kelp

kelp copied to clipboard

Sourced from io.github.classgraph:classgraph's releases.

classgraph-4.8.112

• Added a secure version of DocumentBuilderFactory and XPATHFactory to prevent XXE (XML External Entity) attack when reading pom.xml file (#539, thanks to @​kshitizg for the pull request!).

classgraph-4.8.111

Allow globs when accepting/rejecting specific classes, e.g. new ClassGraph().acceptClasses("*.*Suffix") (#536, thanks to @​cushon for the request!)

classgraph-4.8.110

Add method AnnotationInfo#getParameterValues(boolean includeDefaultValues) so that defaults don't have to be included (#535, thanks to @​zerikv for requesting).

classgraph-4.8.109

Add support for Quarkus 1.13's new classloader. Thanks to @​itmrat01 for the code contribution! (#531, #532).

classgraph-4.8.108

JDK 11 classfile format compatibility fix (JDK 11 added a constant pool tag, and the classfile can't be read without knowing how long the corresponding constant pool entry is expected to be). (#527, thanks to @​haoyuf for reporting.)

classgraph-4.8.107

Fix classloader detection for TomEE JAX-RS endpoints (#515, thanks to @​Restage for detailed assistance in debugging this weird issue!).

classgraph-4.8.106

• Support TomEE classloaders for JAX-RS endpoints (#515, thanks to @​Restage for the request)
• Don't try reading user.dir (the current directory) unless it's on the classpath, since some security environments can't read the current directory (#520, thanks to @​elkman for the bug report).

classgraph-4.8.105

• Fix potential NPE in verbose logging
• Fix for zipfiles between 2GB and 4GB in size, when a zip entry's start position was past the 2GB point in the file (#514, thanks to @​cwmccann for the bug report)

classgraph-4.8.104

Improved verbose logging to include types of methods and fields.

Added a couple of missing methods to ClassInfoList for GraphViz visualization of inter-class dependency graphs.

classgraph-4.8.103

Fixed issue with duplication of automatic package roots (e.g. myjar.jar!/BOOT-INF/classes/BOOT-INF/classes/path/to/resource). (#505, thanks to @​michael-simons for the bug report and reproducer code.)

Also fixed an issue where closing the InputStream returned by Resource#open() wasn't marking the Resource as closed (which meant the resource couldn't be opened a second time).

classgraph-4.8.102

Further improvements in robustness to invalid type signatures that may be generated by the Scala compiler. (#495, thanks to @​jbracker.)

classgraph-4.8.101

Made type signature parsing more robust to errors -- the Scala compiler can generate illegal type signatures. (#495, thanks to @​jbracker for the report.)

classgraph-4.8.99

• Fixed parsing of type parameters and type variables in Scala (these can contain a $ character in Scala, but you don't see that in Java). (#495, thanks to @​jbracker for the report and for submitting a minimal testcase.)
• Fixed a couple of possible exceptions that could be thrown when parsing type annotations for type descriptors.

classgraph-4.8.98

Fix NPE in hashCode() and equals() methods of TypeArgument (#491, thanks to @​Tagakov for the fix!).

classgraph-4.8.97

... (truncated)

• b3bddc7 [maven-release-plugin] prepare release classgraph-4.8.112
• 5e32b91 Source > Cleanup
• 2a5dbf7 Update README.md
• 5d8d61d Update README.md
• 2531599 Merge pull request #539 from kshitizg/latest
• 681362a Adding SecureDocumentBuilderFactory & SecureXPATHFactory to prevent XXE( XML ...
• 71ba4a2 [maven-release-plugin] prepare for next development iteration
• 4aeda58 [maven-release-plugin] prepare release classgraph-4.8.111
• 2022d94 Update JavaDoc
• f191ba9 Merge branch 'latest' of https://github.com/classgraph/classgraph into latest
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page.