Skip to content

fix(deps): update dependency org.pageseeder.diffx:pso-diffx to v1.3.2#2122

Open
renovate[bot] wants to merge 1 commit intomainfrom
renovate/diffx
Open

fix(deps): update dependency org.pageseeder.diffx:pso-diffx to v1.3.2#2122
renovate[bot] wants to merge 1 commit intomainfrom
renovate/diffx

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate bot commented Feb 16, 2026
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
org.pageseeder.diffx:pso-diffx (source) 1.3.11.3.2 age confidence

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

pageseeder/diffx (org.pageseeder.diffx:pso-diffx)

v1.3.2: Release 1.3.2

Highlights

This release strengthens XML parsing security (notably around XXE/entity expansion), improves loader extensibility via custom TextTokenizer support, and includes internal refactors for cleaner, more maintainable loader implementations.

New Features

  • Consistent token sourcing in matching logic: matching tokens are now consistently taken from the to sequence (instead of from) to ensure predictable behavior.
  • Custom TextTokenizer support across all loaders: all loader implementations can now be configured with a custom TextTokenizer to allow loaders to generate different TextToken depending on their requirements

Security / Hardening

  • XXE and entity expansion protections
    • SAXLoader hardening: improved default XMLReader factory behavior and XXE prevention.
    • DOMLoader: prevents entity expansion (note: this may be behavior-changing in some XML inputs).

Improvements

  • Documentation updates: improved XMLLoader Javadoc with clearer guidance on usage and thread-safety expectations.

Refactoring & Maintenance

  • Extracted LoadSession from DOMLoader to improve separation of concerns and modularity.
  • XMLEventLoader now reuses an existing textTokenizer when available.
  • Added support for a custom XMLReader factory in SAXLoader.

Potential Breaking Changes / Migration Notes

  • DOMLoader entity expansion disabled
    • If you previously relied on expanded entities during DOM loading, behavior may differ. Consider adjusting input XML or parser configuration accordingly.
  • Matching tokens now sourced from to
    • If downstream logic implicitly depended on the old from-sourced behavior, validate matching results after upgrading.

Full Changelog: pageseeder/diffx@v1.3.1...v1.3.2

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot force-pushed the renovate/diffx branch 2 times, most recently from d229b52 to b90951c Compare March 5, 2026 09:50
@renovate renovate bot force-pushed the renovate/diffx branch from b90951c to 5befd38 Compare March 13, 2026 13:15
@renovate renovate bot force-pushed the renovate/diffx branch from 5befd38 to f74ad5b Compare April 1, 2026 16:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants