this WSO2-maintained library.

---

1800-1800: Both versions are confirmed secure—no action needed.

Gson 2.13.2 is the latest non-vulnerable version, and failureaccess 1.0.3 has no known vulnerabilities. Proceed with these updates.

integration/pom.xml (1)

824-824: The property reference at line 487 in integration/pom.xml correctly resolves. The ${com.google.code.gson.version} property is properly defined locally at line 824 in the same file. While the root pom.xml uses a different property name (version.com.google.code.gson), this reflects intentional separation of property namespaces between files, not an inconsistency. Both properties hold the same version value (2.13.2), and the integration module's dependency declaration functions correctly.

Likely an incorrect or invalid review comment.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Ensure Java 8+ compatibility before updating Gson to 2.13.2.

Gson 2.12+ requires Java 8 or newer, as support for Java 7 was dropped. Verify that your codebase targets Java 8 minimum. Note that Gson 2.12+ introduced a breaking change where TypeToken can no longer capture type variables by default and will throw an exception if attempted. Gson 2.13.2 has no known vulnerabilities.

🤖 Prompt for AI Agents

In integration/pom.xml around line 824, you are upgrading Gson to 2.13.2 which
requires Java 8+, so ensure the build and project target Java >= 1.8: update pom
properties (maven.compiler.source/maven.compiler.target or toolchains) and
CI/JDK settings to use Java 8+; then scan the codebase for usages of TypeToken
capturing type variables (anonymous subclass vs raw TypeToken usage) and replace
problematic calls with explicit TypeToken.get(Type) or create proper anonymous
subclass instances to supply concrete types; run full build and tests to confirm
no TypeToken-related exceptions and that the project compiles on Java 8+.