[PR] Bump xmlunit.version from 2.9.1 to 2.10.0 [santuario-xml-security-java]
dependabot[bot] opened a new pull request, #317: URL: https://github.com/apache/santuario-xml-security-java/pull/317 Bumps `xmlunit.version` from 2.9.1 to 2.10.0. Updates `org.xmlunit:xmlunit-core` from 2.9.1 to 2.10.0 Release notes Sourced from https://github.com/xmlunit/xmlunit/releases;>org.xmlunit:xmlunit-core's releases. XMLUnit for Java 2.10.0 add a new ElementSelectors.byNameAndAllAttributes variant that filters attributes before deciding whether elements can be compared. Inspired by Issue https://redirect.github.com/xmlunit/xmlunit/issues/259;>#259 By default the TransformerFactorys created will now try to disable extension functions. If you need extension functions for your transformations you may want to pass in your own instance of TransformerFactory and TransformerFactoryConfigurer may help with that. Inspired by Issue https://redirect.github.com/xmlunit/xmlunit/issues/264;>#264 JAXPXPathEngine will now try to disable the execution of extension functions by default but uses XPathFactory#setProperty which is not available prior to Java 18. You may want to enable secure processing on an XPathFactory instance you pass to JAXPXPathEngine instead - and XPathFactoryConfigurer may help with that. Changelog Sourced from https://github.com/xmlunit/xmlunit/blob/main/RELEASE_NOTES.md;>org.xmlunit:xmlunit-core's changelog. XMLUnit for Java 2.10.0 - /Released 2024-04-28/ add a new ElementSelectors.byNameAndAllAttributes variant that filters attributes before deciding whether elements can be compared. Inspired by Issue https://redirect.github.com/xmlunit/xmlunit/issues/259;>#259 By default the TransformerFactorys created will now try to disable extension functions. If you need extension functions for your transformations you may want to pass in your own instance of TransformerFactory and TransformerFactoryConfigurer may help with that. Inspired by Issue https://redirect.github.com/xmlunit/xmlunit/issues/264;>#264 JAXPXPathEngine will now try to disable the execution of extension functions by default but uses XPathFactory#setProperty which is not available prior to Java 18. You may want to enable secure processing on an XPathFactory instance you pass to JAXPXPathEngine instead - and XPathFactoryConfigurer may help with that. Commits https://github.com/xmlunit/xmlunit/commit/33a5d6a28712878fc1355802571aab074d2145c1;>33a5d6a fix release number https://github.com/xmlunit/xmlunit/commit/eceec4ab6f1edce3138e32a12bf3d2e1755ba73b;>eceec4a javadocs https://github.com/xmlunit/xmlunit/commit/75828fdc6952da5d8e4ae3ef509d15cfb8f2b728;>75828fd Create SECURITY.md https://github.com/xmlunit/xmlunit/commit/dcaafe9174e69d18c9bcf27b9a40862f3bab360a;>dcaafe9 record extension function changes https://github.com/xmlunit/xmlunit/commit/611f6beb4dbce136d4ef608239695b07d7bd7006;>611f6be try to disable extension functions for XPaths https://github.com/xmlunit/xmlunit/commit/b81d48b71dfd2868bdfc30a3e17ff973f32bc15b;>b81d48b disable XSLT extension functions by default, add more configurers https://github.com/xmlunit/xmlunit/commit/ba149098c97c9c845a0877c905d6b9d84e6568d0;>ba14909 XMLUnit 1.x is no longer maintained https://github.com/xmlunit/xmlunit/commit/cd6731e34ab7f6dbe0c7cf6b22c85af16ac3ff8e;>cd6731e this is going to be a feature release, not a bugfix release https://github.com/xmlunit/xmlunit/commit/c47d390d36d81708b9f3ebb196a6c7391198d6c1;>c47d390 record last changes https://github.com/xmlunit/xmlunit/commit/514191511f2ade5078a4fea02e37d0d281368e78;>5141915 add byNameAndAllAttributes that uses an attrbute filter Additional commits viewable in https://github.com/xmlunit/xmlunit/compare/v2.9.1...v2.10.0;>compare view Updates `org.xmlunit:xmlunit-matchers` from 2.9.1 to 2.10.0 Release notes Sourced from https://github.com/xmlunit/xmlunit/releases;>org.xmlunit:xmlunit-matchers's releases. XMLUnit for Java 2.10.0 add a new ElementSelectors.byNameAndAllAttributes variant that filters attributes before deciding whether elements can be compared. Inspired by Issue https://redirect.github.com/xmlunit/xmlunit/issues/259;>#259 By default the TransformerFactorys created will now try to disable extension functions. If you need extension functions for your transformations you may want to pass in your own instance of TransformerFactory and TransformerFactoryConfigurer may help with that. Inspired by Issue https://redirect.github.com/xmlunit/xmlunit/issues/264;>#264 JAXPXPathEngine will now try to disable the execution of extension functions by default but uses XPathFactory#setProperty which is not available prior to Java 18. You may want to enable secure processing on an XPathFactory instance you pass to JAXPXPathEngine
[PR] Bump commons-codec:commons-codec from 1.16.1 to 1.17.0 [santuario-xml-security-java]
dependabot[bot] opened a new pull request, #316: URL: https://github.com/apache/santuario-xml-security-java/pull/316 Bumps [commons-codec:commons-codec](https://github.com/apache/commons-codec) from 1.16.1 to 1.17.0. Changelog Sourced from https://github.com/apache/commons-codec/blob/master/RELEASE-NOTES.txt;>commons-codec:commons-codec's changelog. Apache Commons Codec 1.17.0 RELEASE NOTES The Apache Commons Codec component contains encoders and decoders for various formats such as Base16, Base32, Base64, digest, and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities. Feature and fix release. Requires a minimum of Java 8. New features Add override org.apache.commons.codec.language.bm.Rule.PhonemeExpr.size(). Thanks to Gary Gregory. Add support for Base64 custom alphabets [#266](https://github.com/apache/commons-codec/issues/266). Thanks to Chris Kocel, Gary Gregory. Add Base64.Builder (allows custom alphabets). Thanks to Gary Gregory. Add Base32.Builder (allows custom alphabets). Thanks to Gary Gregory. Add Base64 support for a custom padding byte (like Base32). Thanks to Gary Gregory. Fixed Bugs CODEC-320: Wrong output of DoubleMetaphone in 1.16.1. Thanks to Martin Frydl, Gary Gregory. Optimize memory allocation in PhoneticEngine. Thanks to Gary Gregory. BCodec and QCodec encode() methods throw UnsupportedCharsetException instead of EncoderException. Thanks to Gary Gregory. Set Javadoc link to latest Java API LTS version. Thanks to Gary Gregory. Base32 constructor fails-fast with a NullPointerException if the custom alphabet array is null. Thanks to Gary Gregory. Base32 constructor makes a defensive copy of the line separator array. Thanks to Gary Gregory. Base64 constructor makes a defensive copy of the line separator array. Thanks to Gary Gregory. Base64 constructor makes a defensive copy of a custom alphabet array. Thanks to Gary Gregory. Changes Bump org.apache.commons:commons-parent from 66 to 69 [#250](https://github.com/apache/commons-codec/issues/250), [#261](https://github.com/apache/commons-codec/issues/261). Thanks to Dependabot, Gary Gregory. Bump commons-io:commons-io from 2.15.1 to 2.16.1 [#258](https://github.com/apache/commons-codec/issues/258), [#265](https://github.com/apache/commons-codec/issues/265). Thanks to Dependabot, Gary Gregory. For complete information on Apache Commons Codec, including instructions on how to submit bug reports, patches, or suggestions for improvement, see the Apache Commons Codec website: https://commons.apache.org/proper/commons-codec/;>https://commons.apache.org/proper/commons-codec/ Download page: