Update Mend: high confidence minor and patch dependency updates

[mend-for-github-com]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
event-source-polyfill	1.0.26 → 1.0.31
org.apache.maven.plugins:maven-enforcer-plugin (source)	3.0.0 → 3.6.2
com.diffplug.spotless:spotless-maven-plugin	2.29.0 → 2.46.1
org.hsqldb:hsqldb (source)	2.5.2 → 2.7.4
org.apache.commons:commons-compress (source)	1.21 → 1.28.0
org.apache.commons:commons-exec (source)	1.3 → 1.6.0
org.ow2.asm:asm (source)	9.1 → 9.9.1
com.nulab-inc:zxcvbn	1.5.2 → 1.9.0
com.thoughtworks.xstream:xstream (source)	1.4.5 → 1.4.21
io.github.bonigarcia:webdrivermanager (source)	4.3.1 → 4.4.3
org.apache.maven.plugins:maven-surefire-plugin (source)	3.0.0-M5 → 3.5.5
org.jsoup:jsoup (source)	1.14.3 → 1.22.1
org.webjars:jquery (source)	3.5.1 → 3.7.1
org.bitbucket.b_c:jose4j (source)	0.7.6 → 0.9.6
com.google.guava:guava	30.1-jre → 30.1.1-jre
org.apache.commons:commons-text (source)	1.9 → 1.15.0
org.apache.maven.plugins:maven-checkstyle-plugin (source)	3.1.2 → 3.6.0
cglib:cglib-nodep	2.2 → 2.2.2
org.springframework.boot:spring-boot-starter-parent (source)	2.7.1 → 2.7.18

---

Release Notes

Yaffle/EventSource (event-source-polyfill)

v1.0.31

Compare Source

v1.0.30

Compare Source

v1.0.29

Compare Source

v1.0.28

Compare Source

diffplug/spotless (com.diffplug.spotless:spotless-maven-plugin)

v2.45.0

Added

• Support for gofmt (#​2001)
• Support for formatting Java Docs for the Palantir formatter (#​2009)

v2.44.0

Added

• New static method to DiffMessageFormatter which allows to retrieve diffs with their line numbers (#​1960)
• Gradle - Support for formatting shell scripts via shfmt. (#​1994)

Fixed

• Fix empty files with biome >= 1.5.0 when formatting files that are in the ignore list of the biome configuration file. (#​1989 fixes #​1987)
• Fix a regression in BufStep where the same arguments were being provided to every buf invocation. (#​1976)

Changed

• Use palantir-java-format 2.39.0 on Java 21. (#​1948)
• Bump default ktlint version to latest 1.0.1 -> 1.1.1. (#​1973)
• Bump default googleJavaFormat version to latest 1.18.1 -> 1.19.2. (#​1971)
• Bump default diktat version to latest 1.2.5 -> 2.0.0. (#​1972)

v2.43.0

Added

• Support custom rule sets for Ktlint. (#​1896)

Fixed

• Fix Eclipse JDT on some settings files. (#​1864 fixes #​1638)

Changed

• Bump default ktlint version to latest 1.0.0 -> 1.0.1. (#​1855)
• Add a Step to remove semicolons from Groovy files. (#​1881)

v2.42.0

Added

• Support for biome. The Rome project was renamed to Biome.
  The configuration is still the same, but you should switch to the new biome tag / function and adjust
  the version accordingly. (#​1804).
• Support for google-java-format's skip-javadoc-formatting option. (#​1793)
• Support configuration of mirrors for P2 repositories in Maven DSL (#​1697).
• New line endings mode GIT_ATTRIBUTES_FAST_ALLSAME. (#​1838)

Fixed

• Fix support for plugins when using Prettier version 3.0.0 and newer. (#​1802)
• Fix configuration cache issue around external process started '/usr/bin/git --version'. (#​1806)

Changed

• Bump default flexmark version to latest 0.64.0 -> 0.64.8. (#​1801)
• Bump default ktlint version to latest 0.50.0 -> 1.0.0. (#​1808)

v2.41.0

Added

• Add a jsonPatch step to json formatter configurations. This allows patching of JSON documents using JSON Patches. (#​1753)
• Support GJF own import order. (#​1780)

Fixed

• Use latest versions of popular style guides for eslint tests to fix failing useEslintXoStandardRules test. (#​1761, #​1756)
• Add support for prettier version 3.0.0 and newer. (#​1760, #​1751)
• Fix npm install calls when npm cache is not up-to-date. (#​1760, #​1750)

