Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump org.xmlresolver:xmlresolver from 6.0.2 to 6.0.4 #249

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

Bump org.xmlresolver:xmlresolver from 6.0.2 to 6.0.4 #249

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 5, 2024

Bumps org.xmlresolver:xmlresolver from 6.0.2 to 6.0.4.

Release notes

Sourced from org.xmlresolver:xmlresolver's releases.

6.0.4

No release notes provided.

6.0.3

This release introduces (deprecated) APIs that implement some of the most common features from the V5.x APIs. This should allow version 6.x to substitute for version 5.x until dependent libraries can be updated.

It also fixes a bug where classpath: URIs were not being masked.

Commits
  • 4df9bd7 Merge pull request #171 from ndw/the-blushing-fix
  • 72ffe03 Bump version to 6.0.4
  • b7ec34d Blush Remove debugging messages
  • c13f65e Merge pull request #170 from ndw/compatible-apis
  • 911822d Fix test (related to classpath: URIs now being masked)
  • fe4160f Bump version number
  • 2f6e1ab Added version number
  • d86089d Mask classpath: URIs as well as jar: URIs.
  • 3aa7219 Fixed a documentation error in a comment
  • 0a8802b Introduce deprecated APIs that support (some of) the V5.x APIs
  • See full diff in compare view

Most Recent Ignore Conditions Applied to This Pull Request
Dependency Name Ignore Conditions
org.xmlresolver:xmlresolver [>= 6.0.1.a, < 6.0.2]

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump org.xmlresolver:xmlresolver from 6.0.2 to 6.0.4
8d2184e 
Bumps [org.xmlresolver:xmlresolver](https://github.com/xmlresolver/xmlresolver) from 6.0.2 to 6.0.4.
- [Release notes](https://github.com/xmlresolver/xmlresolver/releases)
- [Commits](xmlresolver/xmlresolver@6.0.2...6.0.4)

---
updated-dependencies:
- dependency-name: org.xmlresolver:xmlresolver
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Feb 5, 2024
aj-stein-nist
aj-stein-nist reviewed Feb 5, 2024
View reviewed changes
pom.xml
@@ -116,7 +116,7 @@
<dependency.log4j2.version>2.20.0</dependency.log4j2.version>
<dependency.spotbugs-annotations.version>4.7.3</dependency.spotbugs-annotations.version>
<dependency.saxon-he.version>12.4</dependency.saxon-he.version>
<dependency.xmlresolver.version>6.0.2</dependency.xmlresolver.version>
<dependency.xmlresolver.version>6.0.4</dependency.xmlresolver.version>
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am going to park this along with Log4J updates until I discuss with Dave the cascading version check strategy from m-j -> liboscal-java -> oscal-cli enforced by Maven in the upstream m-j dependency. Oddly, there is no dependabot update there yet, so waiting on this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aj-stein-nist aj-stein-nist aj-stein-nist left review comments

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file java Pull requests that update Java code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@aj-stein-nist