id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc
21596	[PATCH] Update dependencies in ivy.xml and tools/ivy.xml	taylor.smock	team	"= [source:trunk/ivy.xml ivy.xml]
== commons-compress
* Update [https://commons.apache.org/proper/commons-compress/ commons-compress] to v1.21 from v1.20
 * A new class TarFile provides random access to TAR archives.
 * Commons Compress now ships with a copy of the Pack200 code of the retired Apache Harmony project. The pack200 support in Commons Compress no longer uses the implementation of the Java class library - and thus also works for Java 14 and later.
 * Added new methods supporting java.nio.Path as an alternative to java.io.File to many classes.

== OpeningHoursParser
* Update [https://github.com/simonpoole/OpeningHoursParser/releases/tag/0.26.0 OpeningHoursParser] from v0.24.0 to v0.26.0

 * v0.26.0
  * This release adds a flag to indicate more lenient handling of time ranges with earlier end than start times in strict mode. It does not change the behaviour in non-strict mode.
    Note: the one parameter variant of OpeningHoursParser.rules maintains the same behaviour as prior releases, you will need to use the two parameter call if you want to set the flag.
 *  v0.25.0
  * adds missing setOpenEnded method for year ranges
  * throws a parse error on invalid data ranges combining open ended with end date

== spotbugs-annotations
* Update [https://github.com/spotbugs/spotbugs/blob/4.5.0/CHANGELOG.md spotbugs-annotations] from v4.3.0 to v4.5.0

== wiremock
* Update WireMock from 2.27.2 to 2.31.0. This required a rename, as `wiremock` is Java 7 compatible, but `wiremock-jre8` is not. `wiremock-jre8` at v2.31.0 also has support for JUnit 5.
 * [https://groups.google.com/g/wiremock-user/c/5xYwWyWUWIk WireMock 2.28.0]
  * Plaintext HTTP/2
  * Drops support for JUnit <= 4.7
  * Drops support for JRE 7-, use `wiremock-jre8` instead of `wiremock`
 * [https://groups.google.com/g/wiremock-user/c/KIKjrj2gIrk WireMock 2.29.0]
  * New template helpers
  * Date/time matching
  * Logical AND/OR matching
 * [https://groups.google.com/g/wiremock-user/c/pSLEMmQdZg0 WireMock 2.30.0]
  * Webhooks extension now in Wiremock core
  * Improved first-run time
 * [https://groups.google.com/g/wiremock-user/c/7bcGwI3fuK8 WireMock 2.31.0]
  * JUnit 5 support
  * Better support for multi-domain mocking
== classgraph
* Update [https://github.com/classgraph/classgraph/releases classgraph] from 4.8.110 to 4.8.135
 * Added `Resource#readCloseable` which returns a `CloseableByteBuffer`
 * Better support for running with a `SecurityManager`
 * Find resources by path glob (`ScanResult#getResourcesMatchingWildcard`)
 * Allow circumvention of encapsulation in JDK 16+ via jvm-driver ([https://github.com/classgraph/classgraph/releases/tag/classgraph-4.8.124 4.8.124])
 * Java 16+ comptability. This adds [https://github.com/toolfactory/narcissus narcissus] as a dependency. Either we have to load it explicitly or we can set `ClassGraph.CIRCUMVENT_ENCAPSULTION = true` at start.
 * Ability to find class references (i.e., find subclasses of a class)

== JUnit
* Update junit-platform from 1.7.2 to 1.8.2 and junit-jupiter to 5.8.2 from 5.7.2.
 * `@Suite` support
 * `JRE` now has Java 18 (enum)
 * JFR support in Java 8 Update 262+
 * `@ParameterizedTest` can now auto close arguments (i.e., `AutoClosable`, note: this breaks anything that reuses that parameter...)
 * `assertThrowsExactly` if we don't want any exception subclasses to be thrown
 * `@MethodSource`/`@ArgumentSource` can now have optional names
 * Various CSV source improvements

== junit5-system-exit
* Update [https://github.com/tginsberg/junit5-system-exit/releases junit5-system-ext] from 1.1.1 to 1.1.2
 * Works better with Parameterized tests

