dependabot[bot] opened a new pull request, #19801: URL: https://github.com/apache/camel/pull/19801
Bumps [com.cedarsoftware:java-util](https://github.com/jdereg/java-util) from 4.1.0 to 4.2.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/jdereg/java-util/blob/master/changelog.md";>com.cedarsoftware:java-util's changelog</a>.</em></p> <blockquote> <h4>4.2.0 - 2025-11-02</h4> <blockquote> <ul> <li> <p><strong>FIXED</strong>: <code>MultiKeyMap</code> nested Set lookup bug in COLLECTIONS_EXPANDED mode - Fixed size mismatch false negatives when looking up keys containing expanded Collections. In COLLECTIONS_EXPANDED mode, stored keys have expanded size (includes SET_OPEN/SET_CLOSE markers) while lookup keys have un-expanded Collection size. Added skipSizeCheck logic to bypass size comparison for Collection-to-Collection matches in expanded mode, allowing compareCollections() to handle the structural comparison correctly. This fixes lookups failing incorrectly when using nested Sets or Collections as multi-keys.</p> </li> <li> <p><strong>IMPROVED</strong>: Code quality improvements from comprehensive IntelliJ IDEA inspection analysis (17 fixes across 5 classes):</p> <ul> <li><strong>MultiKeyMap</strong>: Improved comment precision (arity → size), enhanced Javadoc clarity, optimized variable declarations for better readability</li> <li><strong>StringUtilities</strong>: Enhanced null safety with explicit checks, improved loop variable scoping, added type casting safety guards, optimized string concatenation patterns</li> <li><strong>ConcurrentList</strong>: Improved synchronization block granularity, enhanced iterator safety, optimized size calculations with better caching</li> <li><strong>ClassUtilities</strong>: Reduced cognitive complexity in findClosest(), improved exception handling clarity, enhanced method parameter validation</li> <li><strong>CaseInsensitiveMap</strong>: Optimized keySet() and values() operations, improved type safety in internal operations, enhanced edge case handling</li> <li>All changes maintain 100% backward compatibility while improving code maintainability and reducing potential edge case issues</li> </ul> </li> <li> <p><strong>FIXED</strong>: Map and Set hashCode() contract compliance - Removed incorrect <code>EncryptionUtilities.finalizeHash()</code> calls from 6 classes that violated the Map and Set interface contracts. The Map contract requires <code>hashCode() = sum of entry hashCodes</code>, and the Set contract requires <code>hashCode() = sum of element hashCodes</code>. Using finalizeHash() broke the Object.hashCode() contract (equal objects must have equal hashCodes) and caused HashSet/HashMap storage failures. Fixed classes: <code>AbstractConcurrentNullSafeMap</code>, <code>TTLCache</code>, <code>LockingLRUCacheStrategy</code>, <code>ThreadedLRUCacheStrategy</code>, <code>ConcurrentSet</code>, <code>ClassValueSet</code>.</p> </li> <li> <p><strong>CHANGED</strong>: <code>IOUtilities</code> close/flush methods now throw exceptions as unchecked - <strong>Breaking behavioral change</strong>: All <code>close()</code> and <code>flush()</code> methods in <code>IOUtilities</code> (for <code>Closeable</code>, <code>Flushable</code>, <code>XMLStreamReader</code>, <code>XMLStreamWriter</code>) now throw exceptions as unchecked via <code>ExceptionUtilities.uncheckedThrow()</code> instead of silently swallowing them. This change provides:</p> <ul> <li><strong>Better diagnostics</strong>: Close/flush failures are now visible rather than silently hidden</li> <li><strong>Cleaner code</strong>: No try-catch required at call sites - works seamlessly in finally blocks</li> <li><strong>Early problem detection</strong>: Infrastructure issues (disk full, network failures, resource exhaustion) surface immediately</li> <li><strong>Caller flexibility</strong>: Exceptions can still be caught higher in the call stack if desired</li> <li><strong>Important</strong>: While close/flush exceptions are rare, when they occur they often indicate serious issues that should be diagnosed rather than hidden. This change makes java-util consistent with its existing philosophy of throwing checked exceptions as unchecked (see <code>transfer()</code>, <code>compressBytes()</code>, etc. which already use this pattern).