dependabot[bot] opened a new pull request, #6565: URL: https://github.com/apache/myfaces-tobago/pull/6565
Bumps [org.jsoup:jsoup](https://github.com/jhy/jsoup) from 1.20.1 to 1.21.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/jhy/jsoup/releases";>org.jsoup:jsoup's releases</a>.</em></p> <blockquote> <h2>jsoup 1.21.1</h2> <p><strong>jsoup 1.21.1</strong> is out now, featuring powerful new node selection capabilities that let you target specific DOM nodes like comments and text nodes using CSS selectors, dynamic tag customization through the new TagSet callback system, and improved defense against mutation XSS attacks with simplified attribute escaping. This release also brings HTTP/2 support by default, numerous API improvements for better developer experience, and fixes for several edge-case parsing issues.</p> <p><strong>jsoup</strong> is a Java library for working with real-world HTML and XML. It provides a very convenient API for extracting and manipulating data, using the best of HTML5 DOM methods and CSS selectors.</p> <h3>Changes</h3> <ul> <li>Removed previously deprecated methods. <!-- raw HTML omitted --><a href="https://redirect.github.com/jhy/jsoup/pull/2317";>#2317</a><!-- raw HTML omitted --></li> <li>Deprecated the <code>:matchText</code> pseduo-selector due to its side effects on the DOM; use the new <code>::textnode</code> selector and the <code>Element#selectNodes(String css, Class<T> type)</code> method instead. <!-- raw HTML omitted --><a href="https://redirect.github.com/jhy/jsoup/pull/2343";>#2343</a><!-- raw HTML omitted --></li> <li>Deprecated <code>Connection.Response#bufferUp()</code> in lieu of <code>Connection.Response#readFully()</code> which can throw a checked IOException.</li> <li>Deprecated internal methods <code>Validate#ensureNotNull(Object)</code> (replaced by typed <code>Validate#expectNotNull(T)</code>); protected HTML appenders from Attribute and Node.</li> <li>If you happen to be using any of the deprecated methods, please take the opportunity now to migrate away from them, as they will be removed in a future release.</li> </ul> <h3>Improvements</h3> <ul> <li>Enhanced the <code>Selector</code> to support direct matching against nodes such as comments and text nodes. For example, you can now find an element that follows a specific comment: <code>::comment:contains(prices) + p</code> will select <code>p</code> elements immediately after a <code><!-- prices: --></code> comment. Supported types include <code>::node</code>, <code>::leafnode</code>, <code>::comment</code>, <code>::text</code>, <code>::data</code>, and <code>::cdata</code>. Node contextual selectors like <code>::node:contains(text)</code>, <code>:matches(regex)</code>, and <code>:blank</code> are also supported. Introduced <code>Element#selectNodes(String css)</code> and <code>Element#selectNodes(String css, Class<T> nodeType)</code> for direct node selection. <!-- raw HTML omitted --><a href="https://redirect.github.com/jhy/jsoup/pull/2324";>#2324</a><!-- raw HTML omitted --></li> <li>Added <code>TagSet#onNewTag(Consumer<Tag> customizer)</code>: register a callback that’s invoked for each new or cloned Tag when it’s inserted into the set. Enables dynamic tweaks of tag options (for example, marking all custom tags as self-closing, or everything in a given namespace as preserving whitespace). <!-- raw HTML omitted --><a href="https://redirect.github.com/jhy/jsoup/issues/2330";>#2330</a><!-- raw HTML omitted --></li> <li>Made <code>TokenQueue</code> and <code>CharacterReader</code> autocloseable, to ensure that they will release their buffers back to the buffer pool, for later reuse.</li> <li>Added <code>Selector#evaluatorOf(String css)</code>, as a clearer way to obtain an Evaluator from a CSS query. An alias of <code>QueryParser.parse(String css)</code>.</li> <li>Custom tags (defined via the <code>TagSet</code>) in a foreign namespace (e.g. SVG) can be configured to parse as data tags.</li> <li>Added <code>NodeVisitor#traverse(Node)</code> to simplify node traversal calls (vs. importing <code>NodeTraversor</code>).</li> <li>Updated the default user-agent string to improve compatibility. <!-- raw HTML omitted --><a href="https://redirect.github.com/jhy/jsoup/issues/2341";>#2341</a><!-- raw HTML omitted --></li> <li>The HTML parser now allows the specific text-data type (Data, RcData) to be customized for known tags. (Previously, that was only supported on custom tags.) <!-- raw HTML omitted --><a href="https://redirect.github.com/jhy/jsoup/issues/2326";>#2326</a><!