Bump the maven-all group across 1 directory with 11 updates

[dependabot]

Bumps the maven-all group with 11 updates in the / directory:

Package	From	To
cool.scx:scx-http-x	3.8.10	4.5.0
cool.scx:scx-websocket-x	3.8.10	4.5.0
cool.scx:scx-scheduling	3.8.10	4.5.0
cool.scx:scx-ansi	4.2.0	4.5.0
cool.scx:scx-logging	4.1.0	4.5.0
com.google.protobuf:protobuf-java	4.32.1	4.34.1
org.jsoup:jsoup	1.21.2	1.22.1
org.graalvm.polyglot:polyglot	25.0.0	25.0.2
org.graalvm.polyglot:js	25.0.0	25.0.2
org.testng:testng	7.11.0	7.12.0
com.microsoft.playwright:playwright	1.55.0	1.59.0

Updates cool.scx:scx-http-x from 3.8.10 to 4.5.0

Release notes

Sourced from cool.scx:scx-http-x's releases.

v4.5.0

Commits

• 26af6de v4.5.0
• See full diff in compare view

Updates cool.scx:scx-websocket-x from 3.8.10 to 4.5.0

Release notes

Sourced from cool.scx:scx-websocket-x's releases.

v4.5.0

Commits

• 26af6de v4.5.0
• See full diff in compare view

Updates cool.scx:scx-scheduling from 3.8.10 to 4.5.0

Release notes

Sourced from cool.scx:scx-scheduling's releases.

v4.5.0

Commits

• 26af6de v4.5.0
• See full diff in compare view

Updates cool.scx:scx-websocket-x from 3.8.10 to 4.5.0

Release notes

Sourced from cool.scx:scx-websocket-x's releases.

v4.5.0

Commits

• 26af6de v4.5.0
• See full diff in compare view

Updates cool.scx:scx-ansi from 4.2.0 to 4.5.0

Release notes

Sourced from cool.scx:scx-ansi's releases.

v4.5.0

Commits

• See full diff in compare view

Updates cool.scx:scx-logging from 4.1.0 to 4.5.0

Release notes

Sourced from cool.scx:scx-logging's releases.

v4.5.0

Commits

• See full diff in compare view

Updates cool.scx:scx-scheduling from 3.8.10 to 4.5.0

Release notes

Sourced from cool.scx:scx-scheduling's releases.

v4.5.0

Commits

• 26af6de v4.5.0
• See full diff in compare view

Updates com.google.protobuf:protobuf-java from 4.32.1 to 4.34.1

Commits

• See full diff in compare view

Updates org.jsoup:jsoup from 1.21.2 to 1.22.1

Release notes

Sourced from org.jsoup:jsoup's releases.

jsoup Java HTML Parser release 1.22.1

jsoup 1.22.1 is out now, adding support for the re2j regular expression engine for regex-based CSS selectors, a configurable maximum parser depth, and numerous bug fixes and improvements.

jsoup is a Java library for working with real-world HTML and XML. It provides a very convenient API for extracting and manipulating data, using the best of HTML5 DOM methods and CSS selectors.

Download jsoup now.

Improvements

• Added support for using the re2j regular expression engine for regex-based CSS selectors (e.g. [attr~=regex], :matches(regex)), which ensures linear-time performance for regex evaluation. This allows safer handling of arbitrary user-supplied query regexes. To enable, add the com.google.re2j dependency to your classpath, e.g.:

  <dependency>
    <groupId>com.google.re2j</groupId>
    <artifactId>re2j</artifactId>
    <version>1.8</version>
  </dependency>

(If you already have that dependency in your classpath, but you want to keep using the Java regex engine, you can disable re2j via System.setProperty("jsoup.useRe2j", "false").) You can confirm that the re2j engine has been enabled correctly by calling Regex.usingRe2j(). #2407

• Added an instance method Parser#unescape(String, boolean) that unescapes HTML entities using the parser's configuration (e.g. to support error tracking), complementing the existing static utility Parser.unescapeEntities(String, boolean). #2396
• Added a configurable maximum parser depth (to limit the number of open elements on stack) to both HTML and XML parsers. The HTML parser now defaults to a depth of 512 to match browser behavior, and protect against unbounded stack growth, while the XML parser keeps unlimited depth by default, but can opt into a limit via Parser.setMaxDepth(). #2421
• Build: added CI coverage for JDK 25 #2403
• Build: added a CI fuzzer for contextual fragment parsing (in addition to existing full body HTML and XML fuzzers). [oss-fuzz #14041](google/oss-fuzz#14041)

Changes

• Set a removal schedule of jsoup 1.24.1 for previously deprecated APIs.