</li> </ul> </li> <li> <p><strong>ADDED</strong>: Geometric primitives in dedicated <code>geom</code> package - The 5 AWT-replacement classes (<code>Point</code>, <code>Rectangle</code>, <code>Dimension</code>, <code>Insets</code>, <code>Color</code>) are organized in <code>com.cedarsoftware.util.geom</code> following Java's package organization pattern (<code>java.awt.geom</code>). This provides:</p> <ul> <li><strong>Clear organization</strong>: Geometric/graphical primitives grouped separately from general utilities</li> <li><strong>Enhanced documentation</strong>: All classes prominently state "Zero-dependency - No java.desktop/java.awt required" with emphasis on headless server/microservices use</li> <li><strong>Full module support</strong>: Package exported via both JPMS module descriptor and OSGi MANIFEST</li> </ul> </li> <li> <p><strong>FIXED</strong>: Added missing <code>cache</code> package to JPMS and OSGi exports - The <code>com.cedarsoftware.util.cache</code> package (containing <code>LockingLRUCacheStrategy</code> and <code>ThreadedLRUCacheStrategy</code>) was not exported in module descriptors. Added <code>exports com.cedarsoftware.util.cache;</code> to moditect configuration and OSGi Export-Package directive. This ensures the cache package is properly accessible to both JPMS modules and OSGi bundles.</p> </li> <li> <p><strong>IMPROVED</strong>: Added comprehensive cloud-native and containerization documentation to README - Added prominent "Cloud Native & Container Ready" section highlighting java-util's advantages for modern cloud deployments:</p> <ul> <li><strong>Platform badges</strong>: AWS, Azure, GCP, Kubernetes, Docker compatibility</li> <li><strong>Container optimization</strong>: Minimal footprint (~1.1MB total, 85% smaller than Guava), zero dependencies, fast startup optimized for serverless/FaaS</li> <li><strong>Deployment guide</strong>: Platform-specific advantages for AWS Lambda/ECS/EKS, Azure Functions/AKS, GCP Cloud Run/GKE, Kubernetes, Docker</li> <li><strong>Performance examples</strong>: Dockerfile showing 50% image size reduction, Kubernetes YAML demonstrating lower resource requests</li> <li><strong>Serverless ready</strong>: Explicit callouts for Lambda, Cloud Functions, Cloudflare Workers, edge computing</li> <li><strong>Enterprise security</strong>: Minimal attack surface, no Log4Shell exposure, SOC 2/FedRAMP/PCI-DSS compliance benefits</li> </ul> </li> <li> <p><strong>REMOVED</strong>: java.awt/java.desktop dependency eliminated - Created 5 Cedar DTO classes (<code>Color</code>, <code>Dimension</code>, <code>Point</code>, <code>Rectangle</code>, <code>Insets</code>) to replace java.awt equivalents, completely removing the java.desktop module dependency. This enables:</p> <ul> <li><strong>Headless deployment</strong>: No display system required - ideal for servers, containers, and cloud platforms</li> <li><strong>Smaller footprint</strong>: Eliminates 100MB+ java.desktop module from runtime</li> <li><strong>Cloud-ready</strong>: Compatible with AWS Lambda, GraalVM native-image, Docker distroless images</li> <li><strong>Faster startup</strong>: 2-3x improvement without loading AWT/Swing infrastructure</li> <li><strong>Reduced attack surface</strong>: Removes entire GUI subsystem from security considerations</li> <li><strong>AWT-compatible API</strong>: Cedar DTOs use identical method signatures (getRed(), getWidth(), etc.) for seamless migration</li> <li><strong>Backward-compatible parsing</strong>: StringConversions accepts both "Dimension[...]" and "java.awt.Dimension[...]" formats for existing serialized data</li> <li><strong>Java 8 compatible</strong>: Uses final classes with private fields (not Records), maintaining Java 8 baseline while enabling future Record migration (Java 17+)</li> </ul> </li> <li> <p><strong>PERFORMANCE</strong>: Zero-allocation multi-key lookups with ThreadLocal arrays - Added explicit overloads for <code>getMultiKey(k1, k2)</code> through <code>getMultiKey(k1..k5)</code> and <code>containsMultiKey(k1, k2)</code> through <code>containsMultiKey(k1..k5)</code> that use ThreadLocal<Object[]> arrays (one per size: LOOKUP_KEY_2 through LOOKUP_KEY_5). Eliminates varargs array allocation on every multi-key lookup call. For lookup-only operations, the ThreadLocal arrays are reused per thread and only used for comparison (never stored), providing zero-allocation lookups for the most common 2-5 key cases. Expected to improve MultiKeyMap performance vs Apache Commons MultiKeyMap in benchmark scenarios.</p> </li> <li> <p><strong>PERFORMANCE</strong>: Simplified <code>Converter</code> cache lookups using MultiKeyMap's ThreadLocal optimization - Refactored <code>getCachedConverter()</code> to use <code>FULL_CONVERSION_CACHE.getMultiKey(source, target, instanceId)</code> directly, eliminating Converter's own ThreadLocal<Object[3]>. Leverages MultiKeyMap's internal LOOKUP_KEY_3 ThreadLocal for zero-allocation lookups. Cleaner code (removed redundant ThreadLocal, simplified getCachedConverter from 8 lines to 4) with identical performance - MultiKeyMap's getMultiKey() provides the same ~26% speedup over varargs.</p> </li> <li> <p><strong>FIXED</strong>: <code>MultiKeyMap</code> collection key handling in COLLECTIONS_NOT_EXPANDED mode - Fixed two critical issues: (1) keysMatch() now uses collection.equals() instead of element-by-element comparison for proper equality semantics across different Collection implementations (e.g., Arrays.ArrayList vs Collections.UnmodifiableRandomAccessList), (2) entrySet() now preserves original collection types instead of reconstructing them, preventing hash code mismatches after deserialization. These fixes ensure collection keys can be looked up correctly after serialization/deserialization cycles.</p> </li> </ul> </blockquote> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/jdereg/java-util/commit/4d438f8084d77dd1b9e2d8cbd38c19d453eb1a1c";><code>4d438f8</code></a> Prepare for 4.2.0 release</li> <li><a href="https://github.com/jdereg/java-util/commit/ec28526bc6d5fbd3fc44ce0c313c58064451555c";><code>ec28526</code></a> Fix MultiKeyMap nested Set bug and code quality improvements</li> <li><a href="https://github.com/jdereg/java-util/commit/3390d86a8c207cd310983e6fbdc7e545eac3ad4b";><code>3390d86</code></a> fix: Remove finalizeHash() from Map/Set hashCode() implementations</li> <li><a href="https://github.com/jdereg/java-util/commit/422b5b275e73fa9f82d53c09831180d84d61fc3f";><code>422b5b2</code></a> docs: Simplify MultiKeyMap serialization changelog entry</li> <li><a href="https://github.com/jdereg/java-util/commit/c72b4b8ae0710c8e89eb929592366d9d9bf58698";><code>c72b4b8</code></a> docs: Fix changelog reference to removed entries() method</li> <li><a href="https://github.com/jdereg/java-util/commit/2a5fae9dc26566544ca9f3c78675edbdaacaf574";><code>2a5fae9</code></a> docs: Fix geometric classes changelog entry framing</li> <li><a href="https://github.com/jdereg/java-util/commit/8e3d7d4b1e60240022c4d8f7e5db32952fa1d827";><code>8e3d7d4</code></a> docs: Update changelog for 4.2.0 release</li> <li><a href="https://github.com/jdereg/java-util/commit/bfd0539d8066a06cd6145e5003cdf868df5b10b8";><code>bfd0539</code></a> docs: Add cloud-native and containerization section to README</li> <li><a href="https://github.com/jdereg/java-util/commit/41d82075cb361624c59f18b270106120f901b134";><code>41d8207</code></a> Refactor: Move AWT-replacement classes to geom package</li> <li><a href="https://github.com/jdereg/java-util/commit/4403b2369348b027f400999abdf2cda815cc5c79";><code>4403b23</code></a> Add missing cache package to OSGi and JPMS exports</li> <li>Additional commits viewable in <a href="https://github.com/jdereg/java-util/compare/4.1.0...4.2.0";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
