dependabot[bot] opened a new pull request, #21520: URL: https://github.com/apache/camel/pull/21520
Bumps [com.cedarsoftware:java-util](https://github.com/jdereg/java-util) from 4.93.0 to 4.94.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/jdereg/java-util/blob/master/changelog.md";>com.cedarsoftware:java-util's changelog</a>.</em></p> <blockquote> <h4>4.94.0 - 2026-02-14</h4> <ul> <li><strong>PERFORMANCE</strong>: <code>MathUtilities.parseToMinimalNumericType()</code> numeric analysis was refactored to a single-pass scan with no intermediate <code>StringBuilder</code>/substring reconstruction on the hot path.</li> <li><strong>PERFORMANCE</strong>: Added <code>MathUtilities.parseToMinimalNumericType(CharSequence)</code> overload so callers with buffered number text can avoid extra conversion work before numeric type selection.</li> <li><strong>PERFORMANCE</strong>: Added reusable-buffer constructors for high-throughput JSON pipelines: <ul> <li><code>FastByteArrayOutputStream(byte[] initialBuffer)</code></li> <li><code>FastWriter(Writer out, char[] buffer)</code></li> <li><code>FastReader(Reader in, char[] buffer, char[] pushbackBuffer)</code> These allow caller-managed buffer reuse and reduce repeated <code>byte[]</code>/<code>char[]</code> allocations in hot String read/write loops.</li> </ul> </li> <li><strong>PERFORMANCE</strong>: <code>ClassUtilities.newInstance()</code> now caches constructor selection by argument shape (argument count + runtime type/null shape) via <code>ConstructorPlan</code> entries, avoiding repeated constructor re-selection/mismatch work when the same class is instantiated with different argument signatures.</li> <li><strong>PERFORMANCE</strong>: <code>ClassUtilities.newInstance()</code> varargs matching no longer allocates intermediate parameter/value copies (<code>Arrays.copyOf(...)</code>, <code>unused.toArray()</code>, and parameter slice copies). Matching now uses index ranges and pre-sized arrays, reducing allocation pressure in constructor-heavy workloads.</li> <li><strong>PERFORMANCE</strong>: <code>ClassUtilities.newInstance()</code> map-argument handling now defers positional normalization until named-parameter matching is actually needed, adds a dense <code>arg0..argN</code> fast path for positional fallback ordering, and caches per-class named-parameter viability to avoid repeated constructor parameter-name scans.</li> <li><strong>SECURITY FIX</strong>: <code>ClassUtilities.forName()</code> - Blocked-class checks now apply to array component types for both Java-style names (<code>java.lang.Runtime[]</code>) and JVM descriptors (<code>[Ljava/lang/Runtime;</code>), including when a custom <code>ClassLoader</code> is supplied. Added component-type verification after load so blocked classes cannot be exposed through array wrappers.</li> <li><strong>SECURITY/PERFORMANCE</strong>: <code>ClassUtilities</code> - Bounded negative class-name cache entries per class loader (<code>MAX_NEGATIVE_CLASS_CACHE_ENTRIES</code>) to prevent unbounded memory growth from repeated unique class-miss lookups.</li> <li><strong>PERFORMANCE</strong>: <code>ClassUtilities.validateAndNormalizeResourcePath()</code> - Replaced <code>split("/")</code> traversal-segment check with a single-pass scan and switched case-folding to <code>Locale.ROOT</code>.</li> <li><strong>BUG FIX</strong>: <code>FastReader</code> now guards against pathological underlying <code>Reader.read(char[],off,len)</code> implementations that repeatedly return <code>0</code> without progress, throwing a descriptive <code>IOException</code> after a bounded retry threshold.</li> <li><strong>PERFORMANCE</strong>: <code>FastWriter.write(int)</code> removed a redundant pre-write capacity check (single flush check remains), and <code>write(char[],off,len)</code> now flushes immediately when the buffer is filled exactly, reducing extra boundary checks in hot paths.</li> <li><strong>PERFORMANCE</strong>: <code>ClassUtilities</code> - Simplified the constructor argument matching pipeline from 5 phases to 4 by folding primitive/wrapper matching into the inheritance matching phase. <code>ClassHierarchyInfo</code> now includes the primitive/wrapper counterpart at distance 1 (e.g., <code>Integer</code>'s hierarchy includes <code>int</code> at distance 1), so <code>findInheritanceMatches()</code> handles boxing/unboxing naturally. Removed the separate <code>findPrimitiveWrapperMatches()</code> phase.</li> <li><strong>CLEANUP</strong>: <code>ClassUtilities</code> - Deduplicated varargs argument matching code. Extracted <code>matchFixedParameters()</code> and <code>packVarargsArray()</code> helpers from <code>matchArgumentsWithVarargs()</code>, eliminating ~65 lines of duplicated conversion/packing logic between the "has fixed params" and "no fixed params" branches.</li> <li><strong>IMPROVEMENT</strong>: <code>Converter</code> - Bridge conversion expansion now iterates until convergence, ensuring all reachable multi-hop conversion paths are discovered regardless of surrogate pair definition order. Previously used a single forward+reverse pass which was sufficient for current pair definitions but fragile to future additions. The convergence loop terminates after 1 iteration for current types (zero cost), but automatically handles deeper chains if new surrogate pairs are added.</li> <li><strong>IMPROVEMENT</strong>: <code>Converter</code> - Added full <code>BitSet</code> simple-type bridge support by registering <code>BitSet <-> String</code> surrogate/primary pairs, direct <code>Map -> BitSet</code> conversion, and <code>BitSet -> BitSet</code> copy conversion semantics. Expanded <code>ConverterEverythingTest</code> BitSet cross-product coverage so missing BitSet conversion pairs are auto-filled and verified.</li> <li><strong>API CLEANUP</strong>: Removed one-arg <code>isConversionSupportedFor(Class<?>)</code> from both <code>com.cedarsoftware.util.Converter</code> and <code>com.cedarsoftware.util.convert.Converter</code>. Callers should use <code>isConversionSupportedFor(type, type)</code> for same-type capability checks.</li> <li><strong>API CLEANUP</strong>: Consolidated internal one-arg simple-type call sites to the 2-arg form and removed associated one-arg cache plumbing in <code>Converter</code> to reduce API surface and maintenance complexity.</li> <li><strong>COMPATIBILITY</strong>: Reintroduced one-arg <code>isSimpleTypeConversionSupported(Class<?>)</code> as <code>@Deprecated</code> compatibility bridges (delegating to <code>isSimpleTypeConversionSupported(type, type)</code>) so projects pinned to older <code>json-io</code> binaries continue to run during migration.</li> <li><strong>REFACTOR</strong>: Simplified <code>isSimpleTypeConversionSupported(source, target)</code> implementation into a thin semantic gate over <code>isConversionSupportedFor(source, target)</code> while preserving custom-override and container exclusion behavior.</li> <li><strong>PERFORMANCE</strong>: <code>Converter</code> inheritance-pair cache now uses <code>Map<ConversionPair, InheritancePair[]></code> keyed directly by <code>(sourceType, targetType)</code> instead of <code>MultiKeyMap</code>, reducing cache key construction overhead in conversion-support lookups.</li> <li><strong>MAINTENANCE</strong>: Verified <code>Converter.isConversionSupportedFor(source, target)</code> as the compatibility predicate for json-io scalar fast-path converter gating, enabling downstream simplification away from pair-form "simple type" checks while preserving conversion behavior.</li> <li><strong>MAINTENANCE</strong>: Version bump to 4.94.0, json-io test dependency updated to 4.93.0.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/jdereg/java-util/commit/6b506ae30e0cf964a5474b61e10075c9987f615f";><code>6b506ae</code></a> Switch inheritance-pair cache to ConversionPair-keyed map</li> <li><a href="https://github.com/jdereg/java-util/commit/6ed440e8f6e2f8cecff9b755c3dec40f057be6a3";><code>6ed440e</code></a> Simplify simple-type support checks and retain deprecated 1-arg bridge</li> <li><a href="https://github.com/jdereg/java-util/commit/9bdec819b4bde9de13d660eabff474d47075f848";><code>9bdec81</code></a> Optimize ClassUtilities map argument constructor matching</li> <li><a href="https://github.com/jdereg/java-util/commit/9bd96c709cab6af1dcbd9054dbfb882a257c0785";><code>9bd96c7</code></a> Update changelog for converter support predicate guidance</li> <li><a href="https://github.com/jdereg/java-util/commit/d273a4137e8d250a43ea607d8860c2a8c44b5690";><code>d273a41</code></a> Add BitSet simple-type conversion bridges and coverage</li> <li><a href="https://github.com/jdereg/java-util/commit/97534754d4d05907a5035806b8ddf96f72fed8fc";><code>9753475</code></a> Remove TypeUtilities computeIfAbsent lambdas in hot caches</li> <li><a href="https://github.com/jdereg/java-util/commit/decd7fb3cd16ce91b191cd62b04a55e22c6f6012";><code>decd7fb</code></a> Optimize minimal numeric parsing and add CharSequence overload</li> <li><a href="https://github.com/jdereg/java-util/commit/229453d28e7362c93caece4a43841a48cae78675";><code>229453d</code></a> perf: add reusable buffers for FastReader/FastWriter/FastBAOS</li> <li><a href="https://github.com/jdereg/java-util/commit/d440fb907457c7116c894783d3190c921d6e3eb4";><code>d440fb9</code></a> Optimize ClassUtilities constructor matching and varargs allocation path</li> <li><a href="https://github.com/jdereg/java-util/commit/37b1b2006374f8ec7dff3719b65322318be2f671";><code>37b1b20</code></a> Harden ClassUtilities cache/security checks and tighten FastReader/FastWriter...</li> <li>Additional commits viewable in <a href="https://github.com/jdereg/java-util/compare/4.93.0...4.94.0";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