https://commons.apache.org/proper/commons-codec/download_codec.cgi;>https://commons.apache.org/proper/commons-codec/download_codec.cgi Commits https://github.com/apache/commons-codec/commit/5d809fe3d729bde9b507a51d2b2ed659da053692;>5d809fe Prepare for the next release candidate https://github.com/apache/commons-codec/commit/9a59c1c47b02ca795270b758c8d0591f5925b10f;>9a59c1c Prepare for the next release candidate https://github.com/apache/commons-codec/commit/5f0cfd46c89df69b579f37562ff1eded7ffd4b5c;>5f0cfd4 Longer lines https://github.com/apache/commons-codec/commit/8714b5f62bb5fa5950aa5e8908bd0d8d3334dba5;>8714b5f Remove dead comment https://github.com/apache/commons-codec/commit/c56b95664913aab406f768c66f9264481b28c1bb;>c56b956 Bullet-proof internals https://github.com/apache/commons-codec/commit/d2215d5dec3031f819c3bb514587d92a6aec8eff;>d2215d5 Base32 constructor fails-fast with a NullPointerException if the custom https://github.com/apache/commons-codec/commit/fcc70e6fa1271158dd8f3a90350fa2589713f257;>fcc70e6 Base32 constructor makes a defensive copy of the line separator https://github.com/apache/commons-codec/commit/ebe805a2730ad38886f9f04bd4d242e0a8c9caaa;>ebe805a Base64 constructor makes a defensive copy of a custom alphabet array https://github.com/apache/commons-codec/commit/55043334240eb2a1838e37ea1c8a6e434d328fdf;>5504333 Better exception message https://github.com/apache/commons-codec/commit/c6c5f11eae145d8e8c655e622f0fc5dd74e6db2a;>c6c5f11 Base64 constructor makes a better defensive copy of the line separator Additional commits viewable in https://github.com/apache/commons-codec/compare/rel/commons-codec-1.16.1...rel/commons-codec-1.17.0;>compare view [![Dependabot compatibility
[PR] Bump com.google.errorprone:error_prone_core from 2.26.1 to 2.27.0 [santuario-xml-security-java]
dependabot[bot] opened a new pull request, #315: URL: https://github.com/apache/santuario-xml-security-java/pull/315 Bumps [com.google.errorprone:error_prone_core](https://github.com/google/error-prone) from 2.26.1 to 2.27.0. Release notes Sourced from https://github.com/google/error-prone/releases;>com.google.errorprone:error_prone_core's releases. Error Prone 2.27.0 New checks: https://errorprone.info/bugpattern/ClassInitializationDeadlock;>ClassInitializationDeadlock detects class initializers that reference subtypes of the current class, which can result in deadlocks. https://errorprone.info/bugpattern/MockitoDoSetup;>MockitoDoSetup suggests using when/thenReturn over doReturn/when for additional type safety. https://errorprone.info/bugpattern/VoidUsed;>VoidUsed suggests using a literal null instead of referring to a Void-typed variable. Modified checks: TruthSelfEquals has been renamed and generalized as https://errorprone.info/bugpattern/SelfAssertion;>SelfAssertion https://errorprone.info/bugpattern/RedundantSetterCall;>RedundantSetterCall has been improved, and enabled as an error oby default Closed issues: https://redirect.github.com/google/error-prone/issues/4291;>#4291. https://redirect.github.com/google/error-prone/issues/4308;>#4308, https://redirect.github.com/google/error-prone/issues/4343;>#4343, https://redirect.github.com/google/error-prone/issues/4320;>#4320 Full Changelog: https://github.com/google/error-prone/compare/v2.26.1...v2.27.0;>https://github.com/google/error-prone/compare/v2.26.1...v2.27.0 Commits https://github.com/google/error-prone/commit/ebe0a014edf7a50345c3b9e958e876e8a9177f60;>ebe0a01 Release Error Prone 2.27.0 https://github.com/google/error-prone/commit/fd9b826d595cabe56a66c060ce52504cd24630af;>fd9b826 Remove a very literal change-detector test, and move the comment to the produ... https://github.com/google/error-prone/commit/f289d9ef8f523ba76b433c5273a539b4e526134f;>f289d9e VoidUsed: flag Void variables being used, where