Skip to content

Bump openhtml.version from 1.0.3 to 1.0.9#43

Open
dependabot-preview[bot] wants to merge 1 commit intomasterfrom
dependabot/maven/openhtml.version-1.0.9
Open

Bump openhtml.version from 1.0.3 to 1.0.9#43
dependabot-preview[bot] wants to merge 1 commit intomasterfrom
dependabot/maven/openhtml.version-1.0.9

Conversation

@dependabot-preview
Copy link
Contributor

@dependabot-preview dependabot-preview bot commented Jun 21, 2021

Bumps openhtml.version from 1.0.3 to 1.0.9.
Updates openhtmltopdf-core from 1.0.3 to 1.0.9

Changelog

Sourced from openhtmltopdf-core's changelog.

1.0.9 (2021-June-18)

SECURITY RELEASE: This release will be brought forward due to security releases of the PDFBOX and Batik dependencies.

  • #722 Upgrade PDFBOX (to 2.0.24) - avoids CVEs in earlier versions and PDFBoxGraphics2D. Thanks a lot @​rototor.
  • #678 Upgrade Batik Version to 1.14 (CVE-2020-11987) - Again it is strongly advised to avoid untrusted SVG and XML. Thanks @​rototor.
  • #716 Replace rogue println calls with log calls. Thanks @​syjer for PR, @​tfo for reporting.
  • #708 Allow shape-rendering SVG CSS property. Thanks @​syjer for PR, @​RAlfoeldi for reporting.
  • #703 Remove calls to deprecated method calls in JRE standard library. May change XML reader class. Implemented by @​danfickle.
  • #702 Set timeouts for default HTTP/HTTPS handlers. Thanks for reporting @​gengzi.
  • 162228 Put links to raster images in SVGs through the URL resolver.
  • #694 Fix incorrect B3 paper size. Thanks @​lfintalan for reporting with line number!
  • ab48fd Do not log a missing font more than once.

NOTE: PDFBOX CVEs relate to the loading of untrusted PDFs in PDFBOX and thus this project is not directly affected. However, it is not a good idea to have CVEs on your classpath.

1.0.8 (2021-March-22)

SECURITY RELEASE

  • #675 Update PDFBOX to 2.0.23 to avoid CVEs. Thanks for reporting @​Samuel3.

NOTE: These CVEs relate to the loading of untrusted PDFs in PDFBOX and thus this project is not directly affected. However, it is not a good idea to have CVEs on your classpath.

1.0.7 (2021-March-19)

1.0.6 (2020-December-22)

IMPORTANT: #615 This is a bug fix release for an endless loop issue when using break-word with floating elements with a top/bottom margin.

  • #624 Update PDFBOX to 2.0.22 and pdfbox-graphics2d to 0.30. Thanks @​rototor.
  • #467 Prevent possibility of CSS import loop.
  • #621 Allow spaces in data uris. Thanks @​syjer.

1.0.5 (2020-November-30)

SECURITY: #609 Updates Apache Batik SVG renderer to latest version to avoid security issue. If you are using this project to render untrusted SVGs (advised against), you should update immediately. Thanks a lot @​halvorbmundal.

... (truncated)

Commits
  • 2ddd3ac [maven-release-plugin] prepare release openhtmltopdf-parent-1.0.9
  • 2046dba #8 Update README with screenshot and minor wording.
  • f39f616 #8 Changelog for 1.0.9 - preparing for release.
  • 8614c46 Merge pull request #722 from rototor/patch-4
  • 3fd0afb Upgrade PDFBox and PDFBoxGraphics2D
  • 3addacd Merge pull request #716 from syjer/715-replace-printstacktrace
  • 046975b #715 replace printStacktrace()
  • 1afd265 Merge pull request #708 from syjer/692-allow-shape-rendering
  • a51f2fd #692 allow shape-rendering
  • 4671e58 Delete DOMInspector mini-program.
  • Additional commits viewable in compare view

Updates openhtmltopdf-pdfbox from 1.0.3 to 1.0.9

Changelog

Sourced from openhtmltopdf-pdfbox's changelog.

