dependabot[bot] opened a new pull request, #1322: URL: https://github.com/apache/maven-assembly-plugin/pull/1322
Bumps [jaxen:jaxen](https://github.com/jaxen-xpath/jaxen) from 2.0.4 to 2.0.5. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/jaxen-xpath/jaxen/releases";>jaxen:jaxen's releases</a>.</em></p> <blockquote> <h2>2.0.5</h2> <p>Version 2.0.5 converts still more recursive algorithms in the core parser to safer iterative forms. This enables Jaxen to handle even larger and more complex XPath expressions.</p> <p>For the recursive code that remains, higher level evaluation and parsing now catches stack overflow errors if they do occur, and wraps them inside a regular checked JaxenException so it won't bring down the entire program. This should be fairly robust and complete protection against DoS attacks on recursive code, even with arbitrary untrusted input. I don't know why I didn't think of this earlier. I probably just had an unquestioned rule in my head that you can't recover from errors, which isn't actually true in the case of stack overflow errors.</p> <h2>PRs</h2> <ul> <li>Bump org.apache.maven.plugins:maven-project-info-reports-plugin from 3.6.2 to 3.9.0 by <a href="https://github.com/dependabot";><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/jaxen-xpath/jaxen/pull/426";>jaxen-xpath/jaxen#426</a></li> <li>Bump org.apache.maven.plugins:maven-assembly-plugin from 3.7.1 to 3.8.0 by <a href="https://github.com/dependabot";><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/jaxen-xpath/jaxen/pull/425";>jaxen-xpath/jaxen#425</a></li> <li>Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.10.1 to 3.12.0 by <a href="https://github.com/dependabot";><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/jaxen-xpath/jaxen/pull/422";>jaxen-xpath/jaxen#422</a></li> <li>Bump org.apache.maven.plugins:maven-resources-plugin from 3.3.1 to 3.5.0 by <a href="https://github.com/dependabot";><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/jaxen-xpath/jaxen/pull/423";>jaxen-xpath/jaxen#423</a></li> <li>Upgrade XOM to 1.4.2 and fix Java 8 <code>ElementTraversal</code> classpath breakage by <a href="https://github.com/Copilot";><code>@Copilot</code></a> in <a href="https://redirect.github.com/jaxen-xpath/jaxen/pull/428";>jaxen-xpath/jaxen#428</a></li> <li>Resolve unresolved Maven site variables and enforce static HTML/CSS-only Pages output by <a href="https://github.com/Copilot";><code>@Copilot</code></a> in <a href="https://redirect.github.com/jaxen-xpath/jaxen/pull/430";>jaxen-xpath/jaxen#430</a></li> <li>remove public modifier from interfaces by <a href="https://github.com/hduelme";><code>@hduelme</code></a> in <a href="https://redirect.github.com/jaxen-xpath/jaxen/pull/172";>jaxen-xpath/jaxen#172</a></li> <li>don't fully qualify SAXPathException by <a href="https://github.com/elharo";><code>@elharo</code></a> in <a href="https://redirect.github.com/jaxen-xpath/jaxen/pull/439";>jaxen-xpath/jaxen#439</a></li> <li>Fix unterminated string literal handling and add regression tests at lexer and API levels by <a href="https://github.com/Copilot";><code>@Copilot</code></a> in <a href="https://redirect.github.com/jaxen-xpath/jaxen/pull/433";>jaxen-xpath/jaxen#433</a></li> <li>avoid recursion by <a href="https://github.com/elharo";><code>@elharo</code></a> in <a href="https://redirect.github.com/jaxen-xpath/jaxen/pull/431";>jaxen-xpath/jaxen#431</a></li> <li>remove