dependabot[bot] opened a new pull request, #21076: URL: https://github.com/apache/camel/pull/21076
Bumps [com.cedarsoftware:java-util](https://github.com/jdereg/java-util) from 4.87.0 to 4.88.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/jdereg/java-util/blob/master/changelog.md";>com.cedarsoftware:java-util's changelog</a>.</em></p> <blockquote> <h4>4.88.0 - 2026-01-26</h4> <ul> <li><strong>BUG FIX</strong>: <code>FastReader</code> - Added bounds validation in <code>read(char[], int, int)</code> method <ul> <li>Now throws <code>IndexOutOfBoundsException</code> for invalid offset, length, or buffer overflow</li> <li>Matches standard <code>Reader</code> contract and <code>FastWriter</code> behavior</li> </ul> </li> <li><strong>BUG FIX</strong>: <code>FastWriter</code> - Fixed NPE in <code>flush()</code> after <code>close()</code> <ul> <li><code>flush()</code> now returns safely when called after <code>close()</code> instead of throwing <code>NullPointerException</code></li> <li>Matches <code>close()</code> behavior which already handles this case</li> </ul> </li> <li><strong>BUG FIX</strong>: <code>FastWriter</code> - Added bounds validation in <code>write(String, int, int)</code> method <ul> <li>Now throws <code>IndexOutOfBoundsException</code> for invalid offset/length parameters</li> <li>Matches validation in <code>write(char[], int, int)</code> method</li> </ul> </li> <li><strong>PERFORMANCE</strong>: <code>FastWriter</code> - Improved buffer utilization in <code>write(int c)</code> method <ul> <li>Now uses full buffer capacity before flushing (was wasting one slot)</li> <li>Buffer is flushed immediately when full to maintain invariants for other write methods</li> </ul> </li> <li><strong>PERFORMANCE</strong>: <code>FastWriter</code> - Made class <code>final</code> for JVM optimizations <ul> <li>Enables JIT compiler to inline method calls, matching <code>FastReader</code> which is already final</li> </ul> </li> <li><strong>BUG FIX</strong>: <code>FastByteArrayOutputStream</code> - Fixed critical integer overflow in <code>grow()</code> method</li> <li><strong>NEW</strong>: <code>FastByteArrayInputStream</code> - Added JDK 9+ compatible methods <ul> <li><code>readAllBytes()</code> - Efficient single-copy implementation (auto-overrides on JDK 9+)</li> <li><code>readNBytes(int len)</code> - Efficient partial read (auto-overrides on JDK 11+)</li> <li><code>transferTo(OutputStream)</code> - Single write operation to output (auto-overrides on JDK 9+)</li> <li>All methods work on JDK 8 as regular methods and automatically become overrides on newer JDKs</li> </ul> </li> <li><strong>NEW</strong>: <code>FastByteArrayOutputStream</code> - Added zero-copy buffer access methods <ul> <li><code>getInternalBuffer()</code> - Direct access to internal buffer without copying</li> <li><code>getCount()</code> - Returns valid byte count for use with <code>getInternalBuffer()</code></li> <li><code>toInputStream()</code> - Creates <code>FastByteArrayInputStream</code> from current data</li> </ul> </li> <li><strong>NEW</strong>: <code>FastByteArrayOutputStream</code> - Added <code>toString(Charset)</code> method <ul> <li>Allows explicit charset specification instead of platform default encoding</li> </ul> </li> <li><strong>CLEANUP</strong>: <code>FastByteArrayInputStream</code> - Added missing <code>@Override</code> on <code>read()</code> method</li> <li><strong>CLEANUP</strong>: <code>FastByteArrayInputStream</code> - Added explicit <code>(int)</code> cast in <code>skip()</code> method <ul> <li>Makes the safe long-to-int conversion explicit with explanatory