they can simply be repl... https://github.com/google/error-prone/commit/3ee6f41416ba8007eb7366c7dc644bcf1655f97f;>3ee6f41 Fix for a crash in RedundantSetterCall. https://github.com/google/error-prone/commit/92c106da53f08cf876f2e37c5946e5a8d3c12d29;>92c106d Encourage when/thenReturn over doReturn/when. https://github.com/google/error-prone/commit/07c1a7c80b9e3cc0b8c38a3a46b464fda373f5b7;>07c1a7c Stop mentioning @Var in[] https://github.com/google/error-prone/commit/9d662726ccffcc9e9ec8746f0c2469f825a55ba2;>9d66272 Correction to UseCorrectAssertInTests. https://github.com/google/error-prone/commit/a6ab21a1ad985820462d3b631ac369415c9630b3;>a6ab21a Fix a crash in JUnitIncompatibleType https://github.com/google/error-prone/commit/5a7b8d9b41a19aaf6cc917bc295ab5201cc2f328;>5a7b8d9 NearbyCallers: scan the body of expression lambdas. https://github.com/google/error-prone/commit/53d787c7803dbb505b83df47c2a535ac9084e97e;>53d787c Don't suggest ImmutableSet if ImmutableList is unused. Additional commits viewable in https://github.com/google/error-prone/compare/v2.26.1...v2.27.0;>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR
[PR] Bump actions/upload-artifact from 4.3.2 to 4.3.3 [santuario-xml-security-java]
dependabot[bot] opened a new pull request, #314: URL: https://github.com/apache/santuario-xml-security-java/pull/314 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.2 to 4.3.3. Release notes Sourced from https://github.com/actions/upload-artifact/releases;>actions/upload-artifact's releases. v4.3.3 What's Changed updating @actions/artifact dependency to v2.1.6 by https://github.com/eggyhead;>@eggyhead in https://redirect.github.com/actions/upload-artifact/pull/565;>actions/upload-artifact#565 Full Changelog: https://github.com/actions/upload-artifact/compare/v4.3.2...v4.3.3;>https://github.com/actions/upload-artifact/compare/v4.3.2...v4.3.3 Commits https://github.com/actions/upload-artifact/commit/65462800fd760344b1a7b4382951275a0abb4808;>6546280 updating package version https://github.com/actions/upload-artifact/commit/c004fb4bf6b1e87680ce1b219a3ad0b8e5dfb7ec;>c004fb4 Merge branch 'main' into eggyhead/use-artifact-v2.1.6 https://github.com/actions/upload-artifact/commit/90aba496fcaa311fd7e784d55e568deabe0fa288;>90aba49 updating toolkit artifact dependency to 2.1.6 https://github.com/actions/upload-artifact/commit/b06cde36fc32a3ee94080e87258567f73f921537;>b06cde3 Merge pull request https://redirect.github.com/actions/upload-artifact/issues/563;>#563 from actions/eggyhead/release-4.3.2 See full diff in https://github.com/actions/upload-artifact/compare/1746f4ab65b179e0ea60a494b83293b640dd5bba...65462800fd760344b1a7b4382951275a0abb4808;>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@santuario.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] Bump actions/checkout from 4.1.3 to 4.1.4 [santuario-xml-security-java]
dependabot[bot] opened a new pull request, #313: URL: https://github.com/apache/santuario-xml-security-java/pull/313 Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.3 to 4.1.4. Release notes Sourced from https://github.com/actions/checkout/releases;>actions/checkout's releases. v4.1.4 What's Changed Disable extensions.worktreeConfig when disabling sparse-checkout by https://github.com/jww3;>@jww3 in https://redirect.github.com/actions/checkout/pull/1692;>actions/checkout#1692 Add dependabot config by https://github.com/cory-miller;>@cory-miller in https://redirect.github.com/actions/checkout/pull/1688;>actions/checkout#1688 Bump word-wrap from 1.2.3 to 1.2.5 by https://github.com/dependabot;>@dependabot in https://redirect.github.com/actions/checkout/pull/1643;>actions/checkout#1643 Bump the minor-actions-dependencies group with 2 updates by