Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency io.sf.carte:css4j to v5.1 #3842

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update dependency io.sf.carte:css4j to v5.1 #3842

wants to merge 1 commit into from
+1 −1

Conversation

renovate-bot
Copy link
Contributor

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
io.sf.carte:css4j (source) 5.0 -> 5.1 age adoption passing confidence

Release Notes

css4j/css4j (io.sf.carte:css4j)

v5.1

Compare Source

January 24, 2025

Highlights

Advanced attr() values

The advanced attr() support now follows the current Values Level 5 specification.

Although this library has supported the advanced attr() value for years now,
it was implementing an old version of the specification which is substantially
different to the current one. The new spec is so recent that the old one is
still used by at least one CSS specification (CSS Lists 3) in their sample style
sheet for HTML.

This library should be compatible with the attr() which is shipped with the
forthcoming Google Chrome 133.

The old CSSAttrValue and AttrValue classes were removed, as the API is
incompatible with the new specification that is being implemented by browsers.

More compliant registered custom properties

Also, the handling of registered custom properties is now closer to the Google
Chrome behaviour: registered initial values take precedence over the fallbacks.

Circularity behaviour changed

On the other hand, when var() circularities (and other apparent DoS attacks)
are found, it is no longer attempted to use the supplied property fallbacks.

It has been found that some websites send content with, for example,
--foo:var(--foo,fallback) circularities to non-browser user agents, in what
could be a strategy against web crawlers. Due to the kind of use cases that this
library has, it was determined that it is preferable to just report the
circularity and invalidate the whole value.

If your use case is negatively affected by this decision, please open an issue.


Detail of changes

  • The advanced attr() support now follows the current Values Level 5
    specification.
  • NSAC: drop EMPTY units in countReplaceBy().
  • NSAC: have getParameters() return the sub-values if this is an expression
    or a unicode range.
  • DOM wrapper: improved serialization of element nodes.
  • Gradle: use the assignment operator in the maven repo section.
  • Upgrade Gradle wrapper to 8.12.1.
  • Upgrade to JUnit 5.11.4.
  • Upgrade to Jazzer 0.23.0.
  • Upgrade to checkstyle 10.21.1.
  • Bump year to 2025 in copyrights.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@forking-renovate forking-renovate bot added the dependencies A dependency upgrade label Jan 25, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@tmortagne tmortagne

Labels
dependencies A dependency upgrade
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@renovate-bot @tmortagne