comment</li> </ul> </li> <li><strong>CLEANUP</strong>: <code>FastByteArrayOutputStream</code> - Fixed Javadoc typo ("theoerical" → "theoretical")</li> <li><strong>PERFORMANCE</strong>: <code>FastByteArrayOutputStream</code> - Added early return optimization</li> <li><code>write(byte[], int, int)</code> now returns immediately when <code>len == 0</code></li> <li>Skips unnecessary bounds checks and capacity operations for zero-length writes</li> <li>Previous 2x growth (<code>oldCapacity << 1</code>) overflowed for buffers > 1GB causing <code>NegativeArraySizeException</code></li> <li>Changed to 1.5x growth strategy (<code>oldCapacity + (oldCapacity >> 1)</code>) to reduce overflow risk</li> <li>Added <code>MAX_ARRAY_SIZE</code> constant (<code>Integer.MAX_VALUE - 8</code>) following JDK best practices</li> <li>Added <code>hugeCapacity()</code> method for safe handling of very large allocations</li> <li><strong>BUG FIX</strong>: <code>FastByteArrayOutputStream</code> - Fixed inconsistent null exception type <ul> <li><code>write(byte[], int, int)</code> now throws <code>NullPointerException</code> for null array (was <code>IndexOutOfBoundsException</code>)</li> <li>Matches JDK convention and <code>FastByteArrayInputStream</code> behavior</li> </ul> </li> <li><strong>BUG FIX</strong>: <code>FastByteArrayInputStream</code> - Added null validation in constructor <ul> <li>Constructor now throws <code>NullPointerException</code> with descriptive message for null input</li> <li>Previously threw <code>NullPointerException</code> on <code>buf.length</code> access with no message</li> </ul> </li> <li><strong>BUG FIX</strong>: <code>StringUtilities</code> - Fixed <code>commaSeparatedStringToSet()</code> return type inconsistency <ul> <li>Changed from <code>Collectors.toSet()</code> to <code>Collectors.toCollection(LinkedHashSet::new)</code></li> <li>Now consistently returns <code>LinkedHashSet</code> as documented, maintaining insertion order</li> </ul> </li> <li><strong>BUG FIX</strong>: <code>StringUtilities</code> - Fixed integer overflow in <code>repeat()</code> method <ul> <li>Moved overflow check outside security block so it always runs</li> <li>Prevents <code>StringBuilder</code> from being created with negative capacity when <code>s.length() * count</code> overflows</li> </ul> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/jdereg/java-util/commit/56d56cdf6ed74e2e3c797acd65fefbdf26454a00";><code>56d56cd</code></a> Fix/Performance: Comprehensive improvements to Fast I/O, String, Reflection, ...</li> <li><a href="https://github.com/jdereg/java-util/commit/97da6d271e4e4063f40b9844d7e330bb10616c3b";><code>97da6d2</code></a> Fix/Performance: Comprehensive EncryptionUtilities improvements</li> <li><a href="https://github.com/jdereg/java-util/commit/149ddbf646e355388a30a1db623e4343ecedaeac";><code>149ddbf</code></a> Fix/Performance: Comprehensive ConcurrentList improvements</li> <li><a href="https://github.com/jdereg/java-util/commit/ca06a9b7917b6b7ba8f91f4f5405945c2a3e967f";><code>ca06a9b</code></a> Performance/Security: Improve DateUtilities with multiple optimizations</li> <li><a href="https://github.com/jdereg/java-util/commit/6d45c51bb813aac85796a43b2834aaed5479509f";><code>6d45c51</code></a> Cleanup: Remove dead code and unnecessary synchronization in ClassUtilities</li> <li><a href="https://github.com/jdereg/java-util/commit/e626a1823e2b46ef0f08f6766e4dd51c5cf9c5f3";><code>e626a18</code></a> Build: Update CI to use JDK 17</li> <li>See full diff in <a href="https://github.com/jdereg/java-util/compare/4.87.0...4.88.0";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
