dependabot[bot] opened a new pull request, #7254: URL: https://github.com/apache/myfaces-tobago/pull/7254
Bumps [org.jsoup:jsoup](https://github.com/jhy/jsoup) from 1.22.1 to 1.22.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/jhy/jsoup/releases";>org.jsoup:jsoup's releases</a>.</em></p> <blockquote> <h2>jsoup Java HTML Parser release 1.22.2</h2> <p><strong>jsoup 1.22.2</strong> is out now, with fixes and refinements across the library. It makes editing the DOM during traversal more predictable, refreshes the default HTML tag definitions with newer elements and better text boundaries, and improves reliability in parsing and HTTP transport. The release also fixes a number of edge cases in cleaning, stream parsing, XML doctype handling, and Android packaging.</p> <p><strong>jsoup</strong> is a Java library for working with real-world HTML and XML. It provides a very convenient API for extracting and manipulating data, using the best of HTML5 DOM methods and CSS selectors.</p> <p><a href="https://github.com/jhy/jsoup/blob/HEAD/download";><strong>Download</strong></a> jsoup now.</p> <h2>Improvements</h2> <ul> <li>Expanded and clarified <code>NodeTraversor</code> support for in-place DOM rewrites during <code>NodeVisitor.head()</code>. Current-node edits such as <code>remove</code>, <code>replace</code>, and <code>unwrap</code> now recover more predictably, while traversal stays within the original root subtree. This makes single-pass tree cleanup and normalization visitors easier to write, for example when unwrapping presentational elements or replacing text nodes as you walk the DOM. <!-- raw HTML omitted --><a href="https://redirect.github.com/jhy/jsoup/issues/2472";>#2472</a><!-- raw HTML omitted --></li> <li>Documentation: clarified that a configured <code>Cleaner</code> may be reused across concurrent threads, and that shared <code>Safelist</code> instances should not be mutated while in use. <!-- raw HTML omitted --><a href="https://redirect.github.com/jhy/jsoup/issues/2473";>#2473</a><!-- raw HTML omitted --></li> <li>Updated the default HTML <code>TagSet</code> for current HTML elements: added <code>dialog</code>, <code>search</code>, <code>picture</code>, and <code>slot</code>; made <code>ins</code>, <code>del</code>, <code>button</code>, <code>audio</code>, <code>video</code>, and <code>canvas</code> inline by default (<code>Tag#isInline()</code>, aligned to phrasing content in the spec); and added readable <code>Element.text()</code> boundaries for controls and embedded objects via the new <code>Tag.TextBoundary</code> option. This improves pretty-printing and keeps normalized text from running adjacent words together. <!-- raw HTML omitted --><a href="https://redirect.github.com/jhy/jsoup/pull/2493";>#2493</a><!-- raw HTML omitted --></li> </ul> <h2>Bug Fixes</h2> <ul> <li>Android (R8/ProGuard): added a rule to ignore the optional <code>re2j</code> dependency when not present. <!-- raw HTML omitted --><a href="https://redirect.github.com/jhy/jsoup/issues/2459";>#2459</a><!-- raw HTML omitted --></li> <li>Fixed a <code>NodeTraversor</code> regression in 1.21.2 where removing or replacing the current node during <code>head()</code> could revisit the replacement node and loop indefinitely. The traversal docs now also clarify which inserted nodes are visited in the current pass. <!-- raw HTML omitted --><a href="https://redirect.github.com/jhy/jsoup/issues/2472";>#2472</a><!-- raw HTML omitted --></li> <li>Parsing during charset sniffing no longer fails if an advisory <code>available()</code> call throws <code>IOException</code>, as seen on JDK 8 <code>HttpURLConnection</code>. <!-- raw HTML omitted --><a href="https://redirect.github.com/jhy/jsoup/issues/2474";>#2474</a><!-- raw HTML omitted --></li> <li><code>Cleaner</code> no longer makes relative URL attributes in the input document absolute when cleaning or validating a <code>Document</code>. URL normalization now applies only to the cleaned output, and <code>Safelist.isSafeAttribute()</code> is side effect free. <!-- raw HTML omitted --><a href="https://redirect.github.com/jhy/jsoup/issues/2475";>#2475</a><!-- raw HTML omitted --></li> <li><code>Cleaner</code> no longer duplicates enforced attributes when the input <code>Document</code> preserves attribute case. A case-variant source attribute is now replaced by the enforced attribute in the cleaned output. <!