search

cessda / cessda.cvs.two

Apache License 2.0
0 stars 2 forks source link

Bump jsoup from 1.14.3 to 1.15.3 #1

Closed dependabot[bot] closed 1 year ago

dependabot[bot] commented 1 year ago

Bumps jsoup from 1.14.3 to 1.15.3.

Release notes

Sourced from jsoup's releases.

jsoup 1.15.3

jsoup 1.15.3 is out now, and includes a security fix for potential XSS attacks, along with other bug fixes and improvements, including more descriptive validation error messages.

Details:

jsoup 1.15.2 is out now with a bunch of improvements and bug fixes.

jsoup 1.15.1 is out now with a bunch of improvements and bug fixes.

Changelog

Sourced from jsoup's changelog.

jsoup changelog

Release 1.16.1 [PENDING]

  • Improvement: Calling Node.remove() on a node with no parent is now a no-op, vs a validation error. jhy/jsoup#1898

  • Bugfix: Corrected support for ruby elements (, , , and ) to current spec. jhy/jsoup#1294

  • Bugfix: When using Node.before(node) or Node.after(node), if the incoming node was a sibling of the context node, the incoming node may be inserted into the wrong relative location. jhy/jsoup#1898

  • Bugfix: In Jsoup.connect(url), if the input URL had components that were already % escaped, they would be escaped again, causing errors when fetched. jhy/jsoup#1902

Release 1.15.4 [18-Feb-2023]

  • Improvement: added the ability to escape CSS selectors (tags, IDs, classes) to match elements that don't follow regular CSS syntax. For example, to match by classname , use document.select("p.one\.two"); jhy/jsoup#838

  • Improvement: when pretty-printing, wrap text that follows a tag. jhy/jsoup#1858

  • Improvement: when pretty-printing, normalize newlines that follow self-closing tags in custom tags. jhy/jsoup#1852

  • Improvement: when pretty-printing, collapse non-significant whitespace between a block and an inline tag. jhy/jsoup#1802

  • Improvement: in Element#forEach and Node#forEachNode, use java.util.function.Consumer instead of the previous Android compatibility shim org.jsoup.helper.Consumer. Subsequently, the latter has been deprecated. jhy/jsoup#1870

  • Improvement: added a new method Document#forms(), to conveniently retrieve a List containing the elements in a document.

  • Improvement: added a new method Document#expectForm(query), to find the first matching FormElement, or blow up trying.

  • Bugfix: URLs containing characters such as [ and ] were not escaped correctly, and would throw a MalformedURLException when fetched. jhy/jsoup#1873

  • Bugfix: Element.cssSelector would create invalid selectors for elements where the tag name, ID, or classnames needed to be escaped (e.g. if a class name contained a ':' or '.'). jhy/jsoup#1742

  • Bugfix: element.text() should have a space between a block and an inline element.

... (truncated)

Commits
  • c596417 [maven-release-plugin] prepare release jsoup-1.15.3
  • d2d9ac3 Changelog for URL cleaner improvement
  • 4ea768d Strip control characters from URLs when resolving absolute URLs
  • 985f1fe Include help link for malformed URLs
  • 6b67d05 Improved Validate error messages
  • 653da57 Normalized API doc link
  • 5ed84f6 Simplified the Test Server startup
  • c58112a Set the read size correctly when capped
  • fa13c80 Added jar manifest default implementation entries.
  • 5b19390 Bump maven-resources-plugin from 3.2.0 to 3.3.0 (#1814)
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/cessda/cessda.cvs.two/network/alerts).
dependabot[bot] commented 1 year ago

Superseded by #496.