-- raw HTML omitted --></li> <li>Added <code>Connection.Response#readFully()</code> as a replacement for <code>Connection.Response#bufferUp()</code> with an explicit IOException. Similarly, added <code>Connection.Response#readBody()</code> over <code>Connection.Response#body()</code>. Deprecated <code>Connection.Response#bufferUp()</code>. <!-- raw HTML omitted --><a href="https://redirect.github.com/jhy/jsoup/pull/2327";>#2327</a><!-- raw HTML omitted --></li> <li>When serializing HTML, the <code><</code> and <code>></code> characters are now escaped in attributes. This helps prevent a class of mutation XSS attacks. <!-- raw HTML omitted --><a href="https://redirect.github.com/jhy/jsoup/pull/2337";>#2337</a><!-- raw HTML omitted --></li> <li>Changed <code>Connection</code> to prefer using the JDK's HttpClient over HttpUrlConnection, if available, to enable HTTP/2 support by default. Users can disable via <code>-Djsoup.useHttpClient=false</code>. <!-- raw HTML omitted --><a href="https://redirect.github.com/jhy/jsoup/pull/2340";>#2340</a><!-- raw HTML omitted --></li> </ul> <h3>Bug Fixes</h3> <ul> <li>The contents of a <code>script</code> in a <code>svg</code> foreign context should be parsed as script data, not text. <!-- raw HTML omitted --><a href="https://redirect.github.com/jhy/jsoup/issues/2320";>#2320</a><!-- raw HTML omitted --></li> <li><code>Tag#isFormSubmittable()</code> was updating the Tag's options. <!-- raw HTML omitted --><a href="https://redirect.github.com/jhy/jsoup/issues/2323";>#2323</a><!-- raw HTML omitted --></li> <li>The HTML pretty-printer would incorrectly trim whitespace when text followed an inline element in a block element. <!-- raw HTML omitted --><a href="https://redirect.github.com/jhy/jsoup/issues/2325";>#2325</a><!-- raw HTML omitted --></li> <li>Custom tags with hyphens or other non-letter characters in their names now work correctly as Data or RcData tags. Their closing tags are now tokenized properly. <!-- raw HTML omitted --><a href="https://redirect.github.com/jhy/jsoup/issues/2332";>#2332</a><!-- raw HTML omitted --></li> <li>When cloning an Element, the clone would retain the source's cached child Element list (if any), which could lead to incorrect results when modifying the clone's child elements. <!-- raw HTML omitted --><a href="https://redirect.github.com/jhy/jsoup/issues/2334";>#2334</a><!-- raw HTML omitted --></li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/jhy/jsoup/blob/master/CHANGES.md";>org.jsoup:jsoup's changelog</a>.</em></p> <blockquote> <h2>1.21.1 (2025-Jun-23)</h2> <h3>Changes</h3> <ul> <li>Removed previously deprecated methods. <a href="https://redirect.github.com/jhy/jsoup/pull/2317";>#2317</a></li> <li>Deprecated the <code>:matchText</code> pseduo-selector due to its side effects on the DOM; use the new <code>::textnode</code> selector and the <code>Element#selectNodes(String css, Class type)</code> method instead. <a href="https://redirect.github.com/jhy/jsoup/pull/2343";>#2343</a></li> <li>Deprecated <code>Connection.Response#bufferUp()</code> in lieu of <code>Connection.Response#readFully()</code> which can throw a checked IOException.</li> <li>Deprecated internal methods <code>Validate#ensureNotNull</code> (replaced by typed <code>Validate#expectNotNull</code>); protected HTML appenders from Attribute and Node.</li> <li>If you happen to be using any of the deprecated methods, please take the opportunity now to migrate away from them, as they will be removed in a future release.</li> </ul> <h3>Improvements</h3> <ul> <li>Enhanced the <code>Selector</code> to support direct matching against nodes such as comments and text nodes. For example, you can now find an element that follows a specific comment: <code>::comment:contains(prices) + p</code> will select <code>p</code> elements immediately after a <code><!-- prices: --></code> comment. Supported types include <code>::node</code>, <code>::leafnode</code>, <code>::comment</code>, <code>::text</code>, <code>::data</code>, and <code>::cdata</code>. Node contextual selectors like <code>::node:contains(text)</code>, <code>:matches(regex)</code>, and <code>:blank</code> are also supported. Introduced <code>Element#selectNodes(String css)</code> and <code>Element#selectNodes(String css, Class nodeType)</code> for direct node selection. <a href="https://redirect.github.com/jhy/jsoup/pull/2324";>#2324</a></li> <li>Added <code>TagSet#onNewTag(Consumer<Tag> customizer)</code>: register a callback that’s invoked for each new or cloned Tag when it’s inserted into the set. Enables dynamic tweaks of tag options (for example, marking all custom tags as self-closing, or everything in a given namespace as preserving whitespace).</li> <li>Made <code>TokenQueue</code> and <code>CharacterReader</code> autocloseable, to ensure that they will release their buffers back to the buffer pool, for later reuse.