Update dependency jaxen:jaxen to v2.0.1

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
jaxen:jaxen (source)	2.0.0 → 2.0.1

---

Release Notes

jaxen-xpath/jaxen (jaxen:jaxen)

v2.0.1: 2.0.1

Compare Source

• The build is now fully byte-per-byte reproducible. If you use the same JDK on the same platform to compile, you'll get the same bytes out every time. This is a prerequisite for hash-based defenses against supply chain and MITM attacks.

• The release has been mostly automated. It's not quite a one-click deploy but it's close.

• Several bugs in XPath conformance detected by Claude Sonnet 4.6 were fixed:

  • The round() function returns negative zero for values between -0.5 and -0.0.
  • The number() function rejects some strings Java recognizes as a number but XPath does not.
  • anyMatchingNode() and evaluateAsBoolean() no longer throw NoSuchElementException when evaluating an XPath expression with multiple predicates and more nodes than predicates.
  • DefaultCommentNodeStep.getText() includes predicates. (This one's very unlikely to have any effect on XPath queries or evaluation.)

• The DOMNavigator can now search inside entity reference and document fragment nodes.

What's Changed

• punctuation and whitespace by @​elharo in #​157
• remove duplicated condition from PatternParser convertStep by @​hduelme in #​159
• Parameterize translate function.evaluate by @​hduelme in #​161
• update compiler plugin to 3.10.1 by @​elharo in #​165
• use StringBuilder instead of StringBuffer by @​hduelme in #​160
• Simplify assertions by @​hduelme in #​162
• maven-project-info-reports-plugin 3.4.2 by @​elharo in #​166
• maven-javadoc-plugin 3.5.0 by @​elharo in #​167
• deprecate own implementation of SingletonList by @​hduelme in #​169
• maven-source-plugin 3.2.1 by @​elharo in #​171
• clarify a few comments by @​elharo in #​175
• maven-compiler-plugin 3.11.0 by @​elharo in #​176
• update source and assembly plugins by @​elharo in #​177
• better test code namespaces by @​elharo in #​178
• quiet javadoc by @​elharo in #​179
• Remove defunct mailing list archives by @​elharo in #​183
• Update build plugins by @​elharo in #​184
• More plugin updates by @​elharo in #​185
• Update Maven plugins by @​elharo in #​187
• Remove maxPermSize by @​elharo in #​189
• add devcontainer by @​elharo in #​192
• Codespaces by @​elharo in #​193
• use more defaults by @​elharo in #​194
• Use https in pom.xml by @​elharo in #​196
• Update Java 1.3 javadoc references to current project requirements by @​Copilot in #​200
• Add explicit versions for Maven core lifecycle plugins by @​Copilot in #​198
• Add comprehensive GitHub Copilot instructions for Jaxen development workflow by @​Copilot in #​202
• Fix all javadoc to conform to Oracle Javadoc guidelines by @​Copilot in #​206
• Implement comprehensive API compatibility checking with Animal Sniffer and Japicmp plugins by @​Copilot in #​204
• Add SECURITY.md file with security reporting instructions by @​Copilot in #​208
• Add Maven wrapper to project by @​Copilot in #​210
• Remove optimize flag by @​elharo in #​215
• Remove @​see references to Javadoc-excluded packages by @​Copilot in #​218
• Add GitHub Actions CI for Java 8 by @​Copilot in #​220
• 2.0 no longer beta by @​elharo in #​222
• Replace CircleCI with GitHub Actions CI (Java 8) by @​Copilot in #​221
• fix typos by @​elharo in #​223
• Add workflow to convert TODO/FIXME/XXX/HACK comments into GitHub issues by @​Copilot in #​217
• Upgrade JUnit 3.8.2 → 4.13.2 for VSCode/Codespaces test runner support by @​Copilot in #​226
• [WIP] Replace all links to jaxen.org with jaxen-xpath by @​Copilot in #​242
• Publish Maven site to GitHub Pages by @​Copilot in #​244
• Remove Netscape 4-only CSS files by @​Copilot in #​248
• Remove unused site stylesheets by @​Copilot in #​252
• Convert HTTP links to HTTPS in documentation and Javadoc by @​Copilot in #​250
• CI: compile with Java 8, run tests with Java 11 by @​Copilot in #​254
• Replace retired Apache Jakarta taglibs link with current Apache Tomcat taglibs URL by @​Copilot in #​256
• Remove stale XXX comment in JaxenHandlerTest by @​Copilot in #​258
• Enable XPath comparison test with node values on right-hand side of > by @​Copilot in #​257
• fix: auto-enable GitHub Pages via configure-pages enablement flag by @​Copilot in #​260
• ci: add Java 17, 21, and 25 to test matrix by @​Copilot in #​262
• Replace sequential equals chain in Axis.lookup(String) with a static HashMap by @​Copilot in #​264
• Switch from bundle to jar packaging; retain OSGi metadata via manifest goal by @​Copilot in #​266
• Remove obsolete XXX comment in Axis.java by @​Copilot in #​267
• Fix non-varargs call of varargs method warnings in NamespaceNode.java by @​Copilot in #​263
• Remove FIXME and Pattern dependency from NamespaceNode by @​Copilot in #​269
• Implement Maven reproducible builds by @​Copilot in #​203
• Automate release tagging and version management by @​Copilot in #​270
• Add tests for NamespaceNode userData and remove XXX comment by @​Copilot in #​273
• Resolve XXX comment in SimpleNamespaceContext by prebinding the xml prefix by @​Copilot in #​271
• Split DOM3 namespace equality assertions into distinct test cases by @​Copilot in #​274
• Remove stale hotspot marker in XPathReader.LT after perf check by @​Copilot in #​275
• Remove obsolete XXX null-handling comment in AncestorOrSelfAxisIterator by @​Copilot in #​276
• Add workflow to file XPath 1.0 spec compliance bugs on merge by @​Copilot in #​278
• Fix RoundFunction to return negative zero per XPath 1.0 spec by @​Copilot in #​288
• Fix NumberFunction to reject non-XPath number strings by @​Copilot in #​287
• Fix PredicateSet.anyMatchingNode() advancing predicate iterator inside wrong loop by @​Copilot in #​285
• Fix DefaultCommentNodeStep.getText() to include predicates by @​Copilot in #​286
• Fix NodeIterator to recurse into DocumentFragment and EntityReference children by @​Copilot in #​272
• Update Maven distribution URL to version 3.9.15 by @​elharo in #​289
• Clarify GPG key creation instructions in RELEASING.md by @​Copilot in #​291
• Migrate release process from OSSRH to Central Publishing Portal by @​Copilot in #​295
• Add hyperlinks to GitHub pages referenced in RELEASING.md by @​Copilot in #​298
• Change CI/CD integration from CircleCI to GitHub Actions by @​elharo in #​301
• docs: clarify release secrets are repository-scoped by @​Copilot in #​302
• doc: add GitHub PAT creation instructions to RELEASING.md by @​Copilot in #​304
• Move GPG private key export step to point of use in RELEASING.md by @​Copilot in #​305
• docs: fix GitHub fine-grained PAT setup instructions to match current UI by @​Copilot in #​307

New Contributors

• @​hduelme made their first contribution in #​159
• @​Copilot made their first contribution in #​200

Full Changelog: jaxen-xpath/jaxen@v2.0.0...v2.0.1

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • Between 12:00 AM and 03:59 AM (* 0-3 * * *)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[MarkEWaite]

The release notes look much, much larger than a patch release and include many changes that were fixed by Copilot. This change needs much deeper review before it is merged into Jenkins core.

The library is used in Jelly and the EC2 plugin.

Some test ideas:

• Upgrade jaxen 2.0.0 to 2.0.1 in Jelly and test the incremental in Stapler, Jenkins core, plugin BOM
• Upgrade jaxen 2.0.0 to 2.0.1 in Jelly and test the incremental in ATH
• Upgrade jaxen 2.0.0 to 2.0.1 in EC2 plugin and test the incremental in plugin BOM and ATH (done with the earlier tests, since the jaxen dependency in EC2 plugin is provided by Jenkins core)

Relevant pull requests:

• jenkinsci/jelly#183

[MarkEWaite]

Seems best to not include this in Jenkins core until a Jelly release is created that includes jaxen 2.0.1 and a Stapler release is created that includes the new Jelly release.

[MarkEWaite]

This PR is now ready for merge. We will merge it after approximately 24 hours if there is no negative feedback. Please see the merge process documentation for more information about the merge process.

/label ready-for-merge

Needs to be merged along with pull requests:

• #26678
• #26677