1.0.9 (2021-June-18)

SECURITY RELEASE: This release will be brought forward due to security releases of the PDFBOX and Batik dependencies.

  • #722 Upgrade PDFBOX (to 2.0.24) - avoids CVEs in earlier versions and PDFBoxGraphics2D. Thanks a lot @​rototor.
  • #678 Upgrade Batik Version to 1.14 (CVE-2020-11987) - Again it is strongly advised to avoid untrusted SVG and XML. Thanks @​rototor.
  • #716 Replace rogue println calls with log calls. Thanks @​syjer for PR, @​tfo for reporting.
  • #708 Allow shape-rendering SVG CSS property. Thanks @​syjer for PR, @​RAlfoeldi for reporting.
  • #703 Remove calls to deprecated method calls in JRE standard library. May change XML reader class. Implemented by @​danfickle.
  • #702 Set timeouts for default HTTP/HTTPS handlers. Thanks for reporting @​gengzi.
  • 162228 Put links to raster images in SVGs through the URL resolver.
  • #694 Fix incorrect B3 paper size. Thanks @​lfintalan for reporting with line number!
  • ab48fd Do not log a missing font more than once.

NOTE: PDFBOX CVEs relate to the loading of untrusted PDFs in PDFBOX and thus this project is not directly affected. However, it is not a good idea to have CVEs on your classpath.

1.0.8 (2021-March-22)

SECURITY RELEASE

  • #675 Update PDFBOX to 2.0.23 to avoid CVEs. Thanks for reporting @​Samuel3.

NOTE: These CVEs relate to the loading of untrusted PDFs in PDFBOX and thus this project is not directly affected. However, it is not a good idea to have CVEs on your classpath.

1.0.7 (2021-March-19)

1.0.6 (2020-December-22)

IMPORTANT: #615 This is a bug fix release for an endless loop issue when using break-word with floating elements with a top/bottom margin.

  • #624 Update PDFBOX to 2.0.22 and pdfbox-graphics2d to 0.30. Thanks @​rototor.
  • #467 Prevent possibility of CSS import loop.
  • #621 Allow spaces in data uris. Thanks @​syjer.

1.0.5 (2020-November-30)

SECURITY: #609 Updates Apache Batik SVG renderer to latest version to avoid security issue. If you are using this project to render untrusted SVGs (advised against), you should update immediately. Thanks a lot @​halvorbmundal.

... (truncated)

Commits
  • 2ddd3ac [maven-release-plugin] prepare release openhtmltopdf-parent-1.0.9
  • 2046dba #8 Update README with screenshot and minor wording.
  • f39f616 #8 Changelog for 1.0.9 - preparing for release.
  • 8614c46 Merge pull request #722 from rototor/patch-4
  • 3fd0afb Upgrade PDFBox and PDFBoxGraphics2D
  • 3addacd Merge pull request #716 from syjer/715-replace-printstacktrace
  • 046975b #715 replace printStacktrace()
  • 1afd265 Merge pull request #708 from syjer/692-allow-shape-rendering
  • a51f2fd #692 allow shape-rendering
  • 4671e58 Delete DOMInspector mini-program.
  • Additional commits viewable in compare view

Updates openhtmltopdf-java2d from 1.0.3 to 1.0.9

Changelog

Sourced from openhtmltopdf-java2d's changelog.

1.0.9 (2021-June-18)

SECURITY RELEASE: This release will be brought forward due to security releases of the PDFBOX and Batik dependencies.

