Closed dependabot[bot] closed 4 years ago
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version
or @dependabot ignore this minor version
.
If you change your mind, just re-open this PR and I'll resolve any conflicts on it.
Bumps dom4j from 2.1.0 to 2.1.1.
Release notes
*Sourced from [dom4j's releases](https://github.com/dom4j/dom4j/releases).* > ## version-2.1.1 > Bug fix release. > > # Potential breaking changes > * If you use some optional dependency of dom4j (for example Jaxen, xsdlib etc.), you need to specify an explicit dependency on it in your project. They are no longer marked as a mandatory transitive dependency by dom4j. > * Following SAX parser features are disabled by default in `DocumentHelper.parse()` for security reasons (they were enabled in previous versions): > * `http://xml.org/sax/properties/external-general-entities` > * `http://xml.org/sax/properties/external-parameter-entities` > > # Fixed issues > * [#28](https://github-redirect.dependabot.com/dom4j/dom4j/issues/28) Possible vulnerability of `DocumentHelper.parseText()` to XML injection (reported by [@s0m30ne](https://github.com/s0m30ne)) > * [#34](https://github-redirect.dependabot.com/dom4j/dom4j/issues/34) CVS directories left in the source tree (reported by [@ebourg](https://github.com/ebourg)) > * [#38](https://github-redirect.dependabot.com/dom4j/dom4j/issues/38) XMLWriter does not escape supplementary unicode characters correctly (reported by [@abenkovskii](https://github.com/abenkovskii)) > * [#39](https://github-redirect.dependabot.com/dom4j/dom4j/issues/39) writer.writeOpen(x) doesn't write namespaces (reported by [@borissmidt](https://github.com/borissmidt)) > * [#40](https://github-redirect.dependabot.com/dom4j/dom4j/issues/40) concurrency problem with `QNameCache` ([@jbennett2091](https://github.com/jbennett2091)) > * [#43](https://github-redirect.dependabot.com/dom4j/dom4j/issues/43) and [#46](https://github-redirect.dependabot.com/dom4j/dom4j/issues/46) all dependencies are optional (reported by [@Zardoz89](https://github.com/Zardoz89) and [@vmassol](https://github.com/vmassol)) > * [#44](https://github-redirect.dependabot.com/dom4j/dom4j/issues/44) SAXReader: hardcoded namespace features (reported by [@philippeu](https://github.com/philippeu)) > * [#48](https://github-redirect.dependabot.com/dom4j/dom4j/issues/48) validate `QName`s (reported by [@mario-areias](https://github.com/mario-areias)) >Commits
- [`b408f43`](https://github.com/dom4j/dom4j/commit/b408f43b5abc0b0f408819e620bd69e72248352f) Fix bug in encoding whitespaces introduced with bugfix of [#38](https://github-redirect.dependabot.com/dom4j/dom4j/issues/38). - [`b3d9226`](https://github.com/dom4j/dom4j/commit/b3d92267cc91bb898c8301d30368b21f0468513a) Add files via upload - [`75e59b1`](https://github.com/dom4j/dom4j/commit/75e59b16c12c2202b4fbd7545ac3efc99aa014ff) [#38](https://github-redirect.dependabot.com/dom4j/dom4j/issues/38) Support for supplementary unicode characters in XMLWriter. - [`351bfef`](https://github.com/dom4j/dom4j/commit/351bfef0ad5c5e5328758981797f80beba1d017d) [#39](https://github-redirect.dependabot.com/dom4j/dom4j/issues/39) XMLWriter.writeOpen(Element) writes namespaces declared directly on element. - [`53f923a`](https://github.com/dom4j/dom4j/commit/53f923ad459caa70f16f43bd3cb3d474db9818b4) [#28](https://github-redirect.dependabot.com/dom4j/dom4j/issues/28) Disable downloading external resources by default. - [`161078a`](https://github.com/dom4j/dom4j/commit/161078a8a520dcd1db6d451190f2434d56547664) [#44](https://github-redirect.dependabot.com/dom4j/dom4j/issues/44) Default SAXParser features are set when SAXParser is created, so they can... - [`92d8795`](https://github.com/dom4j/dom4j/commit/92d87957c4c4948d048ff7729c77ba10474f73ae) Fix tests with invalid QNames. - [`8f6a7f6`](https://github.com/dom4j/dom4j/commit/8f6a7f6001d679176c1079ac65871d4e493360db) [#28](https://github-redirect.dependabot.com/dom4j/dom4j/issues/28) Disable downloading external resources with DocumentHelper.parseText() he... - [`983701f`](https://github.com/dom4j/dom4j/commit/983701fed49ed477c5858bb945a673c96dc60a4d) [#34](https://github-redirect.dependabot.com/dom4j/dom4j/issues/34) Remove old CVS files from repository. - [`239569f`](https://github.com/dom4j/dom4j/commit/239569f25a3d1d0186feb5943591191a32aa38a1) [#46](https://github-redirect.dependabot.com/dom4j/dom4j/issues/46) Jaxen is optional dependency only - Additional commits viewable in [compare view](https://github.com/dom4j/dom4j/compare/version-2.1.0...version-2.1.1)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/JoyChou93/java-sec-code/network/alerts).