Bump classgraph from 4.8.62 to 4.8.64

[dependabot-preview]

Bumps classgraph from 4.8.62 to 4.8.64.

Release notes

Sourced from classgraph's releases.

classgraph-4.8.64

Fix a binary compatibility issue with JDK 7/8 that was introduced in the previous release of ClassGraph (version 4.8.63). (#403, thanks to @TWiStErRob for reporting.)

classgraph-4.8.63

NOTE: Please use 4.8.64 instead of 4.8.63, as 4.8.64 contains a fix to a regression for JDK 7/8 compatibility.

Dramatically lowered the memory requirements of ClassGraph, and optimized file reading performance (#400 -- thanks to @TWiStErRob for the extremely detailed and well-researched error report and unit test!).

• The file access backend (which virtualizes access to file content across jarfiles, nested jarfiles, remote jarfiles, directories on disk, and modules) was rewritten to be faster and to have lower memory requirements. This was a large change -- please report any issues you come across.
• Mmap is now disabled by default (the new file reading backend uses FileChannel rather than MappedByteBuffer to read file content by default). Disabling mmap gives much more consistent scan times than in previous versions of ClassGraph, and causes significantly lower pressure on the memory limit when there are a large number of jarfiles (#400).

There may be a small performance penalty to disabling mmap by default. You can re-enable it by calling ClassGraph#enableMemoryMapping() before calling scan(). This will probably only make a difference with large classpaths consisting of many large jarfiles.

Also fixed numerous bugs, including:

• Fixed an infinite loop that could be triggered by OutOfMemoryError (which could be triggered by mmap'ing too many files) (#400)
• When a nested deflated jarfile is extracted to an array in memory so that its central directory can be read, the array containing the inflated jarfile is now trimmed to save on RAM. Previously, the full buffer default size of 64MB was retained for each jarfile, which wasted a lot of RAM. (This only affected scanning of projects with lots of nested jars, e.g. Spring-Boot jars, and only when the nested jars were deflated, not stored.) (#400)
• Fixed a few Windows compatibility issues, including an issue with encoding the : character after a drive letter using %3A in URIs, e.g. file:/C%3A/Users/Luke/Project (now instead, the proper URI of file:/C:/Users/Luke/Project is returned by Resource#getURI()).
• Fixed an issue where the default classpath was being scanned even if classloaders were overridden.

Commits

• cc942fb [maven-release-plugin] prepare release classgraph-4.8.64
• f10087a Fix JDK 7/8 compatibility (#403)
• f6edf37 Update Javadoc
• 1f1dd2c Update Javadoc
• 6e4f9a1 Update github stars URL
• 655f96d [maven-release-plugin] prepare for next development iteration
• 0c6bf3e [maven-release-plugin] prepare release classgraph-4.8.63
• ffd2e37 Small cleanups
• a0e4028 Source > Cleanup
• 6fd0dff Refactoring
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

If all status checks pass Dependabot will automatically merge this pull request.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in the .dependabot/config.yml file in this repo:

• Update frequency
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

[dependabot-preview]

One of your CI runs failed on this pull request, so Dependabot won't merge it.

• Database tests
• Fetcher tests

Dependabot will still automatically merge this pull request if you amend it and your tests pass.