debugging code by <a href="https://github.com/elharo";><code>@elharo</code></a> in <a href="https://redirect.github.com/jaxen-xpath/jaxen/pull/446";>jaxen-xpath/jaxen#446</a></li> <li>deprecate simplify by <a href="https://github.com/elharo";><code>@elharo</code></a> in <a href="https://redirect.github.com/jaxen-xpath/jaxen/pull/445";>jaxen-xpath/jaxen#445</a></li> <li>Inline dead <code>PatternParser.USE_HANDLER</code> branch by <a href="https://github.com/Copilot";><code>@Copilot</code></a> in <a href="https://redirect.github.com/jaxen-xpath/jaxen/pull/448";>jaxen-xpath/jaxen#448</a></li> <li>deprecate simplify by <a href="https://github.com/elharo";><code>@elharo</code></a> in <a href="https://redirect.github.com/jaxen-xpath/jaxen/pull/449";>jaxen-xpath/jaxen#449</a></li> <li>Suppress javac obsolete-options warnings for Java 1.5 target builds by <a href="https://github.com/Copilot";><code>@Copilot</code></a> in <a href="https://redirect.github.com/jaxen-xpath/jaxen/pull/453";>jaxen-xpath/jaxen#453</a></li> <li>add 2.0.4 release notes by <a href="https://github.com/elharo";><code>@elharo</code></a> in <a href="https://redirect.github.com/jaxen-xpath/jaxen/pull/456";>jaxen-xpath/jaxen#456</a></li> <li>Fix XPath union precedence relative to additive expressions by <a href="https://github.com/Copilot";><code>@Copilot</code></a> in <a href="https://redirect.github.com/jaxen-xpath/jaxen/pull/460";>jaxen-xpath/jaxen#460</a></li> <li>Remove recursion from union operations by <a href="https://github.com/elharo";><code>@elharo</code></a> in <a href="https://redirect.github.com/jaxen-xpath/jaxen/pull/455";>jaxen-xpath/jaxen#455</a></li> <li>Avoid recursion when processing and and or by <a href="https://github.com/elharo";><code>@elharo</code></a> in <a href="https://redirect.github.com/jaxen-xpath/jaxen/pull/461";>jaxen-xpath/jaxen#461</a></li> <li>Prevent parser stack overflow on deeply nested parenthesized filter expressions by <a href="https://github.com/Copilot";><code>@Copilot</code></a> in <a href="https://redirect.github.com/jaxen-xpath/jaxen/pull/462";>jaxen-xpath/jaxen#462</a></li> <li>Bump org.apache.maven.plugins:maven-gpg-plugin from 3.2.7 to 3.2.8 by <a href="https://github.com/dependabot";><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/jaxen-xpath/jaxen/pull/468";>jaxen-xpath/jaxen#468</a></li> <li>Bump org.apache.maven.plugins:maven-jar-plugin from 3.3.0 to 3.5.0 by <a href="https://github.com/dependabot";><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/jaxen-xpath/jaxen/pull/469";>jaxen-xpath/jaxen#469</a></li> <li>Bump org.apache.maven.plugins:maven-surefire-report-plugin from 3.5.1 to 3.5.5 by <a href="https://github.com/dependabot";><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/jaxen-xpath/jaxen/pull/466";>jaxen-xpath/jaxen#466</a></li> <li>Bump com.github.siom79.japicmp:japicmp-maven-plugin from 0.23.1 to 0.26.0 by <a href="https://github.com/dependabot";><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/jaxen-xpath/jaxen/pull/465";>jaxen-xpath/jaxen#465</a></li> <li>Characterization tests for the pattern package by <a href="https://github.com/elharo";><code>@elharo</code></a> in <a href="https://redirect.github.com/jaxen-xpath/jaxen/pull/470";>jaxen-xpath/jaxen#470</a></li> <li>Revise Jaxen 2.0.4 change history details by <a href="https://github.com/elharo";><code>@elharo</code></a> in <a