schxslt / schxslt-java

Java classes for Schematron validation with SchXslt
MIT License
7 stars 4 forks source link

Bump xmlresolver from 2.1.1 to 5.2.0 #190

Closed dependabot[bot] closed 3 months ago

dependabot[bot] commented 1 year ago

Bumps xmlresolver from 2.1.1 to 5.2.0.

Release notes

Sourced from xmlresolver's releases.

5.2.0

Version 5.2.0 adds a new API for constructing a catalog directly from a stream of SAX events. This makes it possible to construct a catalog directly from a database, for example, or from a novel format.

5.1.3

Fixes a small bug wherein same document references were not handled correctly if the ALWAYS_RESOLVE feature was true.

5.1.2

This release removes the (transitive) dependency on the xml-apis jar file. There's also one new log message for tracking catalogs that are loaded.

5.1.1

Enforce ACCESS_* features when opening connections

The new ALWAYS_RESOLVE feature means that the resolver will sometimes access resources on behalf of the caller (ones that were not found in the catalog). That feature failed to take the ACCESS_EXTERNAL_DOCUMENT and ACCESS_EXTERNAL_ENTITY features into consideration.

5.1.0

The 5.1.0 release fixes a significant bug in the new ALWAYS_RESOLVE feature. See #133

5.0.0

The Java contract for the entity resolver is to return null if the entity isn't found. Unfortunately, redirects are common these days (for example, w3.org redirects all http: URIs to https: URIs) and parsers don't always follow redirects, so if the resolver returns null, the parse fails. That's...suboptimal.

This release adds a new feature ResolverFeature.ALWAYS_RESOLVE that will resolve the resource (and follow redirects to do so) and always return it. This feature is true by default.

This release also extends the ResolverInputSource to expose the response code (if applicable) and headers (if available) from the response.

4.6.4

What's Changed

  • Fixed #126 where an input document without a base URI (e.g., one with a null systemId) would cause an NPE
  • Fixed #127 where attempting to parse a RDDL document wasn't following redirects
  • Fussed with the CI process. There was no 4.6.1, 4.6.2, or 4.6.3 published release.

The W3C now redirects http: URIs to https: URIs, so you can't load namepace documents unless you follow redirects.

4.6.0

This release contains two changes:

  1. I've fixed the bug where a catalog.xml file on the classpath (if the classpath pointed to a directory, for example) would not be loaded.
  2. It's now possible to set properties with either Java system properties or environment variables. (There are places where it's tricky to set system properties, and the C# version already supported environment variables, so it seemed reasonable).

4.5.2

This release fixes a few bugs.

What's Changed

Full Changelog: https://github.com/xmlresolver/xmlresolver/compare/4.5.1...4.5.2

4.5.1

... (truncated)

Commits
  • c59628a Merge pull request #147 from xmlresolver/ver-520
  • d9c3da7 XML Resolver 5.2.0 release
  • 2502d31 Remove dead repo
  • 2a5fa4a Merge pull request #146 from ndw/improve-docs
  • 6b74e8c Improved JavaDoc for the SAX loader
  • 9c82811 Improved; added notes about ALWAYS_RESOLVE and SAX producer
  • 78c14bb Merge pull request #145 from ndw/loader-test
  • f979f55 Add a unit test for the SaxProducer loader
  • 33dd7c3 Merge pull request #144 from ndw/gradle8
  • a71aa89 Upgrade build to Gradle 8.1.1
  • Additional commits viewable in compare view


Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

dependabot[bot] commented 3 months ago

Superseded by #206.