Changed

• Bump default eslint version to latest 8.31.0 -> 8.45.0 (#​1761)
• Bump default prettier version to latest (v2) 2.8.1 -> 2.8.8. (#​1760)
• Bump default greclipse version to latest 4.27 -> 4.28. (#​1775)

v2.40.0

Added

• Added support for Protobuf formatting based on Buf. (#​1208)
• enum OnMatch { INCLUDE, EXCLUDE } so that FormatterStep.filterByContent can not only include based on the pattern but also exclude. (#​1749)

Fixed

• Update documented default semanticSort to false. (#​1728)

Changed

• Bump default cleanthat version to latest 2.13 -> 2.17. (#​1734)
• Bump default ktlint version to latest 0.49.1 -> 0.50.0. (#​1741)
  • Dropped support for ktlint 0.47.x following our policy of supporting two breaking changes at a time.
  • Dropped support for deprecated useExperimental parameter in favor of the ktlint_experimental property.

v2.39.0

Added

• Jvm.Support now accepts -SNAPSHOT versions, treated as the non-SNAPSHOT. (#​1583)
• Support Rome as a formatter for JavaScript and TypeScript code. Adds a new rome step to javascript and typescript formatter configurations. (#​1663)
• Add semantics-aware Java import ordering (i.e. sort by package, then class, then member). (#​522)

Fixed

• Fixed a regression which changed the import sorting order in googleJavaFormat introduced in 2.38.0. (#​1680)
• Equo-based formatters now work on platforms unsupported by Eclipse such as PowerPC (fixes durian-swt#20)
• When P2 download fails, indicate the responsible formatter. (#​1698)

Changed

• Equo-based formatters now download metadata to ~/.m2/repository/dev/equo/p2-data rather than ~/.equo, and for CI machines without a home directory the p2 data goes to $GRADLE_USER_HOME/caches/p2-data. (#​1714)
• Bump default googleJavaFormat version to latest 1.16.0 -> 1.17.0. (#​1710)
• Bump default ktfmt version to latest 0.43 -> 0.44. (#​1691)
• Bump default ktlint version to latest 0.48.2 -> 0.49.1. (#​1696)
  • Dropped support for ktlint 0.46.x following our policy of supporting two breaking changes at a time.
• Bump default sortpom version to latest 3.0.0 -> 3.2.1. (#​1675)

v2.38.0

Added

• Support configuration of mirrors for P2 repositories in EquoBasedStepBuilder (#​1629).
• The style option in Palantir Java Format (#​1654).
• Added formatter for Gherkin feature files (#​1649).

Changed

• POTENTIALLY BREAKING Converted googleJavaFormat to a compile-only dependency and drop support for versions < 1.8. (#​1630)
• Bump default cleanthat version to latest 2.6 -> 2.13. (#​1589 and #​1661)
• Bump default diktat version 1.2.4.2 -> 1.2.5. (#​1631)
• Bump default flexmark version 0.62.2 -> 0.64.0. (#​1302)
• Bump default googleJavaFormat version 1.15.0 -> 1.16.0. (#​1630)
• Bump default scalafmt version 3.7.1 -> 3.7.3. (#​1584)
• Bump default Eclipse formatters for the 2023-03 release. (#​1662)
  • JDT and GrEclipse 4.26 -> 4.27
    • Improve GrEclipse error reporting. (#​1660)
  • CDT 11.0 -> 11.1

v2.37.0

Added

• You can now put the filename into a license header template with $FILE. (#​1605 fixes #​1147)

Changed

• We are now opting in to Gradle's new stable configuration cache. (#​1591)
• Adopt Equo Solstice OSGi and p2 shim to update all Eclipse-based plugins. (#​1524)
  • Eclipse JDT now supports 4.9 through 4.26. Also we now recommend dropping the last .0, e.g. 4.26 instead of 4.26.0, you'll get warnings to help you switch.
  • Eclipse Groovy now supports 4.18 through 4.26. Also we now recommend dropping the last .0, e.g. 4.26 instead of 4.26.0, you'll get warnings to help you switch.
  • Eclipse CDT now supports 10.6 through 11.0.
  • Eclipse WTP is still WIP at #​1622.