Bug Fixes

• Previously cached child Elements of an Element were not correctly invalidated in Node#replaceWith(Node), which could lead to incorrect results when subsequently calling Element#children(). #2391
• Attribute selector values are now compared literally without trimming. Previously, jsoup trimmed whitespace from selector values and from element attribute values, which could cause mismatches with browser behavior (e.g. [attr=" foo "]). Now matches align with the CSS specification and browser engines. #2380
• When using the JDK HttpClient, any system default proxy (ProxySelector.getDefault()) was ignored. Now, the system proxy is used if a per-request proxy is not set. #2388, #2390
• A ValidationException could be thrown in the adoption agency algorithm with particularly broken input. Now logged as a parse error. #2393
• Null characters in the HTML body were not consistently removed; and in foreign content were not correctly replaced. #2395
• An IndexOutOfBoundsException could be thrown when parsing a body fragment with crafted input. Now logged as a parse error. #2397, #2406
• When using StructuralEvaluators (e.g., a parent child selector) across many retained threads, their memoized results could also be retained, increasing memory use. These results are now cleared immediately after use, reducing overall memory consumption. #2411
• Cloning a Parser now preserves any custom TagSet applied to the parser. #2422, #2423
• Custom tags marked as Tag.Void now parse and serialize like the built-in void elements: they no longer consume following content, and the XML serializer emits the expected self-closing form. #2425
• The <br> element is once again classified as an inline tag (Tag.isBlock() == false), matching common developer expectations and its role as phrasing content in HTML, while pretty-printing and text extraction continue to treat it as a line break in the rendered output. #2387, #2439
• Fixed an intermittent truncation issue when fetching and parsing remote documents via Jsoup.connect(url).get(). On responses without a charset header, the initial charset sniff could sometimes (depending on buffering / available() behavior) be mistaken for end-of-stream and a partial parse reused, dropping trailing content. #2448
• TagSet copies no longer mutate their template during lazy lookups, preventing cross-thread ConcurrentModificationException when parsing with shared sessions. #2453
• Fixed parsing of <svg> foreignObject content nested within a <p>, which could incorrectly move the HTML subtree outside the SVG. #2452

Internal Changes

• Deprecated internal helper org.jsoup.internal.Functions (for removal in v1.23.1). This was previously used to support older Android API levels without full java.util.function coverage; jsoup now requires core library desugaring so this indirection is no longer necessary. #2412

---

My sincere thanks to everyone who contributed to this release! If you have any suggestions for the next release, I would love to hear them; please get in touch via jsoup discussions, or with me directly.

You can also follow me (@jhy@tilde.zone) on Mastodon / Fediverse to receive occasional notes about jsoup releases.

Changelog

Sourced from org.jsoup:jsoup's changelog.

1.22.1 (2026-Jan-01)

Improvements

• Added support for using the re2j regular expression engine for regex-based CSS selectors (e.g. [attr~=regex], :matches(regex)), which ensures linear-time performance for regex evaluation. This allows safer handling of arbitrary user-supplied query regexes. To enable, add the com.google.re2j dependency to your classpath, e.g.:

  <dependency>
    <groupId>com.google.re2j</groupId>
    <artifactId>re2j</artifactId>
    <version>1.8</version>
  </dependency>

(If you already have that dependency in your classpath, but you want to keep using the Java regex engine, you can disable re2j via System.setProperty("jsoup.useRe2j", "false").) You can confirm that the re2j engine has been enabled correctly by calling org.jsoup.helper.Regex.usingRe2j(). #2407

• Added an instance method Parser#unescape(String, boolean) that unescapes HTML entities using the parser's configuration (e.g. to support error tracking), complementing the existing static utility Parser.unescapeEntities(String, boolean). #2396
• Added a configurable maximum parser depth (to limit the number of open elements on stack) to both HTML and XML parsers. The HTML parser now defaults to a depth of 512 to match browser behavior, and protect against unbounded stack growth, while the XML parser keeps unlimited depth by default, but can opt into a limit via org.jsoup.parser.Parser#setMaxDepth. #2421
• Build: added CI coverage for JDK 25 #2403
• Build: added a CI fuzzer for contextual fragment parsing (in addition to existing full body HTML and XML fuzzers). [oss-fuzz #14041](google/oss-fuzz#14041)

Changes

• Set a removal schedule of jsoup 1.24.1 for previously deprecated APIs.