https://github.com/dependabot;>@dependabot in https://redirect.github.com/actions/checkout/pull/1693;>actions/checkout#1693 Full Changelog: https://github.com/actions/checkout/compare/v4.1.3...v4.1.4;>https://github.com/actions/checkout/compare/v4.1.3...v4.1.4 Changelog Sourced from https://github.com/actions/checkout/blob/main/CHANGELOG.md;>actions/checkout's changelog. Changelog v4.1.4 Disable extensions.worktreeConfig when disabling sparse-checkout by https://github.com/jww3;>@jww3 in https://redirect.github.com/actions/checkout/pull/1692;>actions/checkout#1692 Add dependabot config by https://github.com/cory-miller;>@cory-miller in https://redirect.github.com/actions/checkout/pull/1688;>actions/checkout#1688 Bump the minor-actions-dependencies group with 2 updates by https://github.com/dependabot;>@dependabot in https://redirect.github.com/actions/checkout/pull/1693;>actions/checkout#1693 Bump word-wrap from 1.2.3 to 1.2.5 by https://github.com/dependabot;>@dependabot in https://redirect.github.com/actions/checkout/pull/1643;>actions/checkout#1643 v4.1.3 Check git version before attempting to disable sparse-checkout by https://github.com/jww3;>@jww3 in https://redirect.github.com/actions/checkout/pull/1656;>actions/checkout#1656 Add SSH user parameter by https://github.com/cory-miller;>@cory-miller in https://redirect.github.com/actions/checkout/pull/1685;>actions/checkout#1685 Update actions/checkout version in update-main-version.yml by https://github.com/jww3;>@jww3 in https://redirect.github.com/actions/checkout/pull/1650;>actions/checkout#1650 v4.1.2 Fix: Disable sparse checkout whenever sparse-checkout option is not present https://github.com/dscho;>@dscho in https://redirect.github.com/actions/checkout/pull/1598;>actions/checkout#1598 v4.1.1 Correct link to GitHub Docs by https://github.com/peterbe;>@peterbe in https://redirect.github.com/actions/checkout/pull/1511;>actions/checkout#1511 Link to release page from what's new section by https://github.com/cory-miller;>@cory-miller in https://redirect.github.com/actions/checkout/pull/1514;>actions/checkout#1514 v4.1.0 https://redirect.github.com/actions/checkout/pull/1396;>Add support for partial checkout filters v4.0.0 https://redirect.github.com/actions/checkout/pull/1067;>Support fetching without the --progress option https://redirect.github.com/actions/checkout/pull/1436;>Update to node20 v3.6.0 https://redirect.github.com/actions/checkout/pull/1377;>Fix: Mark test scripts with Bash'isms to be run via Bash https://redirect.github.com/actions/checkout/pull/579;>Add option to fetch tags even if fetch-depth 0 v3.5.3 https://redirect.github.com/actions/checkout/pull/1196;>Fix: Checkout fail in self-hosted runners when faulty submodule are checked-in https://redirect.github.com/actions/checkout/pull/1287;>Fix typos found by codespell https://redirect.github.com/actions/checkout/pull/1369;>Add support for sparse checkouts v3.5.2 https://redirect.github.com/actions/checkout/pull/1289;>Fix api endpoint for GHES v3.5.1 https://redirect.github.com/actions/checkout/pull/1246;>Fix slow checkout on Windows v3.5.0 https://redirect.github.com/actions/checkout/pull/1237;>Add new public key for known_hosts v3.4.0 https://redirect.github.com/actions/checkout/pull/1209;>Upgrade codeql actions to v2 https://redirect.github.com/actions/checkout/pull/1210;>Upgrade dependencies https://redirect.github.com/actions/checkout/pull/1225;>Upgrade @actions/io ... (truncated) Commits https://github.com/actions/checkout/commit/0ad4b8fadaa221de15dcec353f45205ec38ea70b;>0ad4b8f Prep Release v4.1.4 (https://redirect.github.com/actions/checkout/issues/1704;>#1704) https://github.com/actions/checkout/commit/43045ae669be728bd34ed56fcd1a230c0dc4d8e2;>43045ae Disable
