Bump classgraph from 4.8.60 to 4.8.104

[dependabot-preview]

Bumps classgraph from 4.8.60 to 4.8.104.

Release notes

Sourced from classgraph's releases.

classgraph-4.8.104

Improved verbose logging to include types of methods and fields.

Added a couple of missing methods to ClassInfoList for GraphViz visualization of inter-class dependency graphs.

classgraph-4.8.103

Fixed issue with duplication of automatic package roots (e.g. myjar.jar!/BOOT-INF/classes/BOOT-INF/classes/path/to/resource). (#505, thanks to @michael-simons for the bug report and reproducer code.)

Also fixed an issue where closing the InputStream returned by Resource#open() wasn't marking the Resource as closed (which meant the resource couldn't be opened a second time).

classgraph-4.8.102

Further improvements in robustness to invalid type signatures that may be generated by the Scala compiler. (#495, thanks to @jbracker.)

classgraph-4.8.101

Made type signature parsing more robust to errors -- the Scala compiler can generate illegal type signatures. (#495, thanks to @jbracker for the report.)

classgraph-4.8.99

• Fixed parsing of type parameters and type variables in Scala (these can contain a $ character in Scala, but you don't see that in Java). (#495, thanks to @jbracker for the report and for submitting a minimal testcase.)
• Fixed a couple of possible exceptions that could be thrown when parsing type annotations for type descriptors.

classgraph-4.8.98

Fix NPE in hashCode() and equals() methods of TypeArgument (#491, thanks to @Tagakov for the fix!).

classgraph-4.8.97

Small adjustment to previous release -- remove ClassTypeSignature#getTypeAnnotationInfo() and MethodTypeSignature#getTypeAnnotationInfo() (but leave TypeSignature#getTypeAnnotationInfo() in place), since classes and methods never have type annotations -- any type annotations are attached to their type signature components (e.g. the return type of a method or the type parameters of a generic class).

classgraph-4.8.96

• Added support for type annotations (#402), e.g. Outer.Middle<@A Foo.@B Bar>.Inner<@D String @C []> field (#402, thanks to @jbrower for the feature request). This is a major new capability, which was complicated to implement -- please report any issues you find with this.
  • To read type annotations for FieldInfo, MethodInfo or ClassInfo, call .getTypeSignatureOrTypeDescriptor() to get a TypeSignature object, then call getTypeAnnotationInfo() on the TypeSignature or one of its components to get an AnnotationInfoList of any type annotations on the type.
• Made several changes to the behavior of toString() methods. (Do not depend upon toString() output never changing.)
  • Class name nesting separators for inner classes are now '.' rather than '$', i.e. Java program syntax x.y.z.X.Y.Z is used, rather than filename syntax x.y.z.X$Y$Z. Using a dot makes more sense with type annotations: x.y.z.X.@A Y.@B Z. (There is an exception to this for anonymous inner classes, e.g. x.y.z.X$1.)
  • ClassInfo#toString now prefixes classes with any class annotations that are present.
• Most objects now have a toStringWithSimpleNames() variant of toString() that renders the object to a string using the simple name of any classes rather than the fully-qualified name (i.e. excluding package prefixes and outer classes).

classgraph-4.8.95

• Expose package-private method MethodTypeSignature#getTypeParameters for getting method type parameters, e.g. T in void <T> doSomething() (#490, thanks to @lastrix for the request)

classgraph-4.8.94

• Make ClassInfo#extendsSuperclass("java.lang.Object") return true for all standard classes (i.e. for all classes except interface or annotation classes). (#486, thanks to @wheelerlaw for the bug report.)
• Make ClassInfo#getSubclasses(), where the ClassInfo object represents java.lang.Object, return all standard classes, rather than all classes. This is a change in behavior, but should represent the user's intent, since interfaces do not actually extend Object.

classgraph-4.8.93

A few changes to classloading:

1. If .overrideClassLoaders(...) or .overrideClasspath(...) is called before .scan(), then only the overrides are used (ClassGraph will not fall back to trying any other known classloaders). This might break things for some users, but it matches the expectation that should have been conveyed by the API.
2. If you run a scan inside a scan, and you call .overrideClassLoaders(MyClass.class.getClassLoader()), where MyClass was itself loaded by ClassGraph in the outer scan, using scanResult.getClassInfo("mypackage.MyClass").loadClass(), then the override classloader is actually an instance of ClassGraphClassLoader. This was not supported before, but it supported now as of this release. If you use this, then any classloading in the inner scan will first try loading classes with the ClassGraphClassLoader instance from the outer scan, and if that fails, then the inner scan's ClassGraphClassLoader will be tried. This is to allow for classes to be compatible between the outer scan and the inner scan, in cases where both scans find the same classes. (Classes that are identical but were loaded by different classloaders are not seen by the JRE as being the same class.) (#485, thanks to @TheSpiritXIII for the bug report.)

classgraph-4.8.92

Small update to previous release: strip final slash from URIs that end in an automatic package prefix, i.e. !/BOOT-INF/classes/ -> !/BOOT-INF/classes

... (truncated)

Commits

• 6044fa4 [maven-release-plugin] prepare release classgraph-4.8.104
• f926090 Add convenience method
• 273c924 generateGraphVizDotFileFromClassDependencies -> ...FromInterClass...
• aac9972 Improve logging
• 8f49341 Merge pull request #507 from classgraph/dependabot/maven/org.openjdk.jmh-jmh-...
• 8750991 Merge pull request #506 from classgraph/dependabot/maven/org.openjdk.jmh-jmh-...
• 2a78f88 Bump jmh-generator-annprocess from 1.28 to 1.29
• 41e1171 Bump jmh-core from 1.28 to 1.29
• 2f0b681 [maven-release-plugin] prepare for next development iteration
• 5f8d22c [maven-release-plugin] prepare release classgraph-4.8.103
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)