-- raw HTML omitted --><a href="https://redirect.github.com/jhy/jsoup/issues/2476";>#2476</a><!-- raw HTML omitted --></li> <li>If a per-request SOCKS proxy is configured, jsoup now avoids using the JDK <code>HttpClient</code>, because the JDK would silently ignore that proxy and attempt to connect directly. Those requests now fall back to the legacy <code>HttpURLConnection</code> transport instead, which does support SOCKS. <!-- raw HTML omitted --><a href="https://redirect.github.com/jhy/jsoup/issues/2468";>#2468</a><!-- raw HTML omitted --></li> <li><code>Connection.Response.streamParser()</code> and <code>DataUtil.streamParser(Path, ...)</code> could fail on small inputs without a declared charset, if the initial 5 KB charset sniff fully consumed the input and closed it before the stream parse began. <!-- raw HTML omitted --><a href="https://redirect.github.com/jhy/jsoup/issues/2483";>#2483</a><!-- raw HTML omitted --></li> <li>In XML mode, doctypes with an internal subset, such as <code><!DOCTYPE root [<!ENTITY name "value">]></code>, now round-trip correctly. The subset is preserved as raw text only; entities are not expanded and external DTDs are not loaded. <!-- raw HTML omitted --><a href="https://redirect.github.com/jhy/jsoup/issues/2486";>#2486</a><!-- raw HTML omitted --></li> </ul> <h2>Build Changes</h2> <ul> <li>Migrated the integration test server from Jetty to Netty, which actively maintains support for our minimum JDK target (8). <!-- raw HTML omitted --><a href="https://redirect.github.com/jhy/jsoup/pull/2491";>#2491</a><!-- raw HTML omitted --></li> </ul> <hr /> <p>My sincere thanks to everyone who contributed to this release! If you have any suggestions for the next release, I would love to hear them; please get in touch via <a href="https://github.com/jhy/jsoup/discussions";>jsoup discussions</a>, or with me <a href="https://jhedley.com/";>directly</a>.</p> <p>You can also <!-- raw HTML omitted -->follow me<!-- raw HTML omitted --> (<!-- raw HTML omitted --><!-- raw HTML omitted -->@<a href="mailto:[email protected]";>[email protected]</a><!-- raw HTML omitted --><!-- raw HTML omitted -->) on Mastodon / Fediverse to receive occasional notes about jsoup releases.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/jhy/jsoup/blob/master/CHANGES.md";>org.jsoup:jsoup's changelog</a>.</em></p> <blockquote> <h2>1.22.2 (2026-Apr-20)</h2> <h3>Improvements</h3> <ul> <li>Expanded and clarified <code>NodeTraversor</code> support for in-place DOM rewrites during <code>NodeVisitor.head()</code>. Current-node edits such as <code>remove</code>, <code>replace</code>, and <code>unwrap</code> now recover more predictably, while traversal stays within the original root subtree. This makes single-pass tree cleanup and normalization visitors easier to write, for example when unwrapping presentational elements or replacing text nodes as you walk the DOM. <a href="https://redirect.github.com/jhy/jsoup/issues/2472";>#2472</a></li> <li>Documentation: clarified that a configured <code>Cleaner</code> may be reused across concurrent threads, and that shared <code>Safelist</code> instances should not be mutated while in use. <a href="https://redirect.github.com/jhy/jsoup/issues/2473";>#2473</a></li> <li>Updated the default HTML <code>TagSet</code> for current HTML elements: added <code>dialog</code>, <code>search</code>, <code>picture</code>, and <code>slot</code>; made <code>ins</code>, <code>del</code>, <code>button</code>, <code>audio</code>, <code>video</code>, and <code>canvas</code> inline by default (<code>Tag#isInline()</code>, aligned to phrasing content in the spec); and added readable <code>Element.text()</code> boundaries for controls and embedded objects via the new <code>Tag.TextBoundary</code> option. This improves pretty-printing and keeps normalized text from running adjacent words together. <a href="https://redirect.github.com/jhy/jsoup/pull/2493";>#2493</a></li> </ul> <h3>Bug Fixes</h3> <ul> <li>Android (R8/ProGuard): added a rule to ignore the optional <code>re2j</code> dependency when not present. <a href="https://redirect.github.com/jhy/jsoup/issues/2459";>#2459</a></li> <li>Fixed a <code>NodeTraversor</code> regression in 1.21.2 where removing or replacing the current node during <code>head()</code> could revisit the replacement node and loop indefinitely. The