  • #722 Upgrade PDFBOX (to 2.0.24) - avoids CVEs in earlier versions and PDFBoxGraphics2D. Thanks a lot @​rototor.
  • #678 Upgrade Batik Version to 1.14 (CVE-2020-11987) - Again it is strongly advised to avoid untrusted SVG and XML. Thanks @​rototor.
  • #716 Replace rogue println calls with log calls. Thanks @​syjer for PR, @​tfo for reporting.
  • #708 Allow shape-rendering SVG CSS property. Thanks @​syjer for PR, @​RAlfoeldi for reporting.
  • #703 Remove calls to deprecated method calls in JRE standard library. May change XML reader class. Implemented by @​danfickle.
  • #702 Set timeouts for default HTTP/HTTPS handlers. Thanks for reporting @​gengzi.
  • 162228 Put links to raster images in SVGs through the URL resolver.
  • #694 Fix incorrect B3 paper size. Thanks @​lfintalan for reporting with line number!
  • ab48fd Do not log a missing font more than once.

NOTE: PDFBOX CVEs relate to the loading of untrusted PDFs in PDFBOX and thus this project is not directly affected. However, it is not a good idea to have CVEs on your classpath.

1.0.8 (2021-March-22)

SECURITY RELEASE

  • #675 Update PDFBOX to 2.0.23 to avoid CVEs. Thanks for reporting @​Samuel3.

NOTE: These CVEs relate to the loading of untrusted PDFs in PDFBOX and thus this project is not directly affected. However, it is not a good idea to have CVEs on your classpath.

1.0.7 (2021-March-19)

1.0.6 (2020-December-22)

IMPORTANT: #615 This is a bug fix release for an endless loop issue when using break-word with floating elements with a top/bottom margin.

  • #624 Update PDFBOX to 2.0.22 and pdfbox-graphics2d to 0.30. Thanks @​rototor.
  • #467 Prevent possibility of CSS import loop.
  • #621 Allow spaces in data uris. Thanks @​syjer.

1.0.5 (2020-November-30)

SECURITY: #609 Updates Apache Batik SVG renderer to latest version to avoid security issue. If you are using this project to render untrusted SVGs (advised against), you should update immediately. Thanks a lot @​halvorbmundal.

... (truncated)

Commits
  • 2ddd3ac [maven-release-plugin] prepare release openhtmltopdf-parent-1.0.9
  • 2046dba #8 Update README with screenshot and minor wording.
  • f39f616 #8 Changelog for 1.0.9 - preparing for release.
  • 8614c46 Merge pull request #722 from rototor/patch-4
  • 3fd0afb Upgrade PDFBox and PDFBoxGraphics2D
  • 3addacd Merge pull request #716 from syjer/715-replace-printstacktrace
  • 046975b #715 replace printStacktrace()
  • 1afd265 Merge pull request #708 from syjer/692-allow-shape-rendering
  • a51f2fd #692 allow shape-rendering
  • 4671e58 Delete DOMInspector mini-program.
  • Additional commits viewable in compare view

Updates openhtmltopdf-slf4j from 1.0.3 to 1.0.9

Changelog

Sourced from openhtmltopdf-slf4j's changelog.

1.0.9 (2021-June-18)

SECURITY RELEASE: This release will be brought forward due to security releases of the PDFBOX and Batik dependencies.

  • #722 Upgrade PDFBOX (to 2.0.24) - avoids CVEs in earlier versions and PDFBoxGraphics2D. Thanks a lot @​rototor.
  • #678 Upgrade Batik Version to 1.14 (CVE-2020-11987) - Again it is strongly advised to avoid untrusted SVG and XML. Thanks @​rototor.
  • #716 Replace rogue println calls with log calls. Thanks @​syjer for PR, @​tfo for reporting.
  • #708 Allow shape-rendering SVG CSS property. Thanks @​syjer for PR, @​RAlfoeldi for reporting.
  • #703 Remove calls to deprecated method calls in JRE standard library. May change XML reader class. Implemented by @​danfickle.
  • #702 Set timeouts for default HTTP/HTTPS handlers. Thanks for reporting @​gengzi.
  • 162228 Put links to raster images in SVGs through the URL resolver.
  • #694 Fix incorrect B3 paper size. Thanks @​lfintalan for reporting with line number!
  • ab48fd Do not log a missing font more than once.

NOTE: PDFBOX CVEs relate to the loading of untrusted PDFs in PDFBOX and thus this project is not directly affected. However, it is not a good idea to have CVEs on your classpath.