Bug Fixes

• Previously cached child Elements of an Element were not correctly invalidated in Node#replaceWith(Node), which could lead to incorrect results when subsequently calling Element#children(). #2391
• Attribute selector values are now compared literally without trimming. Previously, jsoup trimmed whitespace from selector values and from element attribute values, which could cause mismatches with browser behavior (e.g. [attr=" foo "]). Now matches align with the CSS specification and browser engines. #2380
• When using the JDK HttpClient, any system default proxy (ProxySelector.getDefault()) was ignored. Now, the system proxy is used if a per-request proxy is not set. #2388, #2390
• A ValidationException could be thrown in the adoption agency algorithm with particularly broken input. Now logged as a parse error. #2393
• Null characters in the HTML body were not consistently removed; and in foreign content were not correctly replaced. #2395
• An IndexOutOfBoundsException could be thrown when parsing a body fragment with crafted input. Now logged as a parse error. #2397, #2406
• When using StructuralEvaluators (e.g., a parent child selector) across many retained threads, their memoized results could also be retained, increasing memory use. These results are now cleared immediately after use, reducing overall memory consumption. #2411
• Cloning a Parser now preserves any custom TagSet applied to the parser. #2422, #2423
• Custom tags marked as Tag.Void now parse and serialize like the built-in void elements: they no longer consume following content, and the XML serializer emits the expected self-closing form. #2425
• The <br> element is once again classified as an inline tag (Tag.isBlock() == false), matching common developer expectations and its role as phrasing content in HTML, while pretty-printing and text extraction continue to treat it as a line break in the rendered output. #2387, #2439
• Fixed an intermittent truncation issue when fetching and parsing remote documents via Jsoup.connect(url).get(). On responses without a charset header, the initial charset sniff could sometimes (depending on buffering / available() behavior) be mistaken for end-of-stream and a partial parse reused, dropping trailing content. #2448
• TagSet copies no longer mutate their template during lazy lookups, preventing cross-thread ConcurrentModificationException when parsing with shared sessions. #2453
• Fixed parsing of <svg> foreignObject content nested within a <p>, which could incorrectly move the HTML subtree outside the SVG. #2452

Internal Changes

• Deprecated internal helper org.jsoup.internal.Functions (for removal in v1.23.1). This was previously used to support older Android API levels without full java.util.function coverage; jsoup now requires core library desugaring so this indirection is no longer necessary. #2412

Commits

• 8dd66fe [maven-release-plugin] prepare release jsoup-1.22.1
• d924385 Changelog prep for v1.22.1
• 0f3100c Bump actions/upload-artifact from 5 to 6 (#2457)
• cf6ac20 Bump org.apache.maven.plugins:maven-release-plugin from 3.3.0 to 3.3.1 (#2455)
• 6bef938 Fix parsing of SVG foreignObject in paragraphs
• 9b1c0fc Bump org.apache.maven.plugins:maven-release-plugin from 3.2.0 to 3.3.0 (#2450)
• 1415e64 Bump actions/checkout from 5 to 6 (#2451)
• 0e99fd9 Isolate TagSet copies to prevent shared mutation (#2453)
• 90019cb Bump com.github.siom79.japicmp:japicmp-maven-plugin from 0.24.2 to 0.25.0 (#2...
• 9395269 Don't preemptively close
• Additional commits viewable in compare view

