Bump jaxen:jaxen from 2.0.4 to 2.0.5

[dependabot]

Bumps jaxen:jaxen from 2.0.4 to 2.0.5.

Release notes

Sourced from jaxen:jaxen's releases.

2.0.5

Version 2.0.5 converts still more recursive algorithms in the core parser to safer iterative forms. This enables Jaxen to handle even larger and more complex XPath expressions.

For the recursive code that remains, higher level evaluation and parsing now catches stack overflow errors if they do occur, and wraps them inside a regular checked JaxenException so it won't bring down the entire program. This should be fairly robust and complete protection against DoS attacks on recursive code, even with arbitrary untrusted input. I don't know why I didn't think of this earlier. I probably just had an unquestioned rule in my head that you can't recover from errors, which isn't actually true in the case of stack overflow errors.

PRs

• Bump org.apache.maven.plugins:maven-project-info-reports-plugin from 3.6.2 to 3.9.0 by @​dependabot[bot] in jaxen-xpath/jaxen#426
• Bump org.apache.maven.plugins:maven-assembly-plugin from 3.7.1 to 3.8.0 by @​dependabot[bot] in jaxen-xpath/jaxen#425
• Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.10.1 to 3.12.0 by @​dependabot[bot] in jaxen-xpath/jaxen#422
• Bump org.apache.maven.plugins:maven-resources-plugin from 3.3.1 to 3.5.0 by @​dependabot[bot] in jaxen-xpath/jaxen#423
• Upgrade XOM to 1.4.2 and fix Java 8 ElementTraversal classpath breakage by @​Copilot in jaxen-xpath/jaxen#428
• Resolve unresolved Maven site variables and enforce static HTML/CSS-only Pages output by @​Copilot in jaxen-xpath/jaxen#430
• remove public modifier from interfaces by @​hduelme in jaxen-xpath/jaxen#172
• don't fully qualify SAXPathException by @​elharo in jaxen-xpath/jaxen#439
• Fix unterminated string literal handling and add regression tests at lexer and API levels by @​Copilot in jaxen-xpath/jaxen#433
• avoid recursion by @​elharo in jaxen-xpath/jaxen#431
• remove debugging code by @​elharo in jaxen-xpath/jaxen#446
• deprecate simplify by @​elharo in jaxen-xpath/jaxen#445
• Inline dead PatternParser.USE_HANDLER branch by @​Copilot in jaxen-xpath/jaxen#448
• deprecate simplify by @​elharo in jaxen-xpath/jaxen#449
• Suppress javac obsolete-options warnings for Java 1.5 target builds by @​Copilot in jaxen-xpath/jaxen#453
• add 2.0.4 release notes by @​elharo in jaxen-xpath/jaxen#456
• Fix XPath union precedence relative to additive expressions by @​Copilot in jaxen-xpath/jaxen#460
• Remove recursion from union operations by @​elharo in jaxen-xpath/jaxen#455
• Avoid recursion when processing and and or by @​elharo in jaxen-xpath/jaxen#461
• Prevent parser stack overflow on deeply nested parenthesized filter expressions by @​Copilot in jaxen-xpath/jaxen#462
• Bump org.apache.maven.plugins:maven-gpg-plugin from 3.2.7 to 3.2.8 by @​dependabot[bot] in jaxen-xpath/jaxen#468
• Bump org.apache.maven.plugins:maven-jar-plugin from 3.3.0 to 3.5.0 by @​dependabot[bot] in jaxen-xpath/jaxen#469
• Bump org.apache.maven.plugins:maven-surefire-report-plugin from 3.5.1 to 3.5.5 by @​dependabot[bot] in jaxen-xpath/jaxen#466
• Bump com.github.siom79.japicmp:japicmp-maven-plugin from 0.23.1 to 0.26.0 by @​dependabot[bot] in jaxen-xpath/jaxen#465
• Characterization tests for the pattern package by @​elharo in jaxen-xpath/jaxen#470
• Revise Jaxen 2.0.4 change history details by @​elharo in jaxen-xpath/jaxen#472
• Update release notes for version 2.0.4 by @​elharo in jaxen-xpath/jaxen#474
• Switch release workflow to PR-based handoff for protected master by @​Copilot in jaxen-xpath/jaxen#476
• Update version number to 2.0.4 in index.xml by @​elharo in jaxen-xpath/jaxen#477
• Update index.xml before release by @​elharo in jaxen-xpath/jaxen#478
• Release 2.0.4: commit release and prepare 2.1.0-SNAPSHOT by @​github-actions[bot] in jaxen-xpath/jaxen#479
• Fix release PR body formatting and add publish-before-merge guidance by @​Copilot in jaxen-xpath/jaxen#481
• Eliminate stack overflows from deep left-recursive binary XPath chains by @​Copilot in jaxen-xpath/jaxen#464
• Eliminate recursion in getText and toString by @​elharo in jaxen-xpath/jaxen#483
• Avoid stack overflow in DOM DocumentNavigator#getStringValue for deeply nested documents by @​Copilot in jaxen-xpath/jaxen#485
• Make JDOM element string-value traversal iterative to prevent deep-tree stack overflows by @​Copilot in jaxen-xpath/jaxen#487
• Prevent stack overflow when DOM attribute iteration skips long xmlns:* runs by @​Copilot in jaxen-xpath/jaxen#490
• Catch and wrap StackOverflowError in XPath parse/evaluation entry points by @​Copilot in jaxen-xpath/jaxen#496
• Fix unbounded stack recursion in DefaultBinaryExpr.evaluate() across distinct operator types by @​Copilot in jaxen-xpath/jaxen#494
• Document changes for Jaxen version 2.0.5 by @​elharo in jaxen-xpath/jaxen#498
• Cleanup STAR tokens by @​elharo in jaxen-xpath/jaxen#499
• Fix StackOverflowError on deeply nested XPath predicates by @​Copilot in jaxen-xpath/jaxen#492
• Update release version to 2.0.4 in releases.xml by @​elharo in jaxen-xpath/jaxen#497
• ignore aider by @​elharo in jaxen-xpath/jaxen#508

... (truncated)

Commits

• 611d5b9 Release 2.0.5
• 942c5e2 Bump com.github.siom79.japicmp:japicmp-maven-plugin (#511)
• 91b2e4c Bump org.apache.maven.plugins:maven-source-plugin from 3.3.1 to 3.4.0 (#509)
• c2fb854 Bump org.apache.maven.plugins:maven-surefire-plugin from 3.5.1 to 3.5.6 (#510)
• e0d1bbc Bump org.apache.maven.plugins:maven-enforcer-plugin from 3.6.2 to 3.6.3 (#512)
• 23ceed8 Handle lang() on empty/null context node with explicit `FunctionCallExcepti...
• 980aa9d more ignore (#508)
• 43b9cc0 Update release version to 2.0.4 in releases.xml (#497)
• c1bec05 Fix StackOverflowError on deeply nested XPath predicates (#492)
• ad22a04 Cleanup STAR tokens (#499)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)