1.0.8 (2021-March-22)

SECURITY RELEASE

  • #675 Update PDFBOX to 2.0.23 to avoid CVEs. Thanks for reporting @​Samuel3.

NOTE: These CVEs relate to the loading of untrusted PDFs in PDFBOX and thus this project is not directly affected. However, it is not a good idea to have CVEs on your classpath.

1.0.7 (2021-March-19)

1.0.6 (2020-December-22)

IMPORTANT: #615 This is a bug fix release for an endless loop issue when using break-word with floating elements with a top/bottom margin.

  • #624 Update PDFBOX to 2.0.22 and pdfbox-graphics2d to 0.30. Thanks @​rototor.
  • #467 Prevent possibility of CSS import loop.
  • #621 Allow spaces in data uris. Thanks @​syjer.

1.0.5 (2020-November-30)

SECURITY: #609 Updates Apache Batik SVG renderer to latest version to avoid security issue. If you are using this project to render untrusted SVGs (advised against), you should update immediately. Thanks a lot @​halvorbmundal.

... (truncated)

Commits
  • 2ddd3ac [maven-release-plugin] prepare release openhtmltopdf-parent-1.0.9
  • 2046dba #8 Update README with screenshot and minor wording.
  • f39f616 #8 Changelog for 1.0.9 - preparing for release.
  • 8614c46 Merge pull request #722 from rototor/patch-4
  • 3fd0afb Upgrade PDFBox and PDFBoxGraphics2D
  • 3addacd Merge pull request #716 from syjer/715-replace-printstacktrace
  • 046975b #715 replace printStacktrace()
  • 1afd265 Merge pull request #708 from syjer/692-allow-shape-rendering
  • a51f2fd #692 allow shape-rendering
  • 4671e58 Delete DOMInspector mini-program.
  • Additional commits viewable in compare view

Updates openhtmltopdf-svg-support from 1.0.3 to 1.0.9

Changelog

Sourced from openhtmltopdf-svg-support's changelog.

1.0.9 (2021-June-18)

SECURITY RELEASE: This release will be brought forward due to security releases of the PDFBOX and Batik dependencies.

  • #722 Upgrade PDFBOX (to 2.0.24) - avoids CVEs in earlier versions and PDFBoxGraphics2D. Thanks a lot @​rototor.
  • #678 Upgrade Batik Version to 1.14 (CVE-2020-11987) - Again it is strongly advised to avoid untrusted SVG and XML. Thanks @​rototor.
  • #716 Replace rogue println calls with log calls. Thanks @​syjer for PR, @​tfo for reporting.
  • #708 Allow shape-rendering SVG CSS property. Thanks @​syjer for PR, @​RAlfoeldi for reporting.
  • #703 Remove calls to deprecated method calls in JRE standard library. May change XML reader class. Implemented by @​danfickle.
  • #702 Set timeouts for default HTTP/HTTPS handlers. Thanks for reporting @​gengzi.
  • 162228 Put links to raster images in SVGs through the URL resolver.
  • #694 Fix incorrect B3 paper size. Thanks @​lfintalan for reporting with line number!
  • ab48fd Do not log a missing font more than once.

NOTE: PDFBOX CVEs relate to the loading of untrusted PDFs in PDFBOX and thus this project is not directly affected. However, it is not a good idea to have CVEs on your classpath.

1.0.8 (2021-March-22)

SECURITY RELEASE

  • #675 Update PDFBOX to 2.0.23 to avoid CVEs. Thanks for reporting @​Samuel3.

NOTE: These CVEs relate to the loading of untrusted PDFs in PDFBOX and thus this project is not directly affected. However, it is not a good idea to have CVEs on your classpath.

1.0.7 (2021-March-19)

1.0.6 (2020-December-22)

IMPORTANT: #615 This is a bug fix release for an endless loop issue when using break-word with floating elements with a top/bottom margin.

