Bump classgraph from 4.8.47 to 4.8.58

[dependabot-preview]

Bumps classgraph from 4.8.47 to 4.8.58.

Release notes

Sourced from classgraph's releases.

classgraph-4.8.58

A range of small robustness fixes for various error conditions.

classgraph-4.8.57

(Fixes regression that broke scanning on Windows in previous release.)

Adds support for the use of custom URL schemes in classpath elements (#384, thanks to @​chrisr3 for reporting). Enable this using .enableURLScheme(String scheme) before .scan().

classgraph-4.8.56

Breaks scanning on Windows -- please do not use.

classgraph-4.8.55

Optimization release, based on profiling: jarfile central directory parsing is a bit faster now. (#378)

No major changes in functionality.

classgraph-4.8.54

Fix an issue where if a JPMS classloader (AppClassLoader or PlatformClassLoader) is passed into overrideClassLoaders(), module scanning needs to be manually enabled (since ClassGraph cannot get classpath URLs from those classloaders, so the separate JPMS module scanning code needs to be called instead of the normal classpath scanning code). (#382, thanks to @​jamesward for reporting.)

classgraph-4.8.53

• Exposed raw type descriptor and/or type signature strings for methods, fields and classes (#380):
  • MethodInfo#getTypeDescriptorStr()
  • MethodInfo#getTypeSignatureStr()
  • MethodInfo#getTypeSignatureOrTypeDescriptorStr()
  • FieldInfo#getTypeDescriptorStr()
  • FieldInfo#getTypeSignatureStr()
  • FieldInfo#getTypeSignatureOrTypeDescriptorStr()
  • ClassInfo#getTypeSignatureStr()
• Removed static final check on fields before scanning for constant initializer values, to allow constant initializers to be read for non-static / non-final fields in Kotlin. (Java does not generate these, and technically Kotlin should not either, but one user relies on this in their Kotlin API -- #379.)

Thanks to @​rankinc for both these feature requests!

classgraph-4.8.52

Remove the shutdown hook entirely (#376).

A shutdown hook has been in place for numerous releases, and its purpose was to call ScanResult#close() on any open ScanResult instances before JVM shutdown, in order to free up resources (delete any temporary files that had to be created to extract deflated nested jars; unmap mapped byte buffers; close open modules; close open files; free up allocated memory; etc.). However the JVM's own shutdown processes should take care of all of these steps, including the removal of any temporary files that are created, as they are marked for deletion on JVM shutdown. More importantly, ScanResult implements Autocloseable, and the ClassGraph documentation strongly recommends assigning ScanResult in a try-with-resources block so that each ScanResult is properly closed, so the shutdown hook was always just a fallback.

If you want to close all open (unclosed) ScanResult instances at once, you can call the new static method ScanResult.closeAll(). You might want to do this on container unload/destroy, in a containerized runtime.

ClassGraph automatically registers lifecycle listeners for servlet containers and Spring applications that call ScanResult.closeAll(), to ensure that resources are properly freed when containers are destroyed or unloaded.

Note that if you call ScanResult.closeAll(), you need to ensure that the lifecycle of the classloader matches the lifecycle of your application, or that two concurrent applications don't share the same classloader, otherwise one application might close another application's ScanResult instances while they are still in use.

classgraph-4.8.51

In servlet containers and Spring applications, rather than adding a shutdown hook to close any unclosed ScanResult objects (to prevent resource leaks), instead add an event listener that closes unclosed ScanResult objects when the container is being torn down. This prevents a leak of the container's classloader (#376, thanks to @​vimil for reporting).

Please report any regressions with servlet containers or Spring.

classgraph-4.8.50

No new functionality; only fixes static analysis warnings (switched on Eclipse JDT's nullability analysis warnings; fixed all warnings).

... (truncated)

Commits

• 7e66fba [maven-release-plugin] prepare release classgraph-4.8.58
• c61edcc Numerous robustness fixes
• c6bc239 Update error message
• 2e81990 Refactoring
• c3c0cf7 Make method private
• 86a2ff4 Remove "package" again (only one target supported?)
• 9de9e5f Add "package" target
• 734a252 Try enabling unit tests in CI
• 82e5901 Try manually enabling tests
• e2632bd Fix syntax
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

[dependabot-preview]

Superseded by #40.