v2.36.0

Added

• gradlew equoIde opens a repeatable clean Spotless dev environment. (#​1523)
• cleanthat added includeDraft option, to include draft mutators from composite mutators. (#​1574)
• npm-based formatters now support caching of node_modules directory (#​1590)

Fixed

• JacksonJsonFormatterFunc handles json files with an Array as root. (#​1585)

Changed

• Bump default cleanthat version to latest 2.1 -> 2.6 (#​1569 and #​1574)
• Reduce logging-noise created by npm-based formatters (#​1590 fixes #​1582)

v2.35.0

Added

• CleanThat Java Refactorer. (#​1560)
• Introduce LazyArgLogger to allow for lazy evaluation of log messages in slf4j logging. (#​1565)

Fixed

• Allow multiple instances of the same npm-based formatter to be used by separating their node_modules directories. (#​1565)
• ktfmt default style uses correct continuation indent. (#​1562)

Changed

• Bump default ktfmt version to latest 0.42 -> 0.43 (#​1561)
• Bump default jackson version to latest 2.14.1 -> 2.14.2 (#​1536)

v2.34.0

Added

• Formatter now has a field public static final File NO_FILE_SENTINEL which can be used to pass string content to a Formatter or FormatterStep when there is no actual File to format. (#​1525)

v2.33.0

Added

• ProcessRunner has added some convenience methods so it can be used for Maven testing. (#​1496)
• ProcessRunner allows to limit captured output to a certain number of bytes. (#​1511)
• ProcessRunner is now capable of handling long-running tasks where waiting for exit is delegated to the caller. (#​1511)
• Allow to specify node executable for node-based formatters using nodeExecutable parameter (#​1500)

Fixed

• The default list of type annotations used by formatAnnotations has had 8 more annotations from the Checker Framework added #​1494

Changed

• POTENTIALLY BREAKING Bump minimum JRE from 8 to 11, next release likely to bump bytecode to Java 11 (#​1514 part 1 of #​1337)
• Rename YamlJacksonStep into JacksonYamlStep while normalizing Jackson usage (#​1492)
• Convert gson integration to use a compile-only source set (#​1510).
• ** POTENTIALLY BREAKING** Removed support for KtLint 0.3x and 0.45.2 (#​1475)
  • KtLint does not maintain a stable API - before this PR, we supported every breaking change in the API since 2019.
  • From now on, we will support no more than 2 breaking changes at a time.
• NpmFormatterStepStateBase delays npm install call until the formatter is first used. This enables better integration
  with gradle-node-plugin. (#​1522)
• Bump default ktlint version to latest 0.48.1 -> 0.48.2 (#​1529)
• Bump default scalafmt version to latest 3.6.1 -> 3.7.1 (#​1529)

v2.32.0

Added

• Add option editorConfigFile for ktLint #​142
  • POTENTIALLY BREAKING ktlint step now modifies license headers. Make sure to put licenseHeader after ktlint.
• Added skipLinesMatching option to licenseHeader to support formats where license header cannot be immediately added to the top of the file (e.g. xml, sh). (#​1441).
• Add YAML support through Jackson (#​1478)
• Added support for npm-based ESLint-formatter for javascript and typescript (#​1453)
• Better suggested messages when user's default is set by JVM limitation. (#​995)

Fixed

• Support ktlint 0.48+ new rule disabling syntax (#​1456) fixes (#​1444)
• Fix subgroups leading catch all matcher.

Changed

• Bump default version for prettier from 2.0.5 to 2.8.1 (#​1453)
• Bump the dev version of Gradle from 7.5.1 to 7.6 (#​1409)
  • We also removed the no-longer-required dependency org.codehaus.groovy:groovy-xml
• Breaking changes to Spotless' internal testing infrastructure testlib (#​1443)
  • ResourceHarness no longer has any duplicated functionality which was also present in StepHarness
  • StepHarness now operates on Formatter rather than a FormatterStep
  • StepHarnessWithFile now takes a ResourceHarness in its constructor to handle the file manipulation parts
  • Standardized that we test exception messages, not types, which will ease the transition to linting later on
  • Bump default ktlint version to latest 0.47.1 -> 0.48.1 (#​1456)
• Switch our publishing infrastructure from CircleCI to GitHub Actions (#​1462).
  • Help wanted for moving our tests too (#​1472)

v2.31.0

Added

• importOrder now support groups of imports without blank lines (#​1401)

Fixed

• Don't treat @Value as a type annotation #​1367
• Support ktlint_disabled_rules in ktlint 0.47.x #​1378
• Share git repositories across projects when using ratchet (#​1426)

Changed

• Bump default ktfmt version to latest 0.40 -> 0.41 (#​1340)
• Bump default scalafmt version to latest 3.5.9 -> 3.6.1 (#​1373)
• Bump default diktat version to latest 1.2.3 -> 1.2.4.2 (#​1393)
• Bump default palantir-java-format version to latest 2.10 -> 2.28 (#​1393)

v2.30.0

Added

• formatAnnotations() step to correct formatting of Java type annotations. It puts type annotations on the same line as the type that they qualify. Run it after a Java formatting step, such as googleJavaFormat(). (#​1275)

Changed

• Bump default ktfmt version to latest 0.39 -> 0.40 (#​1312)
• Bump default ktlint version to latest 0.46.1 -> 0.47.1 (#​1303)
  • Also restored support for older versions of ktlint back to 0.31.0

nulab/zxcvbn4j (com.nulab-inc:zxcvbn)

v1.9.0

Compare Source

• addition of Portuguese in the languages available for feedback #​173 (javcasrod)
• Add exports com.nulabinc.zxcvbn.io to module-info.java #​175 (HaasJona)
• Updated URL to "Five Algorithms..." article #​169 (weberhofer)
• refactor: modifier 'private' is redundant for enum constructors #​168 (vvatanabe)
• refactor: Deprecate setters in AttackTimes class #​167 (vvatanabe)
• refactor: Deprecate com.nulabinc.zxcvbn.Guess and introduce new interface in com.nulabinc.zxcvbn.guesses #​166 (vvatanabe)
• refactor: Deprecate com.nulabinc.zxcvbn.Matcher and introduce new interface in com.nulabinc.zxcvbn.matchers #​165 (vvatanabe)
• refactor: Initialize all Strength properties via constructor #​164 (vvatanabe)
• fix: fix sonarcloud maintainability phase 4 #​163 (vvatanabe)
• fix: fix sonarcloud maintainability phase 3 #​162 (vvatanabe)
• fix: fix sonar cloud maintainability phase 2 #​161 (vvatanabe)
• fix: fix sonarcloud maintainability #​160 (vvatanabe)
• fix: Fix sonarcloud reliability #​159 (vvatanabe)
• chore: Update GitHub Actions Configuration #​158 (vvatanabe)
• refactor: refactor and improve code readability in Scoring #​157 (vvatanabe)
• fix: fix warning messages of checkstyle #​156 (vvatanabe)
• refactor: Refactoring Feedback #​155 (vvatanabe)
• refactor: refactoring TimeEstimates class #​154 (vvatanabe)
• refactor: refactoring guesses package #​153 (vvatanabe)
• chore: update gradle version to 8.3 and update gradle plugins to latest #​152 (vvatanabe)

v1.8.2

Compare Source

• fix: fix the discrepancy in password guesses between zxcvbn and zxcvbn4j #​151 (vvatanabe)
• style: format all with google-java-format #​150 (vvatanabe)
• refactor: refactoring matchers.Match #​149 (vvatanabe)
• refactor: refactoring matchers.OmnibusMatcher #​148 (vvatanabe)

v1.8.1

Compare Source

• fix: improved SpatialMatcher decision logic (#​84) (#​129) #​147 (vvatanabe)
• refactor: refactoring matchers.ReverseDictionaryMatcher #​146 (vvatanabe)
• style: format code in matchers.RepeatMatcher #​145 (vvatanabe)
• refactor: refactoring matchers.DateMatcher #​144 (vvatanabe)
• refactor: refactoring matchers.RegexMatcher #​143 (vvatanabe)
• refactor: refactoring matchers.DictionaryMatcher #​142 (vvatanabe)
• refactor: refactoring matchers.L33tMatcher #​141 (vvatanabe)
• refactor: refactoring matchers.SequenceMatcher #​140 (vvatanabe)
• fix: fix the warnings from SpotBugs #​139 (vvatanabe)
• refactor: refactoring matchers.SpatialMatcher #​138 (vvatanabe)
• refactor: refactoring matchers.RepeatMatcher #​137 (vvatanabe)

v1.8.0

Compare Source

• Added feedback messages translated into Spanish #​135 (manchilop)
• Switch the JavaScript engine used for testing from Nashorn to GraalJS #​128 (yasuyuki-baba)
• JMH-based set of benchmarks #​127 (yasuyuki-baba)

