Bump classgraph from 4.8.90 to 4.8.95

[dependabot-preview]

Bumps classgraph from 4.8.90 to 4.8.95.

Release notes

Sourced from classgraph's releases.

classgraph-4.8.95

• Expose package-private method MethodTypeSignature#getTypeParameters for getting method type parameters, e.g. T in void <T> doSomething() (#490, thanks to @lastrix for the request)

classgraph-4.8.94

• Make ClassInfo#extendsSuperclass("java.lang.Object") return true for all standard classes (i.e. for all classes except interface or annotation classes). (#486, thanks to @wheelerlaw for the bug report.)
• Make ClassInfo#getSubclasses(), where the ClassInfo object represents java.lang.Object, return all standard classes, rather than all classes. This is a change in behavior, but should represent the user's intent, since interfaces do not actually extend Object.

classgraph-4.8.93

A few changes to classloading:

1. If .overrideClassLoaders(...) or .overrideClasspath(...) is called before .scan(), then only the overrides are used (ClassGraph will not fall back to trying any other known classloaders). This might break things for some users, but it matches the expectation that should have been conveyed by the API.
2. If you run a scan inside a scan, and you call .overrideClassLoaders(MyClass.class.getClassLoader()), where MyClass was itself loaded by ClassGraph in the outer scan, using scanResult.getClassInfo("mypackage.MyClass").loadClass(), then the override classloader is actually an instance of ClassGraphClassLoader. This was not supported before, but it supported now as of this release. If you use this, then any classloading in the inner scan will first try loading classes with the ClassGraphClassLoader instance from the outer scan, and if that fails, then the inner scan's ClassGraphClassLoader will be tried. This is to allow for classes to be compatible between the outer scan and the inner scan, in cases where both scans find the same classes. (Classes that are identical but were loaded by different classloaders are not seen by the JRE as being the same class.) (#485, thanks to @TheSpiritXIII for the bug report.)

classgraph-4.8.92

Small update to previous release: strip final slash from URIs that end in an automatic package prefix, i.e. !/BOOT-INF/classes/ -> !/BOOT-INF/classes

classgraph-4.8.91

Added automatic package roots to classpath element URIs, e.g. for Spring-Boot applications. Previously if you called ClassGraph#getClasspathElementURIs(), you would get the URI for the Spring-Boot jar, rather than that URI with !/BOOT-INF/classes/ appended.

Thanks to Giuseppe Navato for the report.

Commits

• d7cc7c7 [maven-release-plugin] prepare release classgraph-4.8.95
• 26d6954 Merge branch 'latest' of https://github.com/classgraph/classgraph.git into la...
• a21bf7d Make getTypeParameters() public (#490)
• 33b6725 Fix error message
• 1505324 Fix Javadoc
• 8f95cc2 Merge pull request #489 from classgraph/dependabot/maven/org.openjdk.jmh-jmh-...
• bc50536 Merge pull request #488 from classgraph/dependabot/maven/org.openjdk.jmh-jmh-...
• dbbefc1 Bump jmh-generator-annprocess from 1.26 to 1.27
• c6062a5 Bump jmh-core from 1.26 to 1.27
• ff5ff68 [maven-release-plugin] prepare for next development iteration
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)