Bump xmlresolver from 1.0.8 to 3.0.2

[dependabot-preview]

Bumps xmlresolver from 1.0.8 to 3.0.2.

Release notes

Sourced from xmlresolver's releases.

XML Resolver version 3.0.2

The 3.0.2 release fixes a few bugs.

• The catalog loader was not resolving XML Catalog DTDs against local versions. This could cause catalogs to fail to load if the system identifier was unreachable. (Issue #47)
• The validating catalog loader requires org.relaxng:jing:20181222 to be on your classpath. (This is not a new requirement, but it was not documented in previous releases.)
• The code that created the resource cache would fail if more than one level of subdirectory had to be created.
• There was a bug in cache initialization where it was possible for the cache to be created without creating a cache control file. In this circumstance, all URIs would be cached, even file: and jar:file URIs that probably shouldn’t be. If you’re using the cache, it might be prudent to review what’s been cached.
• If the cache is not successfully initialized, caching is explicitly disabled.
• The dependencies on logging libraries have been reworked so that it should be easier to integrate the resolver into your application. The XML Resolver API uses the slf4j-api but does not include a concrete logging back end.
• It has been reported that 1.x versions of the XML Resolver did not handle a trailing slash in the uriStartString the same way that the 3.x resolver does. It was determined that this is a bug in the 1.x version and the current behavior is correct.
• Improved the way excluded URIs are handled. Added path: URIs to the set of URI patterns excluded from local caching. The path: scheme is used by C# to address into assemblies. It’s excluded here in case the same cache is shared between different applications. (Issue #45)
• A number of improvements were made to the unit tests.

XML Resolver 3.0.1

The 3.x release is a major refactoring. Partly this is in aid of porting it to C#, partly it was just to clean up some design issues. The new design has its own data structure for managing the parsed catalogs and supports a wide range of new features.

There’s documentation at XMLResolver.org and a complete sample application that demonstrates many of its features with an application that can parse, validate, and transform documents.

There’s also a new cache control application to help you manage the local, automatic caching features of the resolver, if you use them.

A non-exhaustive list of features and improvements:

• The highest-level user features (simply naming the org.xmlresolver.tools.ResolvingXMLReader and org.xmlresolver.Resolver classes for parsers and resolvers) are unchanged. It should be a drop-in replacement with the earlier versions in most cases.
• There are new interfaces for easier integration with applications.
• There’s a generic “feature” class for extensibility.
• Support for automatic identification of catalogs in jar files. Put the jar file on the classpath and resolution will automatically take advantage of resources in that catalog.
• Added a “data” jar file to the release that includes a wide range of standard resources.
• Improved support for data:, classpath:, and jar: URI schemes.
• Reworked implementation of the cache. Added many tests and the separate cache control application.
• Reworked the RDDL parsing feature so that it works reliably.
• Added an optional validating catalog loader to help find errors in catalogs. (Catalog errors are usually ignored, but being able to find them can quickly identify resolver problems.)
• Many JavaDoc improvements.
• Many bugs fixed.
• Many, many more tests added.

3.0.1-SNAPSHOT-a1

This release fixes several bugs in the 3.0.0 release and (alas) makes a few API changes.

XML Resolver 3.0.1beta6

No release notes provided.

XML Resolver version 3.0.1beta5

• Fixes a bug where the xml:base attribute was ignored on the root element
• Fixes a bug where some access to the catalog list was not synchronized
• Supports the TR9401 extension elements in their own namespace. For backwards compatibility, they are still accepted in the default catalog namespace
• Fixes a bug where non-absolute URIs could confuse the cache and allow file:/// URIs to be cached by mistake
• Fixes a bug where a missing extension property could cause a NullPointerException
• There was no 3.0.1beta4 release

... (truncated)

Commits

• b6a8fed XML Resolver 3.0.2 released
• 9d1812f Merge pull request #50 from xmlresolver/cleanup-slf4j
• cf4b9c3 More dependency cleanup
• 8cda4be Merge pull request #49 from xmlresolver/cache-fix
• 1104b22 Rework how a missing control.xml file is handled
• b40ac38 Related to #44, make the library depend only on slf4-api
• 5c3fd21 Merge pull request #48 from xmlresolver/loader-resolver
• 70924e3 Fix #47 by using a resolver to parse catalogs
• 8887495 Make showConfigChanges more robust
• e999ffc Make showConfigChanges work for setFeature()
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)