v1.7.0

Compare Source

• fix typo in the package name of the resource file (#​125) #​126 (vvatanabe)
• Allow users to use their own keyboard layouts and dictionaries #​124 (yasuyuki-baba)

v1.6.0

Compare Source

• Change the position of the defining signing (#​121) #​123 (vvatanabe)
• use configurations.archives in signing (#​121) #​122 (vvatanabe)
• Make Scoring.factorial(int) return long #​116 (InkerBot)
• Added Italian translation #​113 (gdonisi)
• Correct strength.score definition #​117 (AChep)
• Fixes #​110 - correct encoding for French and German. #​111 (40rn05lyv)
• Add module-info.java #​104 (overheadhunter)
• temporarily remove test with JDK 17 (#​119) #​120 (vvatanabe)
• Migrated to GitHub Actions #​112 (overheadhunter)
• Update README.md #​108 (eltociear)

bonigarcia/webdrivermanager (io.github.bonigarcia:webdrivermanager)

v4.4.3

Added

• Support for ARM64 (Aarch64) architecture (issue #​634)
• Include method arm64() in WDM API to specify ARM64 architecture

Fixed

• Fix execution of registry query commands to detect browser version (for Windows)

v4.4.2

• Due to a problem in the release procedure, version 4.4.2 is identical to 4.4.1

v4.4.1

Fixed

• Fix browser version detection in Mac (issue #​632)

v4.4.0

Added

• Automatic module name in MANIFEST.MF for JDK 9+ support (PR #​615)
• Include config key wdm.browserVersionDetectionRegex, equivalent to API method browserVersionDetectionRegex()
• Expose method .exportParameter() in WebDriverManager API
• Include config key wdm.useChromiumDriverSnap to use Chromium snap package (false by default)
• Support local URLs (file://) for versions and commands properties
• Include new API methods: useLocalCommandsPropertiesFirst(), versionsPropertiesUrl(URL), and commandsPropertiesUrl(URL)

Changed

• Extract commands database as a properties file (commands.properties)

Removed

• Remove method browserPath() in WebDriverManager API (changed by browserVersionDetectionCommand())

jhy/jsoup (org.jsoup:jsoup)

v1.22.1

Improvements

• Added support for using the re2j regular expression engine for regex-based CSS selectors (e.g. [attr~=regex], :matches(regex)), which ensures linear-time performance for regex evaluation. This allows safer handling of arbitrary user-supplied query regexes. To enable, add the com.google.re2j dependency to your classpath, e.g.:

  <dependency>
    <groupId>com.google.re2j</groupId>
    <artifactId>re2j</artifactId>
    <version>1.8</version>
  </dependency>

(If you already have that dependency in your classpath, but you want to keep using the Java regex engine, you can disable re2j via System.setProperty("jsoup.useRe2j", "false").) You can confirm that the re2j engine has been enabled correctly by calling org.jsoup.helper.Regex.usingRe2j(). #​2407

• Added an instance method Parser#unescape(String, boolean) that unescapes HTML entities using the parser's configuration (e.g. to support error tracking), complementing the existing static utility Parser.unescapeEntities(String, boolean). #​2396
• Added a configurable maximum parser depth (to limit the number of open elements on stack) to both HTML and XML parsers. The HTML parser now defaults to a depth of 512 to match browser behavior, and protect against unbounded stack growth, while the XML parser keeps unlimited depth by default, but can opt into a limit via org.jsoup.parser.Parser#setMaxDepth. #​2421
• Build: added CI coverage for JDK 25 #​2403
• Build: added a CI fuzzer for contextual fragment parsing (in addition to existing full body HTML and XML fuzzers). oss-fuzz #​14041

Changes

• Set a removal schedule of jsoup 1.24.1 for previously deprecated APIs.

