Release notes
*Sourced from [classgraph's releases](https://github.com/classgraph/classgraph/releases).*
> ## classgraph-4.6.0
> **Major bugfix and performance release -- recommended update**
>
> **Performance improvements:**
>
> * Added a custom zipfile central directory parser to ClassGraph, which is able to read jarfiles nested inside jarfiles, to arbitrary nesting depth, without extracting the inner jars to temporary files (this is something the Java `ZipFile` API cannot do). This makes it significantly faster to scan fat jars that store their dependencies as nested jars (e.g. jars generated by Spring Boot).
> * As this was a large change, please report any behavioral changes or performance regressions in the [ClassGraph bugtracker](https://github-redirect.dependabot.com/classgraph/classgraph/issues).
> * Fixed a performance regression introduced at version 4.4.3 to do with extending scanning upwards to superclasses, interfaces and annotations that are defined outside whitelisted packages. ([#282](https://github-redirect.dependabot.com/classgraph/classgraph/issues/282), thanks to [**GedMarc**](https://github.com/GedMarc))
> * Implemented a number of other performance improvements that give a sizeable reduction in scan time.
>
> **New features:**
>
> * Even with scanning of system modules disabled (the default), you can whitelist individual system modules to scan, e.g. `.whitelistModules("java.base")`. (To enable scanning of all system modules, you can call `enableSystemJarsAndModules()`, as described below.)
> * `whitelistClasspathElementsContainingResourcePath(paths)` whitelists classpath elements that contain a resource with a specific path. For example, this can be used to scan only classpath elements that contain a specific configuration file.
> * `blacklistClasspathElementsContainingResourcePath(paths)` blacklists classpath elements that contain a resource with a specific path.
>
> **Bugfixes:**
>
> * Numerous bugfixes (too many to list) for robustness and handling of corner cases -- recommended upgrade.
> * Fixed `ClassInfo#getPackageName()`, which was returning the simplename of the class, not the package name. ([#276](https://github-redirect.dependabot.com/classgraph/classgraph/issues/276), thanks to [**danielpoq**](https://github.com/danielpoq))
> * Fixed "Calling `blacklistLibOrExtJars` without arguments causes an Exception" ([#277](https://github-redirect.dependabot.com/classgraph/classgraph/issues/277), thanks to [**larsgrefer**](https://github.com/larsgrefer))
> * Improved verbose logging output.
>
> **Breaking changes:**
>
> * `enableSystemPackages()` no longer calls `whitelistLibOrExtJars()`. You need to separately call `whitelistLibOrExtJars()` if you want to scan jars in JRE `lib/` or `ext/` directories in addition to `rt.jar` or the system modules.
> * `enableSystemPackages()` was deprecated and now calls a new method with a more correct name, `enableSystemJarsAndModules()`.
> * `ClassGraph#stripZipSFXHeaders()` was removed, as it did nothing useful.
> * Classes intended for internal-only use were moved to a "noapi" package, which is not exported in the JPMS module descriptor.
>
> **Code cleanups:**
>
> * Incorporated a large number of static code analysis fixes from [**larsgrefer**](https://github.com/larsgrefer) ([#279](https://github-redirect.dependabot.com/classgraph/classgraph/issues/279)) -- huge thanks for all your contributions towards this release, Lars!
> * Lots of refactoring and code cleanups.
Commits
- See full diff in [compare view](https://github.com/classgraph/classgraph/commits)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
- `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme
Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com):
- Update frequency (including time of day and day of week)
- Automerge options (never/patch/minor, and dev/runtime dependencies)
- Pull request limits (per update run and/or open at any time)
- Out-of-range updates (receive only lockfile updates, if desired)
- Security updates (receive only security updates, if desired)
Finally, you can contact us by mentioning @dependabot.
Bumps classgraph from 4.4.12 to 4.6.0.
Release notes
*Sourced from [classgraph's releases](https://github.com/classgraph/classgraph/releases).* > ## classgraph-4.6.0 > **Major bugfix and performance release -- recommended update** > > **Performance improvements:** > > * Added a custom zipfile central directory parser to ClassGraph, which is able to read jarfiles nested inside jarfiles, to arbitrary nesting depth, without extracting the inner jars to temporary files (this is something the Java `ZipFile` API cannot do). This makes it significantly faster to scan fat jars that store their dependencies as nested jars (e.g. jars generated by Spring Boot). > * As this was a large change, please report any behavioral changes or performance regressions in the [ClassGraph bugtracker](https://github-redirect.dependabot.com/classgraph/classgraph/issues). > * Fixed a performance regression introduced at version 4.4.3 to do with extending scanning upwards to superclasses, interfaces and annotations that are defined outside whitelisted packages. ([#282](https://github-redirect.dependabot.com/classgraph/classgraph/issues/282), thanks to [**GedMarc**](https://github.com/GedMarc)) > * Implemented a number of other performance improvements that give a sizeable reduction in scan time. > > **New features:** > > * Even with scanning of system modules disabled (the default), you can whitelist individual system modules to scan, e.g. `.whitelistModules("java.base")`. (To enable scanning of all system modules, you can call `enableSystemJarsAndModules()`, as described below.) > * `whitelistClasspathElementsContainingResourcePath(paths)` whitelists classpath elements that contain a resource with a specific path. For example, this can be used to scan only classpath elements that contain a specific configuration file. > * `blacklistClasspathElementsContainingResourcePath(paths)` blacklists classpath elements that contain a resource with a specific path. > > **Bugfixes:** > > * Numerous bugfixes (too many to list) for robustness and handling of corner cases -- recommended upgrade. > * Fixed `ClassInfo#getPackageName()`, which was returning the simplename of the class, not the package name. ([#276](https://github-redirect.dependabot.com/classgraph/classgraph/issues/276), thanks to [**danielpoq**](https://github.com/danielpoq)) > * Fixed "Calling `blacklistLibOrExtJars` without arguments causes an Exception" ([#277](https://github-redirect.dependabot.com/classgraph/classgraph/issues/277), thanks to [**larsgrefer**](https://github.com/larsgrefer)) > * Improved verbose logging output. > > **Breaking changes:** > > * `enableSystemPackages()` no longer calls `whitelistLibOrExtJars()`. You need to separately call `whitelistLibOrExtJars()` if you want to scan jars in JRE `lib/` or `ext/` directories in addition to `rt.jar` or the system modules. > * `enableSystemPackages()` was deprecated and now calls a new method with a more correct name, `enableSystemJarsAndModules()`. > * `ClassGraph#stripZipSFXHeaders()` was removed, as it did nothing useful. > * Classes intended for internal-only use were moved to a "noapi" package, which is not exported in the JPMS module descriptor. > > **Code cleanups:** > > * Incorporated a large number of static code analysis fixes from [**larsgrefer**](https://github.com/larsgrefer) ([#279](https://github-redirect.dependabot.com/classgraph/classgraph/issues/279)) -- huge thanks for all your contributions towards this release, Lars! > * Lots of refactoring and code cleanups.Commits
- See full diff in [compare view](https://github.com/classgraph/classgraph/commits)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired) Finally, you can contact us by mentioning @dependabot.