v0.98.4

Fix more shapes of `log-injection` (#485)

This change fixes more shapes of log injection vulnerabilities, and
bumps the toolkit version to guarantee safety when passing non-`String`
types to `stripAll`.

v0.98.3

New rules, first implemented in CodeQL (#483)

This change introduces new remediation logic for weak crypto algorithms,
and log injection, two unexciting vulnerability classes for different
reasons, but for completeness, should be present.

v0.98.2

Changed default XML parser to Woodstox (#482)

Changes the default StAX parser to Woodstox. This will allow us to be
more in control of the parser's behavior. Also it's a bit faster than
Java's default one.

v0.98.1

Add ability to remediate other XSS code shapes (#481)

Took logic specific to Semgrep and generalized.

v0.98.0

Add tests and more stable behavior when seeing Maven failure (#476)

v0.97.9

Don't throw exceptions if dependencies can't be pre-calculated (#475)

We observed this issue:

```
INFO - 4abaf6cf-c5e6-4f48-b198-edc124aedf71 - Problem scanning file /tmp/codemodder-project6927415874030968841/app/src/main/java/org/apache/roller/weblogger/util/PasswordUtility.java
INFO - 4abaf6cf-c5e6-4f48-b198-edc124aedf71 - io.codemodder.plugins.maven.MavenProvider$DependencyUpdateException: Failure when retrieving dependencies
INFO - 4abaf6cf-c5e6-4f48-b198-edc124aedf71 - at io.codemodder.plugins.maven.MavenProvider.getAllDependencies(MavenProvider.java:146)
INFO - 4abaf6cf-c5e6-4f48-b198-edc124aedf71 - at io.codemodder.DefaultCodemodExecutor.lambda$execute$0(DefaultCodemodExecutor.java:187)
INFO - 4abaf6cf-c5e6-4f48-b198-edc124aedf71 - at java.base/java.util.stream.ReferencePipeline$7$1.accept(ReferencePipeline.java:273)
INFO - 4abaf6cf-c5e6-4f48-b198-edc124aedf71 - at java.base/java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1625)
INFO - 4abaf6cf-c5e6-4f48-b198-edc124aedf71 - at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:509)
...
io.codemodder.DefaultCodemodExecutor.lambda$execute$1(DefaultCodemodExecutor.java:188)
edc124aedf71 - Caused by: org.dom4j.DocumentException: Error on line 781 of document  : The element type "sequential" must be terminated by the matching end-tag "</sequential>".
```

This error is preventing _analysis_ from occurring, not the updating of
Maven dependencies. We should still run our codemods, even if
dependencies can't be pre-calculated.

v0.97.8

Improve CodeQL handling of multiple rules (#474)

Also fixed incidental bug in header injection remediation when applied
to interfaces.

v0.97.7

Normalize Maven codemod ID (#472)

v0.97.6

Limit `ResponseEntity` call changes (#470)

We can only safely make this change when the first argument value is a
`String` -- this adds that change and tests it.

v0.97.5

New remediation code shapes (#469)

Adding other form of ZipSlip remediation
Added XSS reported in `ResponseEntity`