</li> <li>Added <code>Selector#evaluatorOf(String css)</code>, as a clearer way to obtain an Evaluator from a CSS query. An alias of <code>QueryParser.parse(String css)</code>.</li> <li>Custom tags (defined via the <code>TagSet</code>) in a foreign namespace (e.g. SVG) can be configured to parse as data tags.</li> <li>Added <code>NodeVisitor#traverse(Node)</code> to simplify node traversal calls (vs. importing <code>NodeTraversor</code>).</li> <li>Updated the default user-agent string to improve compatibility. <a href="https://redirect.github.com/jhy/jsoup/issues/2341";>#2341</a></li> <li>The HTML parser now allows the specific text-data type (Data, RcData) to be customized for known tags. (Previously, that was only supported on custom tags.) <a href="https://redirect.github.com/jhy/jsoup/issues/2326";>#2326</a>.</li> <li>Added <code>Connection#readFully()</code> as a replacement for <code>Connection#bufferUp()</code> with an explicit IOException. Similarly, added <code>Connection#readBody()</code> over <code>Connection#body()</code>. Deprecated <code>Connection#bufferUp()</code>. <a href="https://redirect.github.com/jhy/jsoup/pull/2327";>#2327</a></li> <li>When serializing HTML, the <code><</code> and <code>></code> characters are now escaped in attributes. This helps prevent a class of mutation XSS attacks. <a href="https://redirect.github.com/jhy/jsoup/pull/2337";>#2337</a></li> <li>Changed <code>Connection</code> to prefer using the JDK's HttpClient over HttpUrlConnection, if available, to enable HTTP/2 support by default. Users can disable via <code>-Djsoup.useHttpClient=false</code>. <a href="https://redirect.github.com/jhy/jsoup/pull/2340";>#2340</a></li> </ul> <h3>Bug Fixes</h3> <ul> <li>The contents of a <code>script</code> in a <code>svg</code> foreign context should be parsed as script data, not text. <a href="https://redirect.github.com/jhy/jsoup/issues/2320";>#2320</a></li> <li><code>Tag#isFormSubmittable()</code> was updating the Tag's options. <a href="https://redirect.github.com/jhy/jsoup/issues/2323";>#2323</a></li> <li>The HTML pretty-printer would incorrectly trim whitespace when text followed an inline element in a block element. <a href="https://redirect.github.com/jhy/jsoup/issues/2325";>#2325</a></li> <li>Custom tags with hyphens or other non-letter characters in their names now work correctly as Data or RcData tags. Their closing tags are now tokenized properly. <a href="https://redirect.github.com/jhy/jsoup/issues/2332";>#2332</a></li> <li>When cloning an Element, the clone would retain the source's cached child Element list (if any), which could lead to incorrect results when modifying the clone's child elements. <a href="https://redirect.github.com/jhy/jsoup/issues/2334";>#2334</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/jhy/jsoup/commit/9a059f4be554afaf791ddeb4a2fb7ebba0d6c9cb";><code>9a059f4</code></a> [maven-release-plugin] prepare release jsoup-1.21.1</li> <li><a href="https://github.com/jhy/jsoup/commit/a9f6ad0cbf2ec738af9d5ba57d8681925ab74772";><code>a9f6ad0</code></a> Prep 1.21.1 release</li> <li><a href="https://github.com/jhy/jsoup/commit/63ed60b84cbd23672569926b7fb191ded5af34d3";><code>63ed60b</code></a> Tidy up exception test</li> <li><a href="https://github.com/jhy/jsoup/commit/a4d451f3d0e200359f965067f9a2ff6eda8b1726";><code>a4d451f</code></a> Improved unhandled node type error msg</li> <li><a href="https://github.com/jhy/jsoup/commit/cf8822103dfc12c93b459518cc72e92cd6cab51b";><code>cf88221</code></a> Added <code>::cdata</code> node selector</li> <li><a href="https://github.com/jhy/jsoup/commit/893706ad9b7310b84b02077e93bb311f1029407f";><code>893706a</code></a> Deprecate <code>:matchText</code> selector (<a href="https://redirect.github.com/jhy/jsoup/issues/2343";>#2343</a>)</li> <li><a href="https://github.com/jhy/jsoup/commit/2a73678bf321b1bde0feae328fb378e11f011abd";><code>2a73678</code></a> Added javadoc note for Connection#timeout</li> <li><a href="https://github.com/jhy/jsoup/commit/3f7066506d0785673c092c1fde9629c4b5c65773";><code>3f70665</code></a> Fix date format</li> <li><a href="https://github.com/jhy/jsoup/commit/2f48c6596b68eefd329f9604a46c70c442370c67";><code>2f48c65</code></a> Updated the default UA</li> <li><a href="https://github.com/jhy/jsoup/commit/42dbaa00c553d202e550e6086ce4f17e8aaac064";><code>42dbaa0</code></a> Cleanup redundant Syntax parameter</li> <li>Additional commits viewable in <a href="https://github.com/jhy/jsoup/compare/jsoup-1.20.1...jsoup-1.21.1";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@myfaces.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
