kestra-io / plugin-scripts

https://kestra.io/plugins/
Apache License 2.0
9 stars 11 forks source link

chore(deps): bump org.python:jython-standalone from 2.7.3 to 2.7.4 #172

Closed dependabot[bot] closed 2 months ago

dependabot[bot] commented 3 months ago

Bumps org.python:jython-standalone from 2.7.3 to 2.7.4.

Changelog

Sourced from org.python:jython-standalone's changelog.

Jython 2.7.4

New Features

- When building a modular application or library, the jython-slim JAR may
  be placed on the *module* path [GH-325](https://github.com/jython/jython/issues/325). It will export its usual
  packages in an automatic module org.python.jython2. Application build
  tools that create a run script will generally add the dependencies of
  Jython to the module path automatically. The developer may have to add
  (via the build script) --add-modules ALL-MODULE-PATH to the java command
  to ensure that these dependencies are resolved.
  • The jython-standalone JAR (module org.python.jython2.standalone) may also be used. Many shaded (and some unshaded) dependencies are then duplicated in its module, which can be a problem. It may be necessary to --add-modules ALL-DEFAULT to ensure JDK classes are resolved.

Jython 2.7.4 is unchanged from 2.7.4rc1

Jython 2.7.4rc1 Bugs fixed - [ GH-344 ] Updated ucnhash.dat to Unicode 15.1. - [ GH-343 ] Export xml.parsers and xml.etree in xml.all. - [ GH-342 ] Update multiple JARs to latest available. - [ GH-331 ] Catch IndexError possible when accessing sys.argv.

Jython 2.7.4b2 Feature added - [ GH-325 ] Upward compatibility to Java 9 Modularity

Jython 2.7.4b1 Bugs fixed - [ GH-316 ] Clash over META-INF in shaded JARs - [ GH-310 ] CVE-2024-25710 and CVE-2024-26308 (commons-compress) - [ GH-304 ] from java import * not working in Java 21 - [ GH-302 ] Interactive interpreter awaits input instead of raising syntax error - [ GH-298 ] Keep better accounts of contribution and CLA - [ GH-288 ] Build fails when using modules (duplicate org.w3c from JARs) - [ GH-281 ] Invoking the wrong overloaded Java constructor - [ GH-280 ] LineNumberTable deprecated for removal in 2.6 still there - [ GH-277 ] Argument coercion fails for Java interface with default methods - [ GH-272 ] GlobalRef.createReaperThreadIfAbsent produces IllegalMonitorStateException - [ GH-269 ] Upgrade Google Guava to 32.0.1 (CVE-2023-2976) - [ GH-264 ] Create a security policy (changes on GitHub only) - [ GH-254 ] Regression in socket.socket.sendall for sending Unicode - [ GH-247 ] PySystemStateTest fails on Mac - [ GH-245 ] Document download/binaries location - [ GH-238 ] Using == to compare strings in sys - [ GH-223 ] JPasswordField no longer works due to 'bullet' echo char - [ GH-221 ] Incorrect method precedence with overloading and variable arity - [ GH-204 ] IllegalArgumentException: where char method returns non-byte value

... (truncated)

Commits
  • 3f256f4 Prepare for 2.7.4 release.
  • d04ff7f Begin to identify as v2.7.4rc2
  • 3562755 Prepare for 2.7.4rc1 release.
  • 245deba Now with sensible timeouts.
  • 66600ad Impose timeout on regrtest workflows
  • f14a91e Note blocked from updating Netty by issue 349
  • 7df6cbd Update Bouncy Castle JARs to 1.78.1
  • 115376c Update ICU4J JAR to 75.1
  • 640b6fd Update commons-io and Guava JARs
  • 967798c Update JLine to 2.14.6
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
tchiotludo commented 2 months ago

@dependabot rebase