Bump jsoup from 1.7.3 to 1.14.2 #6

dependabot · 2021-08-23T21:11:10Z

Bumps jsoup from 1.7.3 to 1.14.2.

Release notes

jsoup 1.14.2

Caught by the fuzz! jsoup 1.14.2 is out now, and includes a set of parser bug fixes and improvements for handling rough HTML and XML, as identified by the Jazzer JVM fuzzer. This release also includes other fixes and improvements.

See the release announcement for the full changelog.

jsoup 1.14.1

jsoup 1.14.1 is out now, with simple request session management, increased parse robustness, and a ton of other improvements, speed-ups, and bug fixes.

See the full announcement for all the details on what's changed.

jsoup 1.13.1

See the release notes.
<dependency>
  
  <groupId>org.jsoup</groupId>
  <artifactId>jsoup</artifactId>
  <version>1.13.1</version>
</dependency>
jsoup-1.12.2

No release notes provided.

Changelog

Sourced from jsoup's changelog.

jsoup changelog

*** Release 1.14.2 [PENDING]

Improvement: support Pattern.quote \Q and \E escapes in the selector regex matchers. jhy/jsoup#1536

Improvement: Element.absUrl() now supports tel: URLs, and other URLs that are already absolute but that Java does not have input stream handlers for. jhy/jsoup#1610

Bugfix: when serializing output, escape characters that are in the < 0x20 range. This improves XML output compatibility, and makes HTML output with these characters easier to read (as they're otherwise invisible). jhy/jsoup#1556

Bugfix: the *|el wildcard namespace selector now also matches elements with no namespace. jhy/jsoup#1565

Bugfix: corrected a potential case of the parser input stream not being closed immediately on a read exception.

Bugfix: when making a HTTP POST, if the request write fails, make sure the connection is immediately cleaned up.

Bugfix: in the XML parser, XML processing instructions without attributes would be serialized as if they did. jhy/jsoup#770

Bugfix: updated the HtmlTreeParser resetInsertionMode to the current spec for supported elements. jhy/jsoup#1491

Bugfix: fixed an NPE when parsing fragment HTML into a standalone table element. jhy/jsoup#1603

Bugfix: fixed an NPE when parsing fragment heading HTML into a standalone p element. jhy/jsoup#1601

Bugfix: fixed an IOOB when parsing a formatting fragment into a standalone p element. jhy/jsoup#1602

Bugfix: tag names must start with an ascii-alpha character. jhy/jsoup#1006

Bugfix [Fuzz]: fixed a slow parse when a tag or an attribute name has thousands of null characters in it. jhy/jsoup#1580

Bugfix [Fuzz]: the adoption agency algorithm can have an incorrect bookmark position jhy/jsoup#1576

Bugfix [Fuzz]: malformed HTML could result in null elements on stack jhy/jsoup#1579

Bugfix [Fuzz]: malformed deeply nested table elements could create a stack overflow. jhy/jsoup#1577

... (truncated)

Commits

19c7732 [maven-release-plugin] prepare release jsoup-1.14.2
acde180 Compress harder
530c5b0 Refactored fuzz tests to iterate all files in directory; run timeout tests
d2c455c Speed improvement: cap number of cloned active formatting elements
0dcb53a Correctly consume to exit state
42da864 In bogusComment, make sure unconsume not called after a potential buffer up
eba3e39 Fix an IOOB when HTML root cleared and then attributes added
9d538e6 Annotate some nullables
a909600 Comment on URL normalization
6b3ec64 Removed unused import
Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
@dependabot use these labels will set the current labels as the default for future PRs for this repo and language
@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

> **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

Bumps [jsoup](https://github.com/jhy/jsoup) from 1.7.3 to 1.14.2. - [Release notes](https://github.com/jhy/jsoup/releases) - [Changelog](https://github.com/jhy/jsoup/blob/master/CHANGES) - [Commits](jhy/jsoup@jsoup-1.7.3...jsoup-1.14.2) --- updated-dependencies: - dependency-name: org.jsoup:jsoup dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot · 2022-07-06T15:35:11Z