Bug Fixes

• Previously cached child Elements of an Element were not correctly invalidated in Node#replaceWith(Node), which could lead to incorrect results when subsequently calling Element#children(). #​2391
• Attribute selector values are now compared literally without trimming. Previously, jsoup trimmed whitespace from selector values and from element attribute values, which could cause mismatches with browser behavior (e.g. [attr=" foo "]). Now matches align with the CSS specification and browser engines. #​2380
• When using the JDK HttpClient, any system default proxy (ProxySelector.getDefault()) was ignored. Now, the system proxy is used if a per-request proxy is not set. #​2388, #​2390
• A ValidationException could be thrown in the adoption agency algorithm with particularly broken input. Now logged as a parse error. #​2393
• Null characters in the HTML body were not consistently removed; and in foreign content were not correctly replaced. #​2395
• An IndexOutOfBoundsException could be thrown when parsing a body fragment with crafted input. Now logged as a parse error. #​2397, #​2406
• When using StructuralEvaluators (e.g., a parent child selector) across many retained threads, their memoized results could also be retained, increasing memory use. These results are now cleared immediately after use, reducing overall memory consumption. #​2411
• Cloning a Parser now preserves any custom TagSet applied to the parser. #​2422, #​2423
• Custom tags marked as Tag.Void now parse and serialize like the built-in void elements: they no longer consume following content, and the XML serializer emits the expected self-closing form. #​2425
• The <br> element is once again classified as an inline tag (Tag.isBlock() == false), matching common developer expectations and its role as phrasing content in HTML, while pretty-printing and text extraction continue to treat it as a line break in the rendered output. #​2387, #​2439
• Fixed an intermittent truncation issue when fetching and parsing remote documents via Jsoup.connect(url).get(). On responses without a charset header, the initial charset sniff could sometimes (depending on buffering / available() behavior) be mistaken for end-of-stream and a partial parse reused, dropping trailing content. #​2448
• TagSet copies no longer mutate their template during lazy lookups, preventing cross-thread ConcurrentModificationException when parsing with shared sessions. #​2453
• Fixed parsing of <svg> foreignObject content nested within a <p>, which could incorrectly move the HTML subtree outside the SVG. #​2452

Internal Changes

• Deprecated internal helper org.jsoup.internal.Functions (for removal in v1.23.1). This was previously used to support older Android API levels without full java.util.function coverage; jsoup now requires core library desugaring so this indirection is no longer necessary. #​2412

v1.21.2

Changes

• Deprecated internal (yet visible) methods Normalizer#normalize(String, bool) and Attribute#shouldCollapseAttribute(Document.OutputSettings). These will be removed in a future version.
• Deprecated Connection#sslSocketFactory(SSLSocketFactory) in favor of the new Connection#sslContext(SSLContext). Using sslSocketFactory will force the use of the legacy HttpUrlConnection implementation, which does not support HTTP/2. #​2370

Improvements

• When pretty-printing, if there are consecutive text nodes (via DOM manipulation), the non-significant whitespace between them will be collapsed. #​2349.
• Updated Connection.Response#statusMessage() to return a simple loggable string message (e.g. "OK") when using the HttpClient implementation, which doesn't otherwise return any server-set status message. #​2356
• Attributes#size() and Attributes#isEmpty() now exclude any internal attributes (such as user data) from their count. This aligns with the attributes' serialized output and iterator. #​2369
• Added Connection#sslContext(SSLContext) to provide a custom SSL (TLS) context to requests, supporting both the HttpClient and the legacy HttUrlConnection implementations. #​2370
• Performance optimizations for DOM manipulation methods including when repeatedly removing an element's first child (element.child(0).remove(), and when using Parser#parseBodyFragement() to parse a large number of direct children. #​2373.

Bug Fixes

• When parsing from an InputStream and a multibyte character happened to straddle a buffer boundary, the stream would not be completely read. #​2353.
• In NodeTraversor, if a last child element was removed during the head() call, the parent would be visited twice. #​2355.
• Cloning an Element that has an Attributes object would add an empty internal user-data attribute to that clone, which would cause unexpected results for Attributes#size() and Attributes#isEmpty(). #​2356
• In a multithreaded application where multiple threads are calling Element#children() on the same element concurrently, a race condition could happen when the method was generating the internal child element cache (a filtered view of its child nodes). Since concurrent reads of DOM objects should be threadsafe without external synchronization, this method has been updated to execute atomically. #​2366
• When parsing HTML with svg:script elements in SVG elements, don't enter the Text insertion mode, but continue to parse as foreign content. Otherwise, misnested HTML could then cause an IndexOutOfBoundsException. #​2374
• Malformed HTML could throw an IndexOutOfBoundsException during the adoption agency. #​2377.

v1.21.1

Changes

• Removed previously deprecated methods. #​2317
• Deprecated the :matchText pseduo-selector due to its side effects on the DOM; use the new ::textnode selector and the Element#selectNodes(String css, Class type) method instead. #​2343
• Deprecated `Connection.

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box