href="https://redirect.github.com/jaxen-xpath/jaxen/pull/472";>jaxen-xpath/jaxen#472</a></li> <li>Update release notes for version 2.0.4 by <a href="https://github.com/elharo";><code>@elharo</code></a> in <a href="https://redirect.github.com/jaxen-xpath/jaxen/pull/474";>jaxen-xpath/jaxen#474</a></li> <li>Switch release workflow to PR-based handoff for protected <code>master</code> by <a href="https://github.com/Copilot";><code>@Copilot</code></a> in <a href="https://redirect.github.com/jaxen-xpath/jaxen/pull/476";>jaxen-xpath/jaxen#476</a></li> <li>Update version number to 2.0.4 in index.xml by <a href="https://github.com/elharo";><code>@elharo</code></a> in <a href="https://redirect.github.com/jaxen-xpath/jaxen/pull/477";>jaxen-xpath/jaxen#477</a></li> <li>Update index.xml before release by <a href="https://github.com/elharo";><code>@elharo</code></a> in <a href="https://redirect.github.com/jaxen-xpath/jaxen/pull/478";>jaxen-xpath/jaxen#478</a></li> <li>Release 2.0.4: commit release and prepare 2.1.0-SNAPSHOT by <a href="https://github.com/github-actions";><code>@github-actions</code></a>[bot] in <a href="https://redirect.github.com/jaxen-xpath/jaxen/pull/479";>jaxen-xpath/jaxen#479</a></li> <li>Fix release PR body formatting and add publish-before-merge guidance by <a href="https://github.com/Copilot";><code>@Copilot</code></a> in <a href="https://redirect.github.com/jaxen-xpath/jaxen/pull/481";>jaxen-xpath/jaxen#481</a></li> <li>Eliminate stack overflows from deep left-recursive binary XPath chains by <a href="https://github.com/Copilot";><code>@Copilot</code></a> in <a href="https://redirect.github.com/jaxen-xpath/jaxen/pull/464";>jaxen-xpath/jaxen#464</a></li> <li>Eliminate recursion in getText and toString by <a href="https://github.com/elharo";><code>@elharo</code></a> in <a href="https://redirect.github.com/jaxen-xpath/jaxen/pull/483";>jaxen-xpath/jaxen#483</a></li> <li>Avoid stack overflow in DOM <code>DocumentNavigator#getStringValue</code> for deeply nested documents by <a href="https://github.com/Copilot";><code>@Copilot</code></a> in <a href="https://redirect.github.com/jaxen-xpath/jaxen/pull/485";>jaxen-xpath/jaxen#485</a></li> <li>Make JDOM element string-value traversal iterative to prevent deep-tree stack overflows by <a href="https://github.com/Copilot";><code>@Copilot</code></a> in <a href="https://redirect.github.com/jaxen-xpath/jaxen/pull/487";>jaxen-xpath/jaxen#487</a></li> <li>Prevent stack overflow when DOM attribute iteration skips long <code>xmlns:*</code> runs by <a href="https://github.com/Copilot";><code>@Copilot</code></a> in <a href="https://redirect.github.com/jaxen-xpath/jaxen/pull/490";>jaxen-xpath/jaxen#490</a></li> <li>Catch and wrap StackOverflowError in XPath parse/evaluation entry points by <a href="https://github.com/Copilot";><code>@Copilot</code></a> in <a href="https://redirect.github.com/jaxen-xpath/jaxen/pull/496";>jaxen-xpath/jaxen#496</a></li> <li>Fix unbounded stack recursion in DefaultBinaryExpr.evaluate() across distinct operator types by <a href="https://github.com/Copilot";><code>@Copilot</code></a> in <a href="https://redirect.github.com/jaxen-xpath/jaxen/pull/494";>jaxen-xpath/jaxen#494</a></li> <li>Document changes for Jaxen version 2.0.5 by <a href="https://github.com/elharo";><code>@elharo</code></a> in <a href="https://redirect.github.com/jaxen-xpath/jaxen/pull/498";>jaxen-xpath/jaxen#498</a></li> <li>Cleanup STAR tokens by <a href="https://github.com/elharo";><code>@elharo</code></a> in <a href="https://redirect.github.com/jaxen-xpath/jaxen/pull/499";>jaxen-xpath/jaxen#499</a></li> <li>Fix StackOverflowError on deeply nested XPath predicates by <a href="https://github.com/Copilot";><code>@Copilot</code></a> in <a href="https://redirect.github.com/jaxen-xpath/jaxen/pull/492";>jaxen-xpath/jaxen#492</a></li> <li>Update release version to 2.0.4 in releases.xml by <a href="https://github.com/elharo";><code>@elharo</code></a> in <a href="https://redirect.github.com/jaxen-xpath/jaxen/pull/497";>jaxen-xpath/jaxen#497</a></li> <li>ignore aider by <a href="https://github.com/elharo";><code>@elharo</code></a> in <a href="https://redirect.github.com/jaxen-xpath/jaxen/pull/508";>jaxen-xpath/jaxen#508</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/jaxen-xpath/jaxen/commit/611d5b94eee1e7372069ae23e4d66f2e71e2813b";><code>611d5b9</code></a> Release 2.0.5</li> <li><a href="https://github.com/jaxen-xpath/jaxen/commit/942c5e2a98a0ee93ba650853633ad22c3aa86e0b";><code>942c5e2</code></a> Bump com.github.siom79.japicmp:japicmp-maven-plugin (<a href="https://redirect.github.com/jaxen-xpath/jaxen/issues/511";>#511</a>)</li> <li><a href="https://github.com/jaxen-xpath/jaxen/commit/91b2e4c5dec47651e0545f5b44ea782b5c07f42c";><code>91b2e4c</code></a> Bump org.apache.maven.plugins:maven-source-plugin from 3.3.1 to 3.4.0 (<a href="https://redirect.github.com/jaxen-xpath/jaxen/issues/509";>#509</a>)</li> <li><a href="https://github.com/jaxen-xpath/jaxen/commit/c2fb854c491eb6b7af9e55c40c8d53f884dc5449";><code>c2fb854</code></a> Bump org.apache.maven.plugins:maven-surefire-plugin from 3.5.1 to 3.5.6 (<a href="https://redirect.github.com/jaxen-xpath/jaxen/issues/510";>#510</a>)</li> <li><a href="https://github.com/jaxen-xpath/jaxen/commit/e0d1bbc47920aad654248b98e3fc9a2836edafd7";><code>e0d1bbc</code></a> Bump org.apache.maven.plugins:maven-enforcer-plugin from 3.6.2 to 3.6.3 (<a href="https://redirect.github.com/jaxen-xpath/jaxen/issues/512";>#512</a>)</li> <li><a href="https://github.com/jaxen-xpath/jaxen/commit/23ceed81e9385beb806210a5f0536ae098712025";><code>23ceed8</code></a> Handle <code>lang()</code> on empty/null context node with explicit `FunctionCallExcepti...</li> <li><a href="https://github.com/jaxen-xpath/jaxen/commit/980aa9d8b4c15c5fe604081a4df4da1d5e00f413";><code>980aa9d</code></a> more ignore (<a href="https://redirect.github.com/jaxen-xpath/jaxen/issues/508";>#508</a>)</li> <li><a href="https://github.com/jaxen-xpath/jaxen/commit/43b9cc0fbcff54db846fb4feb9767ebe22e86f3c";><code>43b9cc0</code></a> Update release version to 2.0.4 in releases.xml (<a href="https://redirect.github.com/jaxen-xpath/jaxen/issues/497";>#497</a>)</li> <li><a href="https://github.com/jaxen-xpath/jaxen/commit/c1bec05823a28a150854281dc156b6d16dee9483";><code>c1bec05</code></a> Fix StackOverflowError on deeply nested XPath predicates (<a href="https://redirect.github.com/jaxen-xpath/jaxen/issues/492";>#492</a>)</li> <li><a href="https://github.com/jaxen-xpath/jaxen/commit/ad22a0468f6bd5c277acf3bc4f24e79fc999b0c6";><code>ad22a04</code></a> Cleanup STAR tokens (<a href="https://redirect.github.com/jaxen-xpath/jaxen/issues/499";>#499</a>)</li> <li>Additional commits viewable in <a href="https://github.com/jaxen-xpath/jaxen/compare/v2.0.4...v2.0.5";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
