You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@myfaces.apache.org by GitBox <gi...@apache.org> on 2021/08/16 16:07:33 UTC

[GitHub] [myfaces-tobago] dependabot[bot] opened a new pull request #1184: build(deps): bump jsoup from 1.14.1 to 1.14.2

dependabot[bot] opened a new pull request #1184:
URL: https://github.com/apache/myfaces-tobago/pull/1184


   Bumps [jsoup](https://github.com/jhy/jsoup) from 1.14.1 to 1.14.2.
   <details>
   <summary>Release notes</summary>
   <p><em>Sourced from <a href="https://github.com/jhy/jsoup/releases">jsoup's releases</a>.</em></p>
   <blockquote>
   <h2>jsoup 1.14.2</h2>
   <p>Caught by the fuzz! <strong>jsoup 1.14.2</strong> is out now, and includes a set of parser bug fixes and improvements for handling rough HTML and XML, as identified by the Jazzer JVM fuzzer. This release also includes other fixes and improvements.</p>
   <p>See the <a href="https://jsoup.org/news/release-1.14.2">release announcement</a> for the full changelog.</p>
   </blockquote>
   </details>
   <details>
   <summary>Changelog</summary>
   <p><em>Sourced from <a href="https://github.com/jhy/jsoup/blob/master/CHANGES">jsoup's changelog</a>.</em></p>
   <blockquote>
   <p>jsoup changelog</p>
   <p>*** Release 1.14.2 [PENDING]</p>
   <ul>
   <li>
   <p>Improvement: support Pattern.quote \Q and \E escapes in the selector regex matchers.
   <a href="https://github-redirect.dependabot.com/jhy/jsoup/pull/1536">jhy/jsoup#1536</a></p>
   </li>
   <li>
   <p>Improvement: Element.absUrl() now supports tel: URLs, and other URLs that are already absolute but that Java does
   not have input stream handlers for.
   <a href="https://github-redirect.dependabot.com/jhy/jsoup/issues/1610">jhy/jsoup#1610</a></p>
   </li>
   <li>
   <p>Bugfix: when serializing output, escape characters that are in the &lt; 0x20 range. This improves XML output
   compatibility, and makes HTML output with these characters easier to read (as they're otherwise invisible).
   <a href="https://github-redirect.dependabot.com/jhy/jsoup/issues/1556">jhy/jsoup#1556</a></p>
   </li>
   <li>
   <p>Bugfix: the *|el wildcard namespace selector now also matches elements with no namespace.
   <a href="https://github-redirect.dependabot.com/jhy/jsoup/issues/1565">jhy/jsoup#1565</a></p>
   </li>
   <li>
   <p>Bugfix: corrected a potential case of the parser input stream not being closed immediately on a read exception.</p>
   </li>
   <li>
   <p>Bugfix: when making a HTTP POST, if the request write fails, make sure the connection is immediately cleaned up.</p>
   </li>
   <li>
   <p>Bugfix: in the XML parser, XML processing instructions without attributes would be serialized as if they did.
   <a href="https://github-redirect.dependabot.com/jhy/jsoup/issues/770">jhy/jsoup#770</a></p>
   </li>
   <li>
   <p>Bugfix: updated the HtmlTreeParser resetInsertionMode to the current spec for supported elements.
   <a href="https://github-redirect.dependabot.com/jhy/jsoup/issues/1491">jhy/jsoup#1491</a></p>
   </li>
   <li>
   <p>Bugfix: fixed an NPE when parsing fragment HTML into a standalone table element.
   <a href="https://github-redirect.dependabot.com/jhy/jsoup/issues/1603">jhy/jsoup#1603</a></p>
   </li>
   <li>
   <p>Bugfix: fixed an NPE when parsing fragment heading HTML into a standalone p element.
   <a href="https://github-redirect.dependabot.com/jhy/jsoup/issues/1601">jhy/jsoup#1601</a></p>
   </li>
   <li>
   <p>Bugfix: fixed an IOOB when parsing a formatting fragment into a standalone p element.
   <a href="https://github-redirect.dependabot.com/jhy/jsoup/issues/1602">jhy/jsoup#1602</a></p>
   </li>
   <li>
   <p>Bugfix: tag names must start with an ascii-alpha character.
   <a href="https://github-redirect.dependabot.com/jhy/jsoup/issues/1006">jhy/jsoup#1006</a></p>
   </li>
   <li>
   <p>Bugfix [Fuzz]: fixed a slow parse when a tag or an attribute name has thousands of null characters in it.
   <a href="https://github-redirect.dependabot.com/jhy/jsoup/issues/1580">jhy/jsoup#1580</a></p>
   </li>
   <li>
   <p>Bugfix [Fuzz]: the adoption agency algorithm can have an incorrect bookmark position
   <a href="https://github-redirect.dependabot.com/jhy/jsoup/issues/1576">jhy/jsoup#1576</a></p>
   </li>
   <li>
   <p>Bugfix [Fuzz]: malformed HTML could result in null elements on stack
   <a href="https://github-redirect.dependabot.com/jhy/jsoup/issues/1579">jhy/jsoup#1579</a></p>
   </li>
   <li>
   <p>Bugfix [Fuzz]: malformed deeply nested table elements could create a stack overflow.
   <a href="https://github-redirect.dependabot.com/jhy/jsoup/issues/1577">jhy/jsoup#1577</a></p>
   </li>
   </ul>
   <!-- raw HTML omitted -->
   </blockquote>
   <p>... (truncated)</p>
   </details>
   <details>
   <summary>Commits</summary>
   <ul>
   <li><a href="https://github.com/jhy/jsoup/commit/19c77325c9abb6f8b8b65034470e15faad6ce822"><code>19c7732</code></a> [maven-release-plugin] prepare release jsoup-1.14.2</li>
   <li><a href="https://github.com/jhy/jsoup/commit/acde180f094e2749d22034916cb35914289e521a"><code>acde180</code></a> Compress harder</li>
   <li><a href="https://github.com/jhy/jsoup/commit/530c5b0fcbef330ea762071144a864e19b1c7595"><code>530c5b0</code></a> Refactored fuzz tests to iterate all files in directory; run timeout tests</li>
   <li><a href="https://github.com/jhy/jsoup/commit/d2c455c94a3aaaca29d8cec6bd53ee9824622b51"><code>d2c455c</code></a> Speed improvement: cap number of cloned active formatting elements</li>
   <li><a href="https://github.com/jhy/jsoup/commit/0dcb53a73cd11530caee713a46d95ac9867b2805"><code>0dcb53a</code></a> Correctly consume to exit state</li>
   <li><a href="https://github.com/jhy/jsoup/commit/42da86439df7545a7418044f7e8804b7dfb2de15"><code>42da864</code></a> In bogusComment, make sure unconsume not called after a potential buffer up</li>
   <li><a href="https://github.com/jhy/jsoup/commit/eba3e39a0d4c6e55295b565511873f81a751dde2"><code>eba3e39</code></a> Fix an IOOB when HTML root cleared and then attributes added</li>
   <li><a href="https://github.com/jhy/jsoup/commit/9d538e634c47754f976e6503ed7e427f92802ec2"><code>9d538e6</code></a> Annotate some nullables</li>
   <li><a href="https://github.com/jhy/jsoup/commit/a909600117d18af97cc432a15a1fa3c67bc100de"><code>a909600</code></a> Comment on URL normalization</li>
   <li><a href="https://github.com/jhy/jsoup/commit/6b3ec64329f24f61f0eb806cef59f1fa5b233ca2"><code>6b3ec64</code></a> Removed unused import</li>
   <li>Additional commits viewable in <a href="https://github.com/jhy/jsoup/compare/jsoup-1.14.1...jsoup-1.14.2">compare view</a></li>
   </ul>
   </details>
   <br />
   
   
   [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.jsoup:jsoup&package-manager=maven&previous-version=1.14.1&new-version=1.14.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   <details>
   <summary>Dependabot commands and options</summary>
   <br />
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
   - `@dependabot merge` will merge this PR after your CI passes on it
   - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
   - `@dependabot cancel merge` will cancel a previously requested merge and block automerging
   - `@dependabot reopen` will reopen this PR if it is closed
   - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
   - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
   - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
   - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
   
   
   </details>


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@myfaces.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [myfaces-tobago] henningn merged pull request #1184: build(deps): bump jsoup from 1.14.1 to 1.14.2

Posted by GitBox <gi...@apache.org>.

henningn merged pull request #1184:
URL: https://github.com/apache/myfaces-tobago/pull/1184


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@myfaces.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org