dependabot[bot] opened a new pull request, #3074: URL: https://github.com/apache/causeway/pull/3074
Bumps [org.jsoup:jsoup](https://github.com/jhy/jsoup) from 1.21.1 to 1.21.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/jhy/jsoup/releases";>org.jsoup:jsoup's releases</a>.</em></p> <blockquote> <h2>jsoup 1.21.2</h2> <p><strong>jsoup 1.21.2</strong> is out now, adding support for custom <code>SSLContext</code> in HTTP/2 connections, and improving consistency in how user data is handled in attributes. It also brings performance gains in DOM manipulation and fragment parsing, and fixes several edge cases in stream parsing, traversal, cloning, and concurrent reads.</p> <p><strong>jsoup</strong> is a Java library for working with real-world HTML and XML. It provides a very convenient API for extracting and manipulating data, using the best of HTML5 DOM methods and CSS selectors.</p> <h3>Changes</h3> <ul> <li>Deprecated internal (yet visible) methods <code>Normalizer#normalize(String, bool)</code> and <code>Attribute#shouldCollapseAttribute(Document.OutputSettings)</code>. These will be removed in a future version.</li> <li>Deprecated <code>Connection#sslSocketFactory(SSLSocketFactory)</code> in favor of the new <code>Connection#sslContext(SSLContext)</code>. Using <code>sslSocketFactory</code> will force the use of the legacy <code>HttpUrlConnection</code> implementation, which does not support HTTP/2. <!-- raw HTML omitted --><a href="https://redirect.github.com/jhy/jsoup/pull/2370";>#2370</a><!-- raw HTML omitted --></li> </ul> <h3>Improvements</h3> <ul> <li>When pretty-printing, if there are consecutive text nodes (via DOM manipulation), the non-significant whitespace between them will be collapsed. <!-- raw HTML omitted --><a href="https://redirect.github.com/jhy/jsoup/pull/2349";>#2349</a><!-- raw HTML omitted -->.</li> <li>Updated <code>Connection.Response#statusMessage()</code> to return a simple loggable string message (e.g. "OK") when using the <code>HttpClient</code> implementation, which doesn't otherwise return any server-set status message. <!-- raw HTML omitted --><a href="https://redirect.github.com/jhy/jsoup/issues/2346";>#2356</a><!-- raw HTML omitted --></li> <li><code>Attributes#size()</code> and <code>Attributes#isEmpty()</code> now exclude any internal attributes (such as user data) from their count. This aligns with the attributes' serialized output and iterator. <!-- raw HTML omitted --><a href="https://redirect.github.com/jhy/jsoup/pull/2369";>#2369</a><!-- raw HTML omitted --></li> <li>Added <code>Connection#sslContext(SSLContext)</code> to provide a custom SSL (TLS) context to requests, supporting both the <code>HttpClient</code> and the legacy <code>HttUrlConnection</code> implementations. <!-- raw HTML omitted --><a href="https://redirect.github.com/jhy/jsoup/pull/2370";>#2370</a><!-- raw HTML omitted --></li> <li>Performance optimizations for DOM manipulation methods including when repeatedly removing an element's first child (<code>element.child(0).remove()</code>, and when using <code>Parser#parseBodyFragement()</code> to parse a large number of direct children. <!-- raw HTML omitted --><a href="https://redirect.github.com/jhy/jsoup/pull/2373";>#2373</a><!-- raw HTML omitted -->.</li> </ul> <h3>Bug Fixes</h3> <ul> <li>When parsing from an InputStream and a multibyte character happened to straddle a buffer boundary, the stream would not be completely read. <!-- raw HTML omitted --><a href="https://redirect.github.com/jhy/jsoup/issues/2353";>#2353</a><!-- raw HTML omitted -->.</li> <li>In <code>NodeTraversor</code>, if a last child element was removed during the <code>head()</code> call, the parent would be visited twice. <!-- raw HTML omitted --><a href="https://redirect.github.com/jhy/jsoup/issues/2355";>#2355</a><!-- raw HTML omitted -->.</li> <li>Cloning an Element that has an Attributes object would add an empty internal user-data attribute to that clone, which would cause unexpected results for <code>Attributes#size()</code> and <code>Attributes#isEmpty()</code>. <!-- raw HTML omitted --><a href="https://redirect.github.com/jhy/jsoup/issues/2356";>#2356</a><!-- raw HTML omitted --></li> <li>In a multithreaded application where multiple threads are calling <code>Element#children()</code> on the same element concurrently, a race condition could happen when the method was generating the internal child element cache (a filtered view of its child nodes). Since concurrent reads of DOM objects should be threadsafe without external synchronization, this method has been updated to execute atomically. <!-- raw HTML omitted --><a href="https://redirect.github.com/jhy/jsoup/issues/2366";>#2366</a><!-- raw HTML omitted --></li> <li>Malformed HTML could throw an IndexOutOfBoundsException during the adoption agency. <!-- raw HTML omitted --><a href="https://redirect.github.com/jhy/jsoup/pull/2377";>#2377</a><!-- raw HTML omitted -->.</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/jhy/jsoup/blob/master/CHANGES.md";>org.jsoup:jsoup's changelog</a>.</em></p> <blockquote> <h2>1.21.2 (2025-Aug-25)</h2> <h3>Changes</h3> <ul> <li>Deprecated internal (yet visible) methods <code>Normalizer#normalize(String, bool)</code> and <code>Attribute#shouldCollapseAttribute(Document.OutputSettings)</code>. These will be removed in a future version.</li> <li>Deprecated <code>Connection#sslSocketFactory(SSLSocketFactory)</code> in favor of the new <code>Connection#sslContext(SSLContext)</code>. Using <code>sslSocketFactory</code> will force the use of the legacy <code>HttpUrlConnection</code> implementation, which does not support HTTP/2. <a href="https://redirect.github.com/jhy/jsoup/pull/2370";>#2370</a></li> </ul> <h3>Improvements</h3> <ul> <li>When pretty-printing, if there are consecutive text nodes (via DOM manipulation), the non-significant whitespace between them will be collapsed. <a href="https://redirect.github.com/jhy/jsoup/pull/2349";>#2349</a>.</li> <li>Updated <code>Connection.Response#statusMessage()</code> to return a simple loggable string message (e.g. "OK") when using the <code>HttpClient</code> implementation, which doesn't otherwise return any server-set status message. <a href="https://redirect.github.com/jhy/jsoup/issues/2346";>#2356</a></li> <li><code>Attributes#size()</code> and <code>Attributes#isEmpty()</code> now exclude any internal attributes (such as user data) from their count. This aligns with the attributes' serialized output and iterator. <a href="https://redirect.github.com/jhy/jsoup/pull/2369";>#2369</a></li> <li>Added <code>Connection#sslContext(SSLContext)</code> to provide a custom SSL (TLS) context to requests, supporting both the <code>HttpClient</code> and the legacy <code>HttUrlConnection</code> implementations. <a href="https://redirect.github.com/jhy/jsoup/pull/2370";>#2370</a></li> <li>Performance optimizations for DOM manipulation methods including when repeatedly removing an element's first child (<code>element.child(0).remove()</code>, and when using <code>Parser#parseBodyFragement()</code> to parse a large number of direct children. <a href="https://redirect.github.com/jhy/jsoup/pull/2373";>#2373</a>.</li> </ul> <h3>Bug Fixes</h3> <ul> <li>When parsing from an InputStream and a multibyte character happened to straddle a buffer boundary, the stream would not be completely read. <a href="https://redirect.github.com/jhy/jsoup/issues/2353";>#2353</a>.</li> <li>In <code>NodeTraversor</code>, if a last child element was removed during the <code>head()</code> call, the parent would be visited twice. <a href="https://redirect.github.com/jhy/jsoup/issues/2355";>#2355</a>.</li> <li>Cloning an Element that has an Attributes object would add an empty internal user-data attribute to that clone, which would cause unexpected results for <code>Attributes#size()</code> and <code>Attributes#isEmpty()</code>. <a href="https://redirect.github.com/jhy/jsoup/issues/2356";>#2356</a></li> <li>In a multithreaded application where multiple threads are calling <code>Element#children()</code> on the same element concurrently, a race condition could happen when the method was generating the internal child element cache (a filtered view of its child nodes). Since concurrent reads of DOM objects should be threadsafe without external synchronization, this method has been updated to execute atomically. <a href="https://redirect.github.com/jhy/jsoup/issues/2366";>#2366</a></li> <li>Malformed HTML could throw an IndexOutOfBoundsException during the adoption agency. <a href="https://redirect.github.com/jhy/jsoup/pull/2377";>#2377</a>.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/jhy/jsoup/commit/b02837b6c77b94799c055f8fa446fb770bfb49f1";><code>b02837b</code></a> [maven-release-plugin] prepare release jsoup-1.21.2</li> <li><a href="https://github.com/jhy/jsoup/commit/1f0c2070e78b5d171c4e5896930c612c58474608";><code>1f0c207</code></a> v1.21.2 release date</li> <li><a href="https://github.com/jhy/jsoup/commit/b0934637750ed6ddd91bf344842c8c5aad1fb70f";><code>b093463</code></a> Use central-publishing-maven-plugin</li> <li><a href="https://github.com/jhy/jsoup/commit/615b9592ffe8e65b4e461f7727081995931154ce";><code>615b959</code></a> Updating sonatype deploy URLs</li> <li><a href="https://github.com/jhy/jsoup/commit/69617205f80df06acf2adb38fd8a19f3724b6845";><code>6961720</code></a> Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.11.2 to 3.11.3 (<a href="https://redirect.github.com/jhy/jsoup/issues/2386";>#2386</a>)</li> <li><a href="https://github.com/jhy/jsoup/commit/82864b246c0005cc66a50daede3568f930504030";><code>82864b2</code></a> Bump jetty.version from 9.4.57.v20241219 to 9.4.58.v20250814 (<a href="https://redirect.github.com/jhy/jsoup/issues/2385";>#2385</a>)</li> <li><a href="https://github.com/jhy/jsoup/commit/71f963ea3a78746fc2a3ba80b2843254b35c211a";><code>71f963e</code></a> Fix for HTML that breaks the select scope</li> <li><a href="https://github.com/jhy/jsoup/commit/6b20f6e3d158d1ce3147c4e9306d9b485e083bf4";><code>6b20f6e</code></a> Removed effective recursion closing <code>\</select></code></li> <li><a href="https://github.com/jhy/jsoup/commit/eb2957a8b3e8c12649c5b83872a238dd74e68dec";><code>eb2957a</code></a> Bump actions/checkout from 4 to 5 (<a href="https://redirect.github.com/jhy/jsoup/issues/2382";>#2382</a>)</li> <li><a href="https://github.com/jhy/jsoup/commit/3a9a6c7c8a67d51ebbb598495496e28dcd0c18e1";><code>3a9a6c7</code></a> Fix ProxyTest in CI</li> <li>Additional commits viewable in <a href="https://github.com/jhy/jsoup/compare/jsoup-1.21.1...jsoup-1.21.2";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@causeway.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
