Release a new version of gson-extras

[eamonnmcmanus]

I have been operating under the assumption that the extras project had no Maven Central artifacts, but that's not true! We have com.google.code.gson:gson-extras, last released in 2018. Not much has happened since, but there is at least a change to RuntimeTypeAdapterFactory to give it a recognizeSubtypes() method. The existing artifact also has a CVE logged against it, and even though that is actually not a security problem at all, it would be nicer for it not to be there.

I tried releasing a new version with the existing configuration, but it didn't work. It got as far as making a git tag and everything, but then said:

[INFO] [INFO] --- maven-deploy-plugin:3.1.3:deploy (default-deploy) @ gson-extras ---
[INFO] [INFO] Skipping artifact deployment

I'm sure there's some refinement needed to extras/pom.xml, probably similar to what's in gson/pom.xml.

We should also correct this statement in the README:

The artifacts created by this module are currently not deployed to Maven Central.

(It's technically correct, I suppose, since it says that "are currently not deployed", not that they never have been deployed.)

[Marcono1234]

Related / similar previous issues (also give some explanation why it was not published yet):

• gson-extras not available in The Central Repository #845
• gson-extras is not available as a Maven artifact #1104
• Export extra folder to maven central #1123

---

Maybe blocked by #2042
We could probably solve this by adding a module-info to gson-extras as well, and then in gson's module-info export those packages to gson-extras only.

---

I tried releasing a new version with the existing configuration, but it didn't work. It got as far as making a git tag and everything, but then said [...]

Probably due to this in pom.xml:

gson/extras/pom.xml

Line 37 in 528fd31

<gson.isInternalModule>true</gson.isInternalModule>

---

extras project had no Maven Central artifacts, but that's not true! We have com.google.code.gson:gson-extras, last released in 2018

https://mvnrepository.com (which is not the official Maven Central web interface) also lists third-party repositories. It seems gson-extras was deployed to the repository of CronApp (by them probably), but not to Maven Central.

So if we were to release gson-extras to Maven Central it would be the first public release. Maybe we should first go through the API and implementation to make sure there are no obvious issues (e.g. leaking implementation details in API, ...) because afterwards it might be difficult to fix this without breaking backward compatibility. Technically even now it could break backward compatibility in case users have copied the gson-extras code to their projects, but maybe the risk for that is lower (and in the worst case they could keep using their local copy).

[eamonnmcmanus]

I guess I should have researched this a bit more carefully. It's just as well my attempt to deploy failed. :-)
I'm thinking it might nevertheless make sense to release extras, but I agree that we should look at the APIs a bit more carefully first.
FWIW extras is available to Google-internal code, but has relatively few users.
One possible motivation would be as a place to house adapters for Guava immutable collections. Internally, we have a number of places where people are implicitly relying on the bugs that would be fixed by #2068. I've mostly corrected those places with a GuavaCollectionsTypeAdapterFactory, which could go in extras and have a possibly-optional dependency on Guava.