== equalsverifier
* Update [https://github.com/jqno/equalsverifier/blob/main/CHANGELOG.md equalsverifer] from 3.6.1 to 3.7.2
 * Prefab values for `java.util.concurrent.Semaphore`
 * Works better with anonymous/local inner classes

== awaitility
* Update [https://github.com/awaitility/awaitility/blob/master/changelog.txt awaitility] from 4.1.0 to 4.1.1
 * Various bug fixes
= [source:trunk/tools/ivy.xml tools/ivy.xml]
== checkstyle
* Update [https://checkstyle.sourceforge.io/releasenotes.html checkstyle] from 8.44 to 9.2
 * Removal of EOF token. Testing showed that COMPILATION_UNIT had equivalent behavior for TopLevelJavadocCheck.
 * NoWhitespaceBeforeCaseDefaultColon
 * Various bug fixes

== pmd
* Update [https://pmd.github.io/pmd-6.41.0/pmd_release_notes_old.html pmd] from 6.20 to [https://pmd.github.io/pmd-6.41.0/pmd_release_notes.html 6.41].
 * `ASTCommentContainer` may be able to be used in the future to replace the custom TopLevelJavadocCheck. Currently experimental, so we probably don't want to use it.
 * Java 17 support (specifically, Sealed Classes). Note: `ant` task was fixed in 6.41 (""Ant task fails with Java17"")
 * New rules
  * `PrimitiveWrapperInstantiation`
  * `SimplifiableTestAssertion`
  * `ReturnEmptyCollectionRatherThanNull` (I've explicitly disabled this, as some parts of JOSM return `null` right now, and I'd rather make this diff as minimal as possible)
  * `Junit5TestShouldBePackagePrivate`
  * `CognitiveComplexity` (also disabled due to many positives in JOSM source)
  * `MutableStaticState` (also diabled due to positives in JOSM source)
  * `UseStandardCharsets`
  * `UnusedAssignment`
  * `UnnecessaryCast` (also disabled due to positives in JOSM source)
  * `AvoidCalendarDateCreation`
  * `UseIOStreamsWithApacheCommonsFileItem`
  * `LiteralsFirstInComparisons`
 * Java 16 support (pattern matching/records)
 * Java 15 support (text blocks)
 * Java 14 support (switch expressions)
* josm-ruleset.xml has been updated for PMD 6.40. Where a check is disabled, I've added a `reason` attribute, so we know why something is disabled. I've also renamed rules, where applicable.

== spotbugs
* Update [https://github.com/spotbugs/spotbugs/blob/4.5.0/CHANGELOG.md spotbugs and spotbugs-ant] from 4.2.3 to 4.5.0 (see also spotbugs-annotations above)

 * `DCN_NULLPOINTER_EXCEPTION` now follows SEI Cert rule ERR08-J
 * `REFL_REFLECTION_INCREASES_ACCESSIBILITY_OF_CLASS` was added for SEI Cert rule SEC05-J: Don't use reflection to increase accessibility of classes, methods or fields. Note: This is ignored for `ReflectionUtils` in pmd rules, but is not ignored with `ant spotbugs`.
 * `MC_OVERRIDABLE_METHOD_CALL_IN_CONSTRUCTOR`/`MC_OVERRIDABLE_METHOD_CALL_IN_CLONE` for SEI cert rules MET05-J and MET06-J: avoid overridable methods in constructors and clone.
 * `EOS_BAD_END_OF_STREAM_CHECK` from SEI CERT rule FIO08-J: avoid converting `Stream#read` to byte or int, and then checking against -1.

== errorprone
* Update [https://github.com/google/error-prone/releases errorprone] from 2.8.1 to 2.10.0
 * New checks:
  * `AlwaysThrows`
  * `StackTraceElementGetClass`
  * `BareDotMetacharacter`
  * `DistinctVarargsChecker`
  * `MalformedInlineTag`
  * `MemoizeConstantVisitorStateLookups`
  * `UnicodeEscape` (note: I disabled this in a method for `DomainValidator`)
  * `FieldMissingNullable`
  * `Java8ApiChecker`
  * `ParameterMissingNullable`
  * `TooManyParameters`
  * `TryWithResourcesVariable`
  * `UnnecessaryFinal`
  * `VoidMissingNullable`
  * `DeprecatedVariable`
  * `PublicApiNamedStreamShouldReturnStream`
"	enhancement	new	normal		Core