dependabot[bot] opened a new pull request, #366: URL: https://github.com/apache/ws-wss4j/pull/366
Bumps [org.tukaani:xz](https://github.com/tukaani-project/xz-java) from 1.9 to 1.10. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/tukaani-project/xz-java/blob/master/NEWS.md";>org.tukaani:xz's changelog</a>.</em></p> <blockquote> <h2>1.10 (2024-07-29)</h2> <ul> <li> <p>Licensing change: From version 1.10 onwards, XZ for Java is under the BSD Zero Clause License (0BSD). 1.9 and older are in the public domain and obviously remain so; the change only affects the new releases.</p> <p>0BSD is an extremely permissive license which doesn't require retaining or reproducing copyright or license notices when distributing the code, thus in practice there is extremely little difference to public domain.</p> </li> <li> <p>Mark copyright and license information in the source package so that it is compliant to the <a href="https://reuse.software/spec-3.2/";>REUSE Specification version 3.2</a>.</p> </li> <li> <p>Improve LZMAInputStream.enableRelaxedEndCondition():</p> <ul> <li> <p>Error detection is slightly better.</p> </li> <li> <p>The input position will always be at the end of the stream after successful decompression.</p> </li> </ul> </li> <li> <p>Support .lzma files that have both a known uncompressed size and the end marker. Such files are uncommon but valid. The same issue was fixed in XZ Utils 5.2.6 in 2022.</p> </li> <li> <p>Add ARM64 and RISC-V BCJ filters.</p> </li> <li> <p>Speed optimizations:</p> <ul> <li>Delta filter</li> <li>LZMA/LZMA2 decoder</li> <li>LZMA/LZMA2 encoder (partially Java >= 9 only)</li> <li>CRC64 (Java >= 9 only)</li> </ul> </li> <li> <p>Changes that affect API/ABI compatibility:</p> <ul> <li> <p>Change XZOutputStream constructors to not call the method <code>public void updateFilters(FilterOptions[] filterOptions)</code>.</p> </li> <li> <p>In SeekableXZInputStream, change the method <code>public void seekToBlock(int blockNumber)</code> to not call the method <code>public long getBlockPos(int blockNumber)</code>.</p> </li> <li> <p>Make the filter options classes <code>final</code>:</p> <ul> <li>ARM64Options</li> <li>ARMOptions</li> <li>ARMThumbOptions</li> <li>DeltaOptions</li> </ul> </li> </ul> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/tukaani-project/xz-java/commit/0f5ee02ca950b5e7cdadf89f8c314388092ad64c";><code>0f5ee02</code></a> Bump the version number to 1.10</li> <li><a href="https://github.com/tukaani-project/xz-java/commit/4cd5a8b4ee9240e5b29cbbe4d002703e7c59880b";><code>4cd5a8b</code></a> Update NEWS.md for 1.10</li> <li><a href="https://github.com/tukaani-project/xz-java/commit/21edbdf8838d0b208f069540d9a2f595d9f8a016";><code>21edbdf</code></a> README.md: Add a section about reproducible builds</li> <li><a href="https://github.com/tukaani-project/xz-java/commit/372dc487e817d95889229e0a03a8ac8d451e4b61";><code>372dc48</code></a> README.md: Use a subheading for old build environments</li> <li><a href="https://github.com/tukaani-project/xz-java/commit/5ec1e8e3ad1cc20c1014adfec89245ef79fa24e7";><code>5ec1e8e</code></a> build.xml: Add Build-Jdk-Spec to MANIFEST.MF</li> <li><a href="https://github.com/tukaani-project/xz-java/commit/2103742fb418d6e5f5231a02382a0e2b8bf664e8";><code>2103742</code></a> build.xml: Make MANIFEST.MF friendlier to reproducible builds</li> <li><a href="https://github.com/tukaani-project/xz-java/commit/d18a12a4336f51801fa5d66e53651059affa3ab9";><code>d18a12a</code></a> build.xml: Use <macrodef> to make JARs of the demo programs</li> <li><a href="https://github.com/tukaani-project/xz-java/commit/39b7371c45adeb858c5b34d46f20de95d2abdff0";><code>39b7371</code></a> build.xml: Add SOURCE_DATE_EPOCH support</li> <li><a href="https://github.com/tukaani-project/xz-java/commit/5689e647209e5f3201f0b083ca93d584017e61ae";><code>5689e64</code></a> build.xml: Change the "pom" target to use unversioned filename</li> <li><a href="https://github.com/tukaani-project/xz-java/commit/7f4ccd64e588c8f026d0b4030bbb096bf82aa6f5";><code>7f4ccd6</code></a> Simplify building with OpenJDK 8</li> <li>Additional commits viewable in <a href="https://github.com/tukaani-project/xz-java/compare/v1.9...v1.10";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@ws.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@ws.apache.org For additional commands, e-mail: dev-h...@ws.apache.org
