SUSE-SU-2024:1874-1

This update for Java fixes thefollowing issues:

apiguardian was updated to vesion 1.1.2:

• Added LICENSE/NOTICE to the generated jar
• Allow @API to be declared at the package level
• Explain usage of Status.DEPRECATED
• Include OSGi metadata in manifest

assertj-core was implemented at version 3.25.3:

• New package implementation needed by Junit5

byte-buddy was updated to version v1.14.16:

• byte-buddy is required by assertj-core

• Changes in version v1.14.16:

  • Update ASM and introduce support for Java 23.

• Changes in version v1.14.15:

  • Allow attaching from root on J9.

• Changes of v1.14.14:

  • Adjust type validation to accept additional names that are legal in the class file format.
  • Fix dynamic attach on Windows when a service user is active.
  • Avoid failure when using Android's strict mode.

dom4j was updated to version 2.1.4:

• Improvements and potentially breaking changes:

  • Added new factory method org.dom4j.io.SAXReader.createDefault(). It has more secure defaults than new SAXReader(), which uses system XMLReaderFactory.createXMLReader() or SAXParserFactory.newInstance().newSAXParser().

  • If you use some optional dependency of dom4j (for example Jaxen, xsdlib etc.), you need to specify an explicit dependency on it in your project. They are no longer marked as a mandatory transitive dependency by dom4j.

  • Following SAX parser features are disabled by default in DocumentHelper.parse() for security reasons (they were enabled in previous versions):

    • http://xml.org/sax/properties/external-general-entities
    • http://xml.org/sax/properties/external-parameter-entities

• Other changes:

  • Do not depend on jtidy, since it is not used during build
  • Fixed license to Plexus
  • JPMS: Add the Automatic-Module-Name attribute to the manifest.
  • Make a separate flavour for a minimal dom4j-bootstrap package used to build jaxen and full dom4j
  • Updated pull-parser version
  • Reuse the...