Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump io.github.classgraph:classgraph from 4.8.89 to 4.8.112 in /parent #1925

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Aug 6, 2024

Bumps io.github.classgraph:classgraph from 4.8.89 to 4.8.112.

Release notes

Sourced from io.github.classgraph:classgraph's releases.

classgraph-4.8.112

  • Added a secure version of DocumentBuilderFactory and XPATHFactory to prevent XXE (XML External Entity) attack when reading pom.xml file (#539, thanks to @​kshitizg for the pull request!).

classgraph-4.8.111

Allow globs when accepting/rejecting specific classes, e.g. new ClassGraph().acceptClasses("*.*Suffix") (#536, thanks to @​cushon for the request!)

classgraph-4.8.110

Add method AnnotationInfo#getParameterValues(boolean includeDefaultValues) so that defaults don't have to be included (#535, thanks to @​zerikv for requesting).

classgraph-4.8.109

Add support for Quarkus 1.13's new classloader. Thanks to @​itmrat01 for the code contribution! (#531, #532).

classgraph-4.8.108

JDK 11 classfile format compatibility fix (JDK 11 added a constant pool tag, and the classfile can't be read without knowing how long the corresponding constant pool entry is expected to be). (#527, thanks to @​haoyuf for reporting.)

classgraph-4.8.107

Fix classloader detection for TomEE JAX-RS endpoints (#515, thanks to @​Restage for detailed assistance in debugging this weird issue!).

classgraph-4.8.106

  • Support TomEE classloaders for JAX-RS endpoints (#515, thanks to @​Restage for the request)
  • Don't try reading user.dir (the current directory) unless it's on the classpath, since some security environments can't read the current directory (#520, thanks to @​elkman for the bug report).

classgraph-4.8.105

  • Fix potential NPE in verbose logging
  • Fix for zipfiles between 2GB and 4GB in size, when a zip entry's start position was past the 2GB point in the file (#514, thanks to @​cwmccann for the bug report)

classgraph-4.8.104

Improved verbose logging to include types of methods and fields.

Added a couple of missing methods to ClassInfoList for GraphViz visualization of inter-class dependency graphs.

classgraph-4.8.103

Fixed issue with duplication of automatic package roots (e.g. myjar.jar!/BOOT-INF/classes/BOOT-INF/classes/path/to/resource). (#505, thanks to @​michael-simons for the bug report and reproducer code.)

Also fixed an issue where closing the InputStream returned by Resource#open() wasn't marking the Resource as closed (which meant the resource couldn't be opened a second time).

classgraph-4.8.102

Further improvements in robustness to invalid type signatures that may be generated by the Scala compiler. (#495, thanks to @​jbracker.)

classgraph-4.8.101

Made type signature parsing more robust to errors -- the Scala compiler can generate illegal type signatures. (#495, thanks to @​jbracker for the report.)

classgraph-4.8.99

  • Fixed parsing of type parameters and type variables in Scala (these can contain a $ character in Scala, but you don't see that in Java). (#495, thanks to @​jbracker for the report and for submitting a minimal testcase.)
  • Fixed a couple of possible exceptions that could be thrown when parsing type annotations for type descriptors.

classgraph-4.8.98

Fix NPE in hashCode() and equals() methods of TypeArgument (#491, thanks to @​Tagakov for the fix!).

classgraph-4.8.97

... (truncated)

Commits

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

Bumps [io.github.classgraph:classgraph](https://github.com/classgraph/classgraph) from 4.8.89 to 4.8.112.
- [Release notes](https://github.com/classgraph/classgraph/releases)
- [Commits](classgraph/classgraph@classgraph-4.8.89...classgraph-4.8.112)

---
updated-dependencies:
- dependency-name: io.github.classgraph:classgraph
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Aug 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants