dependabot[bot] opened a new pull request, #18600: URL: https://github.com/apache/camel/pull/18600
Bumps [com.cedarsoftware:java-util](https://github.com/jdereg/java-util) from 3.5.0 to 3.6.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/jdereg/java-util/blob/master/changelog.md";>com.cedarsoftware:java-util's changelog</a>.</em></p> <blockquote> <h4>3.6.0</h4> <blockquote> <ul> <li><strong>MAJOR FEATURE</strong>: Added many additional types to <code>Converter</code>, expanding conversion capability (1,700+ total conversion pairs): <ul> <li><strong>Atomic Arrays</strong>: Added full bidirectional conversion support for <code>AtomicIntegerArray</code>, <code>AtomicLongArray</code>, and <code>AtomicReferenceArray</code></li> <li><strong>NIO Buffers</strong>: Added complete bridge system for all NIO buffer types (<code>IntBuffer</code>, <code>LongBuffer</code>, <code>FloatBuffer</code>, <code>DoubleBuffer</code>, <code>ShortBuffer</code>) with existing <code>ByteBuffer</code> and <code>CharBuffer</code></li> <li><strong>BitSet Integration</strong>: Added intelligent <code>BitSet</code> conversion support with bridges to <code>boolean[]</code> (bit values), <code>int[]</code> (set bit indices), and <code>byte[]</code> (raw representation)</li> <li><strong>Stream API</strong>: Added bidirectional conversion support for <code>IntStream</code>, <code>LongStream</code>, and <code>DoubleStream</code> primitive streams</li> <li><strong>Universal Array Access</strong>: Each array-like type now has access to the entire universal array conversion ecosystem - for example, <code>AtomicIntegerArray</code> → <code>int[]</code> → <code>Color</code> works seamlessly</li> <li><strong>Performance Optimized</strong>: All bridges use efficient extraction/creation patterns with minimal overhead</li> <li>Removed redundant array surrogate pairs that were duplicating universal array system functionality</li> <li><strong>MutliKeyMap</strong> - Yes, a MultiKeyMap that supports n-keys, creates no heap pressure for get() { no allocations (new) within get() execution path}, full thread-safety for all operations.</li> </ul> </li> <li><strong>ARCHITECTURE IMPROVEMENT</strong>: Enhanced <code>addConversion()</code> method with comprehensive primitive/wrapper support: <ul> <li>When adding a conversion involving primitive or wrapper types, the system now automatically creates ALL relevant combinations</li> <li>Example: <code>addConversion(UUID.class, Boolean.class, converter)</code> now creates entries for both <code>(UUID, Boolean)</code> and <code>(UUID, boolean)</code></li> <li>Eliminates runtime double-lookup overhead in favor of storage-time enumeration for better performance</li> <li>Ensures seamless primitive/wrapper interoperability in user-defined conversions</li> <li><strong>Code Simplification</strong>: Refactored implementation to leverage existing <code>ClassUtilities</code> methods, reducing complexity while maintaining identical functionality</li> </ul> </li> <li><strong>API ENHANCEMENT</strong>: Added <code>ClassUtilities.toPrimitiveClass()</code> method as complement to existing <code>toPrimitiveWrapperClass()</code>: <ul> <li>Converts wrapper classes to their corresponding primitive classes (e.g., <code>Integer.class</code> → <code>int.class</code>)</li> </ul> </li> <li><code>ConcurrentList</code> now uses chunked atomic buckets for lock-free deque operations. See userguide for architecture diagram and capabilities table <ul> <li>Returns the same class if not a wrapper type, ensuring safe usage for any class</li> <li>Leverages optimized <code>ClassValueMap</code> caching for high-performance lookups</li> <li>Centralizes primitive/wrapper conversion logic in <code>ClassUtilities</code> for consistency across java-util</li> </ul> </li> <li><strong>BUG FIX</strong>: Fixed time conversion precision inconsistencies in <code>Converter</code> for consistent long conversion behavior: <ul> <li><strong>Consistency Fix</strong>: All time classes now consistently convert to/from <code>long</code> using <strong>millisecond precision</strong> (eliminates mixed millisecond/nanosecond behavior)</li> <li><strong>Universal Rule</strong>: <code>Duration</code> → long, <code>Instant</code> → long, <code>LocalTime</code> → long now all return milliseconds for predictable behavior</li> <li><strong>Round-trip Compatibility</strong>: Long ↔ time class conversions are now fully round-trip compatible with consistent precision</li> <li><strong>BigInteger Unchanged</strong>: BigInteger conversions continue to use precision-based rules (legacy classes = millis, modern classes = nanos)</li> <li><strong>Feature Options</strong>: Added configurable precision control for advanced use cases requiring nanosecond precision: <ul> <li>System properties: <code>cedarsoftware.converter.modern.time.long.precision</code>, <code>cedarsoftware.converter.duration.long.precision</code>, <code>cedarsoftware.converter.localtime.long.precision</code></li> <li>Per-instance options via <code>ConverterOptions.getCustomOption()</code> - see <a href="https://github.com/jdereg/java-util/blob/master/userguide.md#time-conversion-precision-rules";>Time Conversion Documentation</a> for details</li> </ul> </li> <li><strong>Impact</strong>: Minimal - fixes inconsistent behavior and provides migration path through feature options</li> <li><strong>Rationale</strong>: Eliminates confusion from mixed precision behavior and provides simple, memorable conversion rules</li> </ul> </li> <li>Added <code>computeIfAbsent</code> support to <code>MultiKeyMap</code> for lazy value population</li> <li>Added <code>putIfAbsent</code> support to <code>MultiKeyMap</code> for atomic insert when key is missing or mapped to null</li> <li>Expanded <code>MultiKeyMap</code> to fully implement <code>ConcurrentMap</code>: added <code>computeIfPresent</code>, <code>compute</code>, <code>replace</code>, and <code>remove(key,value)</code></li> <li>Fixed stripe locking in <code>MultiKeyMap</code> to consistently use <code>ReentrantLock</code></li> <li><strong>Feature Enhancements</strong>: <ul> <li>Supports conversion from String formats: hex colors (<code>#FF0000</code>, <code>FF0000</code>), named colors (<code>red</code>, <code>blue</code>, etc.), <code>rgb(r,g,b)</code>, and <code>rgba(r,g,b,a)</code> formats</li> <li>Supports conversion from Map format using keys: <code>red</code>, <code>green</code>, <code>blue</code>, <code>alpha</code>, <code>rgb</code>, <code>color</code>, and <code>value</code></li> <li>Supports conversion from Map format using short keys: <code>r</code>, <code>g</code>, <code>b</code>, and <code>a</code> for compact representation</li> <li>Supports conversion from int arrays: <code>[r,g,b]</code> and <code>[r,g,b,a]</code> formats with validation</li> <li>Supports conversion from numeric types: Integer/Long packed RGB/ARGB values</li> <li>Supports conversion to all above formats with proper round-trip compatibility</li> <li>Values are converted through <code>converter.convert()</code> allowing String, AtomicInteger, Double, etc. as color component values</li> <li>Added comprehensive test coverage with 38 test methods covering all conversion scenarios</li> <li>Eliminates need for custom Color factories in json-io and other serialization libraries</li> <li>The static <code>Converter.getInstance()</code> method remains available for accessing the default shared instance</li> </ul> </li> <li><strong>Security Enhancement</strong>: Fixed critical security vulnerabilities in <code>CompactMap</code> dynamic code generation: <ul> <li>Added strict input sanitization to prevent code injection attacks in class name generation</li> <li>Fixed memory leak by using <code>WeakReference</code> for generated class caching to allow garbage collection</li> </ul> </li> </ul> </blockquote> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/jdereg/java-util/commit/c723f640e16955045d84cc2cc21dffc9bbbf93d5";><code>c723f64</code></a> updated pom and moved version number to version number section</li> <li><a href="https://github.com/jdereg/java-util/commit/48ae2f313bc64a3cb31d05d5c2454b0f24a1f8c4";><code>48ae2f3</code></a> - Updated to use new maven sonatype publishing process</li> <li><a href="https://github.com/jdereg/java-util/commit/bef79cca8a717ec4bf826256abc5f3e9cf59cc6a";><code>bef79cc</code></a> Sped up test by not using Compiled version</li> <li><a href="https://github.com/jdereg/java-util/commit/52e18e1b140657897175732540ab2ab6a72f1425";><code>52e18e1</code></a> Sped up test by not using Compiled version</li> <li><a href="https://github.com/jdereg/java-util/commit/4a7999344736d8dc554eed3f142a5277c2d1485a";><code>4a79993</code></a> Converted to using now compiling Map for performance test</li> <li><a href="https://github.com/jdereg/java-util/commit/680976c76fc839e9df172ff4abd42d6c7082aa3d";><code>680976c</code></a> updated pom</li> <li><a href="https://github.com/jdereg/java-util/commit/7a5a48784ff3c6cdd990dfe4af3fc4e12dd6da8b";><code>7a5a487</code></a> significant changes, see changelog.md</li> <li><a href="https://github.com/jdereg/java-util/commit/adfe1890ece4748ab2237119908082ca0c12ba7b";><code>adfe189</code></a> added clarity about negative buckets and internal indexing so that it is clea...</li> <li><a href="https://github.com/jdereg/java-util/commit/d60f1f67bb81107c4846d8563a0edf8a391a7870";><code>d60f1f6</code></a> fixed GitHub compatibility issues (Attempt 1)</li> <li><a href="https://github.com/jdereg/java-util/commit/f5190a8d8b19217f6bdb75679df28d6af6d0c9f8";><code>f5190a8</code></a> Added architecture diagram for ConcurrentList</li> <li>Additional commits viewable in <a href="https://github.com/jdereg/java-util/compare/3.5.0...3.6.0";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