  • #624 Update PDFBOX to 2.0.22 and pdfbox-graphics2d to 0.30. Thanks @​rototor.
  • #467 Prevent possibility of CSS import loop.
  • #621 Allow spaces in data uris. Thanks @​syjer.

1.0.5 (2020-November-30)

SECURITY: #609 Updates Apache Batik SVG renderer to latest version to avoid security issue. If you are using this project to render untrusted SVGs (advised against), you should update immediately. Thanks a lot @​halvorbmundal.

... (truncated)

Commits
  • 2ddd3ac [maven-release-plugin] prepare release openhtmltopdf-parent-1.0.9
  • 2046dba #8 Update README with screenshot and minor wording.
  • f39f616 #8 Changelog for 1.0.9 - preparing for release.
  • 8614c46 Merge pull request #722 from rototor/patch-4
  • 3fd0afb Upgrade PDFBox and PDFBoxGraphics2D
  • 3addacd Merge pull request #716 from syjer/715-replace-printstacktrace
  • 046975b #715 replace printStacktrace()
  • 1afd265 Merge pull request #708 from syjer/692-allow-shape-rendering
  • a51f2fd #692 allow shape-rendering
  • 4671e58 Delete DOMInspector mini-program.
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
  • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

  • Update frequency (including time of day and day of week)
  • Pull request limits (per update run and/or open at any time)
  • Out-of-range updates (receive only lockfile updates, if desired)
  • Security updates (receive only security updates, if desired)

@dependabot-preview
Bump openhtml.version from 1.0.3 to 1.0.9
b3b0d5a 
Bumps `openhtml.version` from 1.0.3 to 1.0.9.

Updates `openhtmltopdf-core` from 1.0.3 to 1.0.9
- [Release notes](https://github.com/danfickle/openhtmltopdf/releases)
- [Changelog](https://github.com/danfickle/openhtmltopdf/blob/open-dev-v1/CHANGELOG.md)
- [Commits](danfickle/openhtmltopdf@openhtmltopdf-parent-1.0.3...openhtmltopdf-parent-1.0.9)

Updates `openhtmltopdf-pdfbox` from 1.0.3 to 1.0.9
- [Release notes](https://github.com/danfickle/openhtmltopdf/releases)
- [Changelog](https://github.com/danfickle/openhtmltopdf/blob/open-dev-v1/CHANGELOG.md)
- [Commits](danfickle/openhtmltopdf@openhtmltopdf-parent-1.0.3...openhtmltopdf-parent-1.0.9)

Updates `openhtmltopdf-java2d` from 1.0.3 to 1.0.9
- [Release notes](https://github.com/danfickle/openhtmltopdf/releases)
- [Changelog](https://github.com/danfickle/openhtmltopdf/blob/open-dev-v1/CHANGELOG.md)
- [Commits](danfickle/openhtmltopdf@openhtmltopdf-parent-1.0.3...openhtmltopdf-parent-1.0.9)

Updates `openhtmltopdf-slf4j` from 1.0.3 to 1.0.9
- [Release notes](https://github.com/danfickle/openhtmltopdf/releases)
- [Changelog](https://github.com/danfickle/openhtmltopdf/blob/open-dev-v1/CHANGELOG.md)
- [Commits](danfickle/openhtmltopdf@openhtmltopdf-parent-1.0.3...openhtmltopdf-parent-1.0.9)

Updates `openhtmltopdf-svg-support` from 1.0.3 to 1.0.9
- [Release notes](https://github.com/danfickle/openhtmltopdf/releases)
- [Changelog](https://github.com/danfickle/openhtmltopdf/blob/open-dev-v1/CHANGELOG.md)
- [Commits](danfickle/openhtmltopdf@openhtmltopdf-parent-1.0.3...openhtmltopdf-parent-1.0.9)

Signed-off-by: dependabot-preview[bot] <[email protected]>
@dependabot-preview dependabot-preview bot added the dependencies Pull requests that update a dependency file label Jun 21, 2021
@dependabot-preview dependabot-preview bot mentioned this pull request Jun 21, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@leonorader leonorader

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@leonorader