traversal docs now also clarify which inserted nodes are visited in the current pass. <a href="https://redirect.github.com/jhy/jsoup/issues/2472";>#2472</a></li> <li>Parsing during charset sniffing no longer fails if an advisory <code>available()</code> call throws <code>IOException</code>, as seen on JDK 8 <code>HttpURLConnection</code>. <a href="https://redirect.github.com/jhy/jsoup/issues/2474";>#2474</a></li> <li><code>Cleaner</code> no longer makes relative URL attributes in the input document absolute when cleaning or validating a <code>Document</code>. URL normalization now applies only to the cleaned output, and <code>Safelist.isSafeAttribute()</code> is side effect free. <a href="https://redirect.github.com/jhy/jsoup/issues/2475";>#2475</a></li> <li><code>Cleaner</code> no longer duplicates enforced attributes when the input <code>Document</code> preserves attribute case. A case-variant source attribute is now replaced by the enforced attribute in the cleaned output. <a href="https://redirect.github.com/jhy/jsoup/issues/2476";>#2476</a></li> <li>If a per-request SOCKS proxy is configured, jsoup now avoids using the JDK <code>HttpClient</code>, because the JDK would silently ignore that proxy and attempt to connect directly. Those requests now fall back to the legacy <code>HttpURLConnection</code> transport instead, which does support SOCKS. <a href="https://redirect.github.com/jhy/jsoup/issues/2468";>#2468</a></li> <li><code>Connection.Response.streamParser()</code> and <code>DataUtil.streamParser(Path, ...)</code> could fail on small inputs without a declared charset, if the initial 5 KB charset sniff fully consumed the input and closed it before the stream parse began. <a href="https://redirect.github.com/jhy/jsoup/issues/2483";>#2483</a></li> <li>In XML mode, doctypes with an internal subset, such as <code><!DOCTYPE root [<!ENTITY name "value">]></code>, now round-trip correctly. The subset is preserved as raw text only; entities are not expanded and external DTDs are not loaded. <a href="https://redirect.github.com/jhy/jsoup/issues/2486";>#2486</a></li> </ul> <h3>Build Changes</h3> <ul> <li>Migrated the integration test server from Jetty to Netty, which actively maintains support for our minimum JDK target (8). <a href="https://redirect.github.com/jhy/jsoup/pull/2491";>#2491</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/jhy/jsoup/commit/ac28afe6e5bf96d39fd17c3e0a797a7585e1958c";><code>ac28afe</code></a> [maven-release-plugin] prepare release jsoup-1.22.2</li> <li><a href="https://github.com/jhy/jsoup/commit/52f2cd3ea2004b9be0e0a09021bac7ce2daf8ae4";><code>52f2cd3</code></a> Improve entity example in changelog</li> <li><a href="https://github.com/jhy/jsoup/commit/cf6ffe08616f8633ee6113b91f9d6a07acef38c6";><code>cf6ffe0</code></a> Add Tag#TextBoundary option; bring TagSet to spec (<a href="https://redirect.github.com/jhy/jsoup/issues/2493";>#2493</a>)</li> <li><a href="https://github.com/jhy/jsoup/commit/2be739c1c659a1592c402a5441f8be6f7881280c";><code>2be739c</code></a> Bump github/codeql-action from 4 to 4.35.1 (<a href="https://redirect.github.com/jhy/jsoup/issues/2492";>#2492</a>)</li> <li><a href="https://github.com/jhy/jsoup/commit/45de7cbc215eb3f1189d23eaf57acf6f7b1a5edf";><code>45de7cb</code></a> Migrate integration test server from Jetty to Netty (<a href="https://redirect.github.com/jhy/jsoup/issues/2491";>#2491</a>)</li> <li><a href="https://github.com/jhy/jsoup/commit/1df14edbfc327a1ef309142ef5e8ed68324de320";><code>1df14ed</code></a> Preserve XML doctype internal subset</li> <li><a href="https://github.com/jhy/jsoup/commit/06fa52d15a22003b67dfdb3f8220cc025d493a43";><code>06fa52d</code></a> Adding Contribution Guide</li> <li><a href="https://github.com/jhy/jsoup/commit/d4a8941820c037327538c30a8723ec715b67b6f6";><code>d4a8941</code></a> Simplify the test; doesn't need the buffer</li> <li><a href="https://github.com/jhy/jsoup/commit/823709f519995492d9a092fe315af389616e58f8";><code>823709f</code></a> Don't reuse a fully read sniffed doc for StreamParser</li> <li><a href="https://github.com/jhy/jsoup/commit/e1b0df5fec53710214cd700de38d82e1ca92bd79";><code>e1b0df5</code></a> NodeFilter javadoc tweak</li> <li>Additional commits viewable in <a href="https://github.com/jhy/jsoup/compare/jsoup-1.22.1...jsoup-1.22.2";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
