Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump org.xmlresolver:xmlresolver from 4.6.0 to 5.2.3 #223

Merged
merged 1 commit into from
Jan 30, 2024
Merged

Bump org.xmlresolver:xmlresolver from 4.6.0 to 5.2.3 #223

merged 1 commit into from
Jan 30, 2024

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 29, 2024

Bumps org.xmlresolver:xmlresolver from 4.6.0 to 5.2.3.

Release notes

Sourced from org.xmlresolver:xmlresolver's releases.

5.2.3

This release fixes bug #156 where the resolver would throw an NPE if no class loader is available.

5.2.2

No release notes provided.

5.2.1

No release notes provided.

5.2.0

Version 5.2.0 adds a new API for constructing a catalog directly from a stream of SAX events. This makes it possible to construct a catalog directly from a database, for example, or from a novel format.

5.1.3

Fixes a small bug wherein same document references were not handled correctly if the ALWAYS_RESOLVE feature was true.

5.1.2

This release removes the (transitive) dependency on the xml-apis jar file. There's also one new log message for tracking catalogs that are loaded.

5.1.1

Enforce ACCESS_* features when opening connections

The new ALWAYS_RESOLVE feature means that the resolver will sometimes access resources on behalf of the caller (ones that were not found in the catalog). That feature failed to take the ACCESS_EXTERNAL_DOCUMENT and ACCESS_EXTERNAL_ENTITY features into consideration.

5.1.0

The 5.1.0 release fixes a significant bug in the new ALWAYS_RESOLVE feature. See #133

5.0.0

The Java contract for the entity resolver is to return null if the entity isn't found. Unfortunately, redirects are common these days (for example, w3.org redirects all http: URIs to https: URIs) and parsers don't always follow redirects, so if the resolver returns null, the parse fails. That's...suboptimal.

This release adds a new feature ResolverFeature.ALWAYS_RESOLVE that will resolve the resource (and follow redirects to do so) and always return it. This feature is true by default.

This release also extends the ResolverInputSource to expose the response code (if applicable) and headers (if available) from the response.

4.6.4

What's Changed

  • Fixed #126 where an input document without a base URI (e.g., one with a null systemId) would cause an NPE
  • Fixed #127 where attempting to parse a RDDL document wasn't following redirects
  • Fussed with the CI process. There was no 4.6.1, 4.6.2, or 4.6.3 published release.

The W3C now redirects http: URIs to https: URIs, so you can't load namepace documents unless you follow redirects.

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump org.xmlresolver:xmlresolver from 4.6.0 to 5.2.3
f849172 
Bumps [org.xmlresolver:xmlresolver](https://github.com/xmlresolver/xmlresolver) from 4.6.0 to 5.2.3.
- [Release notes](https://github.com/xmlresolver/xmlresolver/releases)
- [Commits](xmlresolver/xmlresolver@4.6.0...5.2.3)

---
updated-dependencies:
- dependency-name: org.xmlresolver:xmlresolver
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Jan 29, 2024
@dependabot dependabot bot mentioned this pull request Jan 29, 2024
Closed
@aj-stein-nist aj-stein-nist merged commit 13e5c25 into develop Jan 30, 2024
1 check passed
@dependabot dependabot bot deleted the dependabot/maven/develop/org.xmlresolver-xmlresolver-5.2.3 branch January 30, 2024 23:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aj-stein-nist aj-stein-nist aj-stein-nist approved these changes

@david-waltermire david-waltermire Awaiting requested review from david-waltermire

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file java Pull requests that update Java code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@aj-stein-nist