Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump classgraph from 4.8.128 to 4.8.146 #3238

Merged

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Apr 18, 2022

Bumps classgraph from 4.8.128 to 4.8.146.

Release notes

Sourced from classgraph's releases.

classgraph-4.8.146

Fixes a possible regression of an exception thrown when trying to open a resource on JrtFileSystem (#553).

classgraph-4.8.145

Fixed an issue that could cause some classpath elements to be skipped if Class-Path: was used in the manifest files of multiple jars on the classpath to include other jars that were also explicitly included on the classpath. The issue was classpath-order-dependent. Thanks to @​steveniemitz and @​sherter (classgraph/classgraph#614) and also @​jdeppe-pivotal (classgraph/classgraph#673) for finding and reporting this bug.

classgraph-4.8.144

(Obsolete -- do not use -- triggered a regression on Windows.)

classgraph-4.8.143

Fix exception typeSignatureParamTypes.size() > typeDescriptorParamTypes.size() when dealing with broken compiler output (where the type descriptor of a method has a different number of entries in it than the type signature for the same method) (#660, thanks to @​colin-young for reporting).

classgraph-4.8.142

Bugs fixed:

  • Added method ClassInfo#getTypeSignatureOrTypeDescriptor() so that type annotations can be read for non-generic class definitions (#662, thanks to @​raner for the request).
  • Fixed Illegal reflective access warning on some obsolete and buggy JVM versions (#663, thanks to @​MR6996 for the report).

Two behavioral changes, which may result in breakage for some users:

  • The list of interfaces implemented by a class, as returned by ClassInfo#getInterfaces(), is no longer sorted by name, but is returned in the order in which the interfaces were specified in the class definition (this order is significant, so the old behavior of sorting by name was incorrect).
  • The result of toString() for several of the TypeSignature subclasses has changed to use $ as a separator of inner classes, rather than ., to bring the toString() behavior closer to the result of Class#getName().

classgraph-4.8.141

  • Fixed handling of URLs like jar:file:jarname.jar!/ (these were being skipped -- #625, thanks to @​edeso for reporting this.)
  • Improved logging of FileNotFoundException for missing jars.

classgraph-4.8.140

Fixes #651 (NPE in JBossClassLoaderHandler) via #652 -- thanks to @​arthware for the fix!

classgraph-4.8.139

Bugfixes:

  • Fix to work with newer Quarkus classloader (#641, thanks to @​michael-simons for the fix in #642!).
  • If an override classloader is an AppClassLoader, also scan the traditional classpath (#639, thanks to @​limbic-derek for the report).
  • Fix for parsing error if Kotlin function names contain parentheses (#645). Also fixes a potential stack overflow in this case.

New feature:

  • Added support for getting the exceptions thrown by a method (#633, thank you to @​jkschneider for submitting the complete implementation of this feature, in #637!)

classgraph-4.8.138

  • Added two methods (thanks to @​FranGomezVenegas for requesting these, #608):

    • FieldInfoList ClassInfo#getEnumConstants(): returns all the enum constants of an enum class as FieldInfo objects (without loading the enum class).
    • List<Object> ClassInfo#getEnumConstantObjects(): returns all the enum constants of an enum class as objects of the same type as the enum (after loading the enum class and initializing enum constants).
  • Mitigate log4j2 vulnerability CVE-2021-44228: ClassGraph does not use log4j2, but does use the built-in Java logging framework, which may be redirected to the log4j2 framework by the calling environment. To be safe, ClassGraph now builds in a protection against this critical vulnerability.

classgraph-4.8.137

Fix illegal access warning on Adopt JDK for most usage (#605, thanks to @​UlrichLohrmann for the report)

... (truncated)

Commits
  • c94322d [maven-release-plugin] prepare release classgraph-4.8.146
  • e556ade Code cleanup; JrtFileSystem fix
  • beed50d Code cleanup
  • 1dd2890 Code simplification
  • 851d932 [maven-release-plugin] prepare for next development iteration
  • 5edb20f [maven-release-plugin] prepare release classgraph-4.8.145
  • aeb240c Windows compat fixes
  • 23f4ef2 Windows compat fixes
  • 90310ad Update comments
  • 5c2f200 [maven-release-plugin] prepare for next development iteration
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [classgraph](https://github.com/classgraph/classgraph) from 4.8.128 to 4.8.146.
- [Release notes](https://github.com/classgraph/classgraph/releases)
- [Commits](classgraph/classgraph@classgraph-4.8.128...classgraph-4.8.146)

---
updated-dependencies:
- dependency-name: io.github.classgraph:classgraph
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Apr 18, 2022
@F43nd1r F43nd1r merged commit 6f3da24 into master Apr 25, 2022
@dependabot dependabot bot deleted the dependabot/maven/io.github.classgraph-classgraph-4.8.146 branch April 25, 2022 09:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant