search

CGA1123 / dependabot-lein-runner

Run Dependabot for Clojure (lein)
https://github.com/dependabot/dependabot-core/pull/2769
MIT License
7 stars 2 forks source link

Bump org.clojure:clojure from 1.10.0 to 1.11.1 in /dummy #28

Open github-actions[bot] opened 2 years ago

github-actions[bot] commented 2 years ago

Bumps org.clojure:clojure from 1.10.0 to 1.11.1.

Changelog

Sourced from org.clojure:clojure's changelog.

Changes to Clojure in Version 1.11.1

  • CLJ-2701 Pin serialVersionUID for Keyword and ArraySeq back to 1.10.3 values to retain binary serialization

Changes to Clojure in Version 1.11.0

1 Compatibility

1.1 Security

Because XML external entity (XXE) attacks can be used to disclose local files using file schemes or relative paths in the system identifier, clojure.xml/parse now disables external entity processing by default.

See: https://owasp.org/www-community/vulnerabilities/XML_External_Entity_(XXE)_Processing

This change disables the following SAX parser features:

  • http://apache.org/xml/features/nonvalidating/load-external-dtd
  • http://xml.org/sax/features/external-general-entities
  • http://xml.org/sax/features/external-parameter-entities

If you rely on these features, modify your calls to clojure.xml/parse to explicitly supply startparse-sax function as the final argument: (clojure.xml/parse the-string clojure.xml/startparse-sax) This modification also works on prior Clojure versions.

  • CLJ-2611 clojure.xml now disables XXE processing by default

1.2 Dependencies

Updated dependencies:

  • spec.alpha dependency to 0.3.218 - changes
  • core.specs.alpha dependency to 0.2.62 - changes

2 Features

2.1 Keyword argument functions take a trailing map

Keyword arguments are optional trailing variadic arguments of the form akey aval bkey bval...​. In Clojure 1.11, functions taking keyword arguments can now be passed a map instead of or in addition to and following the key/value pairs. When a lone map is passed, it is used for destructuring, else a trailing map is added to the key/value pair map by conj.

Also see: https://clojure.org/news/2021/03/18/apis-serving-people-and-programs

  • CLJ-2603 Clojure keyword argument functions now also accept a map

2.2 :as-alias in require

... (truncated)

Commits
  • ce55092 [maven-release-plugin] prepare release clojure-1.11.1
  • cef38ab [maven-release-plugin] prepare for next development iteration
  • 3f1c36d [maven-release-plugin] prepare release clojure-1.11.1-rc1
  • e917dcc Update changelog for 1.11.1
  • 1da6b07 CLJ-2701 Set serialVersionUIDs for Keyword and ArraySeq to retain 1.10.3 values
  • 48818bd [maven-release-plugin] prepare for next development iteration
  • f376cf6 [maven-release-plugin] prepare release clojure-1.11.0
  • 9af0d1d [maven-release-plugin] prepare for next development iteration
  • 0971ce2 [maven-release-plugin] prepare release clojure-1.11.0-rc1
  • 7b102d8 CLJ-2695: parse-double test does not test out-of range values
  • Additional commits viewable in compare view