search

KorAP / KorAP-Tokenizer

DFA tokenizer with character offset output, large abbreviation tables and CMC support.
Apache License 2.0
1 stars 0 forks source link

Bump classgraph from 4.8.110 to 4.8.138 #45

Closed dependabot[bot] closed 2 years ago

dependabot[bot] commented 2 years ago

Bumps classgraph from 4.8.110 to 4.8.138.

Release notes

Sourced from classgraph's releases.

classgraph-4.8.138

  • Added two methods (thanks to @​FranGomezVenegas for requesting these, #608):

    • FieldInfoList ClassInfo#getEnumConstants(): returns all the enum constants of an enum class as FieldInfo objects (without loading the enum class).
    • List<Object> ClassInfo#getEnumConstantObjects(): returns all the enum constants of an enum class as objects of the same type as the enum (after loading the enum class and initializing enum constants).

  • Mitigate log4j2 vulnerability CVE-2021-44228: ClassGraph does not use log4j2, but does use the built-in Java logging framework, which may be redirected to the log4j2 framework by the calling environment. To be safe, ClassGraph now builds in a protection against this critical vulnerability.

classgraph-4.8.137

Fix illegal access warning on Adopt JDK for most usage (#605, thanks to @​UlrichLohrmann for the report)

classgraph-4.8.136

Contribution by @​tkrautinger (#604):

  • ClassInfo: Added isPrivate(), isProtected()
  • MethodInfo: Added isPrivate(), isProtected(), isAbstract(), isStrict()
  • FieldInfo: Added isPrivate(), isProtected(), isSynthetic(), isEnum()

classgraph-4.8.135

  • Fixed issue with resources remaining marked as open after close() was called on an InputStream opened on a module resource (#600 and #602, thanks to @​chrisr3)
  • Added Resource#readCloseable() that returns a CloseableByteBuffer that calls Resource#close() when CloseableByteBuffer#close() is called. (#600)

classgraph-4.8.134

Fixes a resource leak (ClassfileReader#close() wasn't closing the underlying resource). Thanks to @​chrisr3 for isolating the problem, and for providing a pull request complete with unit test! (#600)

classgraph-4.8.133

Fix a regression for in the OSGi manifest entries introduced in the previous version, 4.8.132 (#598, thanks to @​Roman-Skripka for the pull request).

classgraph-4.8.132

Fix a regression with OSGi runtime dependencies of ClassGraph (#597, thanks to @​tobias-- for the pull request).

classgraph-4.8.131

Catch unchecked exceptions and errors SecurityException, IllegalArgumentException and IOError in more places when dealing with Path and URI objects, to prevent issues when running with a security manager. Thanks to @​elkman for the pull request. (#594).

classgraph-4.8.130

Allow enableSystemJarsAndModules() to be used in conjunction with overrideClasspath() or overrideClassLoaders() (#592, thanks to @​roxspring for this contribution!).

classgraph-4.8.129

Add the ability to find resources by path glob by calling ScanResult#getResourcesMatchingWildcard(String wildcardString) (#588, thanks to @​jjlin for the request):

  • ** matches zero or more characters
  • * matches zero or more characters other than /
  • ? matches any one character
  • Any other valid Java regexp syntax is supported, such as character ranges in square brackets ([a-c]), with the exception of ., which is interpreted as a literal dot character (the single-character wildcard syntax is replaced with ?, as shown above).

classgraph-4.8.128

Optimize reflection by caching fields and methods of introspected classes by name.

classgraph-4.8.127

Fix illegal reflective access warning on stderr in JDK 11 (#579, thanks to @​josephlbarnett for reporting).

... (truncated)

Commits


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 2 years ago

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.