Updates org.graalvm.polyglot:polyglot from 25.0.0 to 25.0.2

Commits

• 981ecb6 [GR-72395] Release GraalVM 25.0.2
• 811aa54 release GraalVM 25.0.2
• aeff345 [GR-70219] Backport to 25.0: Induction variable overflow detection: iv have r...
• 58ec3b9 [GR-71786] Backport to 25.0: In-place copySwap in JavaMemoryUtil is a no-op.
• 3df0577 [GR-71011] Backport to 25.0: Make native slot wrappers context-specific. Fixe...
• ee11ac4 [GR-68985] Backport to 25.0: Fix the reachability-metadata schema and include...
• ee7da6d [GR-72185] Update labsjdk to 25.0.2+10-jvmci-b01
• c9260ad [GR-70097] Backport to 25.0: Fix constructor accessor checks.
• 182c6d5 [GR-71881] Drop RSSTracker from disabled trackers for barista.
• 0c0e816 [GR-71488] Backport to 25.0: Converting values injected by instruments.
• Additional commits viewable in compare view

Updates org.graalvm.polyglot:js from 25.0.0 to 25.0.2

Commits

• 981ecb6 [GR-72395] Release GraalVM 25.0.2
• 811aa54 release GraalVM 25.0.2
• aeff345 [GR-70219] Backport to 25.0: Induction variable overflow detection: iv have r...
• 58ec3b9 [GR-71786] Backport to 25.0: In-place copySwap in JavaMemoryUtil is a no-op.
• 3df0577 [GR-71011] Backport to 25.0: Make native slot wrappers context-specific. Fixe...
• ee11ac4 [GR-68985] Backport to 25.0: Fix the reachability-metadata schema and include...
• ee7da6d [GR-72185] Update labsjdk to 25.0.2+10-jvmci-b01
• c9260ad [GR-70097] Backport to 25.0: Fix constructor accessor checks.
• 182c6d5 [GR-71881] Drop RSSTracker from disabled trackers for barista.
• 0c0e816 [GR-71488] Backport to 25.0: Converting values injected by instruments.
• Additional commits viewable in compare view

Updates org.graalvm.polyglot:js from 25.0.0 to 25.0.2

Commits

• 981ecb6 [GR-72395] Release GraalVM 25.0.2
• 811aa54 release GraalVM 25.0.2
• aeff345 [GR-70219] Backport to 25.0: Induction variable overflow detection: iv have r...
• 58ec3b9 [GR-71786] Backport to 25.0: In-place copySwap in JavaMemoryUtil is a no-op.
• 3df0577 [GR-71011] Backport to 25.0: Make native slot wrappers context-specific. Fixe...
• ee11ac4 [GR-68985] Backport to 25.0: Fix the reachability-metadata schema and include...
• ee7da6d [GR-72185] Update labsjdk to 25.0.2+10-jvmci-b01
• c9260ad [GR-70097] Backport to 25.0: Fix constructor accessor checks.
• 182c6d5 [GR-71881] Drop RSSTracker from disabled trackers for barista.
• 0c0e816 [GR-71488] Backport to 25.0: Converting values injected by instruments.
• Additional commits viewable in compare view

Updates org.testng:testng from 7.11.0 to 7.12.0

Release notes

Sourced from org.testng:testng's releases.

7.12.0

What's Changed

• GITHUB-2765: Propagate timeout stack trace to fix testng-team#2765 by @​idontusenumbers in testng-team/testng#3206
• Streamline working of shared thread pools by @​krmahadevan in testng-team/testng#3207
• Streamline xml serialisation to string by @​krmahadevan in testng-team/testng#3208
• test: improve osgi tests by @​vlsi in testng-team/testng#3213
• chore: setup-java Oracle action supports Java 21+ only by @​vlsi in testng-team/testng#3215
• Add DynamicImport-Package to load classes by name by @​laeubi in testng-team/testng#3220
• Use UUID backed instance id instead by @​krmahadevan in testng-team/testng#3218
• Ensure assertions is contents aware by @​krmahadevan in testng-team/testng#3228
• Fix: Ensure DataProvider parameters are refreshed on retry when cacheDataForTestRetries=false by @​baflQA in testng-team/testng#3250
• Improve/test workflow jdk25 by @​baflQA in testng-team/testng#3253
• Fix: issue 3231 retry infinite loop by @​baflQA in testng-team/testng#3251
• Fix Release process by @​krmahadevan in testng-team/testng#3255

New Contributors

• @​idontusenumbers made their first contribution in testng-team/testng#3206
• @​laeubi made their first contribution in testng-team/testng#3220

Full Changelog: testng-team/testng@7.11.0...7.12.0

Changelog

Sourced from org.testng:testng's changelog.

