Bump classgraph from 4.8.87 to 4.8.141

[dependabot]

Bumps classgraph from 4.8.87 to 4.8.141.

Release notes

Sourced from classgraph's releases.

classgraph-4.8.141

• Fixed handling of URLs like jar:file:jarname.jar!/ (these were being skipped -- #625, thanks to @​edeso for reporting this.)
• Improved logging of FileNotFoundException for missing jars.

classgraph-4.8.140

Fixes #651 (NPE in JBossClassLoaderHandler) via #652 -- thanks to @​arthware for the fix!

classgraph-4.8.139

Bugfixes:

• Fix to work with newer Quarkus classloader (#641, thanks to @​michael-simons for the fix in #642!).
• If an override classloader is an AppClassLoader, also scan the traditional classpath (#639, thanks to @​limbic-derek for the report).
• Fix for parsing error if Kotlin function names contain parentheses (#645). Also fixes a potential stack overflow in this case.

New feature:

• Added support for getting the exceptions thrown by a method (#633, thank you to @​jkschneider for submitting the complete implementation of this feature, in #637!)

classgraph-4.8.138

• Added two methods (thanks to @​FranGomezVenegas for requesting these, #608):

  • FieldInfoList ClassInfo#getEnumConstants(): returns all the enum constants of an enum class as FieldInfo objects (without loading the enum class).
  • List<Object> ClassInfo#getEnumConstantObjects(): returns all the enum constants of an enum class as objects of the same type as the enum (after loading the enum class and initializing enum constants).

• Mitigate log4j2 vulnerability CVE-2021-44228: ClassGraph does not use log4j2, but does use the built-in Java logging framework, which may be redirected to the log4j2 framework by the calling environment. To be safe, ClassGraph now builds in a protection against this critical vulnerability.

classgraph-4.8.137

Fix illegal access warning on Adopt JDK for most usage (#605, thanks to @​UlrichLohrmann for the report)

classgraph-4.8.136

Contribution by @​tkrautinger (#604):

• ClassInfo: Added isPrivate(), isProtected()
• MethodInfo: Added isPrivate(), isProtected(), isAbstract(), isStrict()
• FieldInfo: Added isPrivate(), isProtected(), isSynthetic(), isEnum()

classgraph-4.8.135

• Fixed issue with resources remaining marked as open after close() was called on an InputStream opened on a module resource (#600 and #602, thanks to @​chrisr3)
• Added Resource#readCloseable() that returns a CloseableByteBuffer that calls Resource#close() when CloseableByteBuffer#close() is called. (#600)

classgraph-4.8.134

Fixes a resource leak (ClassfileReader#close() wasn't closing the underlying resource). Thanks to @​chrisr3 for isolating the problem, and for providing a pull request complete with unit test! (#600)

classgraph-4.8.133

Fix a regression for in the OSGi manifest entries introduced in the previous version, 4.8.132 (#598, thanks to @​Roman-Skripka for the pull request).

classgraph-4.8.132

Fix a regression with OSGi runtime dependencies of ClassGraph (#597, thanks to @​tobias-- for the pull request).

classgraph-4.8.131

Catch unchecked exceptions and errors SecurityException, IllegalArgumentException and IOError in more places when dealing with Path and URI objects, to prevent issues when running with a security manager. Thanks to @​elkman for the pull request. (#594).

... (truncated)

Commits

• 0d0fb66 [maven-release-plugin] prepare release classgraph-4.8.141
• 9ea553a Make URL handling more robust (#625)
• ba7c375 Update README.md
• 6f507c2 Update README.md
• 53b4434 Update README.md
• 151aa07 Update README.md
• fd8b7cf [maven-release-plugin] prepare for next development iteration
• 052270d [maven-release-plugin] prepare release classgraph-4.8.140
• 44cb42e Merge pull request #652 from actico/bugfix/Author parser has problem with latex symbols JabRef/jabref#651-fix-npe
• 7afa63b #651 fixes NPE in JbossClassLoaderHandler
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

The following labels could not be found: type: dependencies.

[dependabot]

Superseded by #153.