Fixed handling of URLs like jar:file:jarname.jar!/ (these were being skipped -- #625, thanks to @edeso for reporting this.)
Improved logging of FileNotFoundException for missing jars.
classgraph-4.8.140
Fixes #651 (NPE in JBossClassLoaderHandler) via #652 -- thanks to @arthware for the fix!
classgraph-4.8.139
Bugfixes:
Fix to work with newer Quarkus classloader (#641, thanks to @michael-simons for the fix in #642!).
If an override classloader is an AppClassLoader, also scan the traditional classpath (#639, thanks to @limbic-derek for the report).
Fix for parsing error if Kotlin function names contain parentheses (#645). Also fixes a potential stack overflow in this case.
New feature:
Added support for getting the exceptions thrown by a method (#633, thank you to @jkschneider for submitting the complete implementation of this feature, in #637!)
FieldInfoList ClassInfo#getEnumConstants(): returns all the enum constants of an enum class as FieldInfo objects (without loading the enum class).
List<Object> ClassInfo#getEnumConstantObjects(): returns all the enum constants of an enum class as objects of the same type as the enum (after loading the enum class and initializing enum constants).
Mitigate log4j2 vulnerability CVE-2021-44228: ClassGraph does not use log4j2, but does use the built-in Java logging framework, which may be redirected to the log4j2 framework by the calling environment. To be safe, ClassGraph now builds in a protection against this critical vulnerability.
classgraph-4.8.137
Fix illegal access warning on Adopt JDK for most usage (#605, thanks to @UlrichLohrmann for the report)
Fixed issue with resources remaining marked as open after close() was called on an InputStream opened on a module resource (#600 and #602, thanks to @chrisr3)
Added Resource#readCloseable() that returns a CloseableByteBuffer that calls Resource#close() when CloseableByteBuffer#close() is called. (#600)
classgraph-4.8.134
Fixes a resource leak (ClassfileReader#close() wasn't closing the underlying resource). Thanks to @chrisr3 for isolating the problem, and for providing a pull request complete with unit test! (#600)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot]
commented
2 years ago
Bumps classgraph from 4.8.133 to 4.8.141.
Release notes
Sourced from classgraph's releases.
Commits
0d0fb66[maven-release-plugin] prepare release classgraph-4.8.1419ea553aMake URL handling more robust (#625)ba7c375Update README.md6f507c2Update README.md53b4434Update README.md151aa07Update README.mdfd8b7cf[maven-release-plugin] prepare for next development iteration052270d[maven-release-plugin] prepare release classgraph-4.8.14044cb42eMerge pull request #652 from actico/bugfix/#651-fix-npe7afa63b#651 fixes NPE in JbossClassLoaderHandlerDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)