7.12.0 Fixed: GITHUB-3231: TestNG retry is going into infinite loop when the data provider returned object is modified before failure (Bartek Florczak) Update: Updated GitHub Actions test matrix to include JDK 25 and JDK 26 EA (Bartek Florczak) Fixed: GITHUB-3236: DataProvider parameters are not refreshed on retry when cacheDataForTestRetries=false (Bartek Florczak) Fixed: GITHUB-3227: assertEqualsNoOrder false positive when collection has same size and actual Collection is subset of expected collection (Krishnan Mahadevan) Fixed: GITHUB-3177: Method org.testng.xml.XmlSuite#toXml do not save new properties like "share-thread-pool-for-data-providers" (Krishnan Mahadevan) Fixed: GITHUB-3179: ClassCastException when use shouldUseGlobalThreadPool(true) property (Krishnan Mahadevan) Fixed: GITHUB-2765: Test timeouts using existing Executor now propagate the stack trace to the ThreadTimeoutException (Charlie Hayes)

Commits

• a21a584 Fix Release process (#3255)
• be97321 Fix: issue 3231 retry infinite loop (#3251)
• bad4cb5 Improve/test workflow jdk25 (#3253)
• 61068a1 Fix: Ensure DataProvider parameters are refreshed on retry when cacheDataForT...
• d50b2ad Ensure assertions is contents aware
• 02d223d Use a composite key instead of String as key
• 58b3824 Add DynamicImport-Package to load classes by name
• 40cd805 chore: use pax-logging for osgi tests so it does not require runtime bytecode...
• 0fdf868 chore: setup-java Oracle action supports Java 21+ only
• 6a25754 test: improve osgi tests
• Additional commits viewable in compare view

Updates com.microsoft.playwright:playwright from 1.55.0 to 1.59.0

Release notes

Sourced from com.microsoft.playwright:playwright's releases.

v1.59.0

🎬 Screencast

New page.screencast API provides a unified interface for capturing page content with:

• Screencast recordings
• Action annotations
• Visual overlays
• Real-time frame capture
• Agentic video receipts

Screencast recording — record video with precise start/stop control, as an alternative to the recordVideoDir option:

page.screencast().start(new Screencast.StartOptions().setPath(Paths.get("video.webm")));
// ... perform actions ...
page.screencast().stop();

Action annotations — enable built-in visual annotations that highlight interacted elements and display action titles during recording:

page.screencast().showActions(new Screencast.ShowActionsOptions().setPosition("top-right"));

screencast.showActions() accepts position ("top-left", "top", "top-right", "bottom-left", "bottom", "bottom-right"), duration (ms per annotation), and fontSize (px). Returns a disposable to stop showing actions.

Visual overlays — add chapter titles and custom HTML overlays on top of the page for richer narration:

page.screencast().showChapter("Adding TODOs",
    new Screencast.ShowChapterOptions()
        .setDescription("Type and press enter for each TODO")
        .setDuration(1000));
page.screencast().showOverlay("<div style=&quot;color: red&quot;>Recording</div>");

Real-time frame capture — stream JPEG-encoded frames for custom processing like thumbnails, live previews, AI vision, and more:

page.screencast().start(new Screencast.StartOptions()
    .setOnFrame(frame -> sendToVisionModel(frame.data)));

... (truncated)

Commits

• c433c1d chore: mark 1.59.0 (#1909)
• b01bf64 chore: resolve Object langAliases in function argument types (#1908)
• 7dbd6ca chore: use langAliases from api.json in api generator (#1907)
• c3e4b92 chore: roll to 1.59.1-beta-1775752988000 (#1906)
• 9e73db4 chore(deps): bump the actions group with 2 updates (#1904)
• 10ed7e0 chore(deps-dev): bump org.apache.maven.plugins:maven-resources-plugin from 3....
• 5ccdd3e chore: roll to 1.59.0-alpha-1774622285000 (#1901)
• afd80ad chore: roll to 1.59.0-alpha (#1900)
• 605e428 chore(deps-dev): bump the all group with 2 updates (#1894)
• 9326690 fix: handle null close code and reason in WebSocketRoute (#1886)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions