Skip to content

Bump classgraph from 4.8.47 to 4.8.62 #47

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dependabot-preview wants to merge 1 commit into from
Closed

Bump classgraph from 4.8.47 to 4.8.62 #47

dependabot-preview wants to merge 1 commit into from

Conversation

@dependabot-preview
Copy link
Contributor

@dependabot-preview dependabot-preview bot commented Feb 10, 2020

Bumps classgraph from 4.8.47 to 4.8.62.

Release notes

Sourced from classgraph's releases.

classgraph-4.8.62

Numerous robustness and correctness fixes for classloading via ClassInfo or ScanResult objects:

  • Classloader delegation order now respects classpath and classloader override settings configured before starting the scan.
  • If you load a class within a ScanResult try-with-resources block (i.e. before the ScanResult is closed), e.g. using ClassInfo#loadClass(), but then after the ScanResult is closed you access a field that has a type that has not yet been loaded, ClassGraph's own classloader used to throw an exception saying that the ScanResult was closed (#399, thanks to @CDPrete for reporting). This has now been mitigated to first attempt to load classes directly from classpath URLs, without accessing the ScanResult, and only as a last resort try loading the classfile through ScanResult#getResourcesWithPath().
    • This will now only fail in some obscure cases, e.g. when a classpath element used an http:// or https:// URI (so was downloaded to a temporary file, which is removed when ScanResult#close() is called), or when a classpath element was a nested jar that was included in an outer jar using deflate, rather than directly stored, and the inner jar is large (so the inner jar has to be extracted to a temporary file, rather than accessed directly using file slicing, or deflated to a temporary buffer in RAM).

classgraph-4.8.61

Made it possible to call getClasspath() before scan() on a single ClassGraph instance (#398, thanks to @CDPrete for reporting).

classgraph-4.8.60

Fixed an issue with classloading with the RestartClassLoader in Spring Boot (#396). Thanks to @michael-simons for the report and reproducer project.

classgraph-4.8.59

Respect the Tomcat classloader delegation order (#391, thanks to @fluxroot for the pull request).

classgraph-4.8.58

A range of small robustness fixes for various error conditions.

classgraph-4.8.57

(Fixes regression that broke scanning on Windows in previous release.)

Adds support for the use of custom URL schemes in classpath elements (#384, thanks to @chrisr3 for the request). Enable this using .enableURLScheme(String scheme) before .scan().

classgraph-4.8.56

Breaks scanning on Windows -- please do not use.

classgraph-4.8.55

Optimization release, based on profiling: jarfile central directory parsing is a bit faster now. (#378)

No major changes in functionality.

classgraph-4.8.54

Fix an issue where if a JPMS classloader (AppClassLoader or PlatformClassLoader) is passed into overrideClassLoaders(), module scanning needs to be manually enabled (since ClassGraph cannot get classpath URLs from those classloaders, so the separate JPMS module scanning code needs to be called instead of the normal classpath scanning code). (#382, thanks to @jamesward for reporting.)

classgraph-4.8.53

  • Exposed raw type descriptor and/or type signature strings for methods, fields and classes (#380):
    • MethodInfo#getTypeDescriptorStr()
    • MethodInfo#getTypeSignatureStr()
    • MethodInfo#getTypeSignatureOrTypeDescriptorStr()
    • FieldInfo#getTypeDescriptorStr()
    • FieldInfo#getTypeSignatureStr()
    • FieldInfo#getTypeSignatureOrTypeDescriptorStr()
    • ClassInfo#getTypeSignatureStr()
  • Removed static final check on fields before scanning for constant initializer values, to allow constant initializers to be read for non-static / non-final fields in Kotlin. (Java does not generate these, and technically Kotlin should not either, but one user relies on this in their Kotlin API -- #379.)

Thanks to @rankinc for both these feature requests!

classgraph-4.8.52

Remove the shutdown hook entirely (#376).

... (truncated)
Commits
  • 2df6e01 [maven-release-plugin] prepare release classgraph-4.8.62
  • 5bb8051 Fix getResources() semantics
  • 3284466 Bump version number back down
  • 1cf94eb [maven-release-plugin] prepare for next development iteration
  • 6b55797 [maven-release-plugin] prepare release classgraph-4.8.62
  • 8ef5f2f Make getResource() have the same semantics as findClass() (#399)
  • 435a77c Update comment
  • 4bc97d3 Tweaks to classloading order (#399)
  • 3b8dfe2 Use override classloaders if set, then try classpath URLs (#399)
  • 1ae2bfa Try ScanResult-based classloading only as an absolute last resort (#399)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
  • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

  • Update frequency (including time of day and day of week)
  • Pull request limits (per update run and/or open at any time)
  • Out-of-range updates (receive only lockfile updates, if desired)
  • Security updates (receive only security updates, if desired)

@dependabot-preview
Bump classgraph from 4.8.47 to 4.8.62
dedf8a8 
Bumps [classgraph](https://github.com/classgraph/classgraph) from 4.8.47 to 4.8.62.
- [Release notes](https://github.com/classgraph/classgraph/releases)
- [Commits](classgraph/classgraph@classgraph-4.8.47...classgraph-4.8.62)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
@dependabot-preview dependabot-preview bot added the dependencies Pull requests that update a dependency file label Feb 10, 2020
@dependabot-preview dependabot-preview bot mentioned this pull request Feb 10, 2020
Closed
@dependabot-preview
Copy link
Contributor Author

dependabot-preview bot commented Feb 17, 2020

Superseded by #49.

@dependabot-preview dependabot-preview bot deleted the dependabot/gradle/io.github.classgraph-classgraph-4.8.62 branch February 17, 2020 06:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant