Bump org.wiremock:wiremock from 3.0.1 to 3.0.3 in /gbfs-validator-java-cli in the maven group across 1 directory #175

dependabot · 2025-10-12T22:42:33Z

Bumps the maven group with 1 update in the /gbfs-validator-java-cli directory: org.wiremock:wiremock.

Updates org.wiremock:wiremock from 3.0.1 to 3.0.3

Release notes

Sourced from org.wiremock:wiremock's releases.

3.0.3 - Security Release

🔒 Security

This security release addresses the following issues

CVE-2023-41327 - Controlled SSRF through URL in the WireMock Webhooks Extension and WireMock Studio

Base CVSS Score: 4.6 (AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C)

CVE-2023-41329 - Domain restrictions bypass via DNS Rebinding in WireMock and WireMock Studio webhooks, proxy and recorder modes

Base CVSS Score: 3.9 (AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L/E:F/RL:O/RC:C)

NOTE: WireMock Studio, a proprietary distribution discontinued in 2022, is also affected by those issues and also affected by CVE-2023-39967 - Overall CVSS Score 8.6 - “Controlled and full-read SSRF through URL parameter when testing a request, webhooks and proxy mode”. The fixes will not be provided. The vendor recommends migrating to WireMock Cloud which is available as SaaS and private beta for on-premises deployments

🔗 Related releases

WireMock Docker 3.0.3-1 - Docker Image with the Patch

WireMock 2.35.1 / WireMock Docker 2.35.1-1 - Backport to WireMock 2.x

Python WireMock 2.6.1 - Python library that bundles the WireMock JAR file

NOTE: Other distributions like Testcontainers modules or Helm chart need explicit version declaration, and hence a user action is needed to update the dependencies should they be considered a risk

Credits

@W0rty, @numacanedo, @Mahoney, @tomakehurst, @oleg-nenashev

3.0.2

🐛 Bug fixes

fix: avoid crash when printing help in wiremock-standalone (#2351) @tomasbjerre

👻 Maintenance

Reset system properties at end of test (#2356) @Mahoney

📦 Dependency updates

Bump org.eclipse.jetty:jetty-bom from 11.0.15 to 11.0.16 (#2346) @dependabot

Bump org.slf4j:log4j-over-slf4j from 2.0.7 to 2.0.9 (#2353) @dependabot

Bump org.sonarqube from 4.3.0.3225 to 4.3.1.3277 (#2352) @dependabot

Commits

7a51264 Bumped patch version
0f72091 Stop NetworkAddressRules doing DNS lookups
984e79f Make NetworkAddressRulesAdheringDnsResolver testable
92d7793 Applied DNS resolver enforcement to webhooks extension
027ddaf Moved enforcement of network address rules to Apache client DNS resolver to a...
21a9622 Bumped patch version
1bb8b2d Bump org.eclipse.jetty:jetty-bom from 11.0.15 to 11.0.16 (#2346)
3fc3b88 Bump org.slf4j:log4j-over-slf4j from 2.0.7 to 2.0.9 (#2353)
0456440 Bump org.sonarqube from 4.3.0.3225 to 4.3.1.3277 (#2352)
18ccdc6 Merge pull request #2356 from wiremock/reset-system-properties
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps the maven group with 1 update in the /gbfs-validator-java-cli directory: [org.wiremock:wiremock](https://github.com/wiremock/wiremock). Updates `org.wiremock:wiremock` from 3.0.1 to 3.0.3 - [Release notes](https://github.com/wiremock/wiremock/releases) - [Commits](wiremock/wiremock@3.0.1...3.0.3) --- updated-dependencies: - dependency-name: org.wiremock:wiremock dependency-version: 3.0.3 dependency-type: direct:development dependency-group: maven ... Signed-off-by: dependabot[bot] <[email protected]>

codecov-commenter · 2025-10-12T22:44:02Z

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 71.56%. Comparing base (0db0ca1) to head (5dc3a41).
⚠️ Report is 1 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff            @@
##             master     #175   +/-   ##
=========================================
  Coverage     71.56%   71.56%           
  Complexity      228      228           
=========================================
  Files            46       46           
  Lines          1143     1143           
  Branches        128      128           
=========================================
  Hits            818      818           
  Misses          245      245           
  Partials         80       80

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update java code labels Oct 12, 2025

testower merged commit 6126b21 into master Oct 13, 2025
1 check passed

testower deleted the dependabot/maven/gbfs-validator-java-cli/maven-25dc439468 branch October 13, 2025 05:20

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump org.wiremock:wiremock from 3.0.1 to 3.0.3 in /gbfs-validator-java-cli in the maven group across 1 directory #175

Bump org.wiremock:wiremock from 3.0.1 to 3.0.3 in /gbfs-validator-java-cli in the maven group across 1 directory #175

Uh oh!

dependabot bot commented on behalf of github Oct 12, 2025

Uh oh!

codecov-commenter commented Oct 12, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Bump org.wiremock:wiremock from 3.0.1 to 3.0.3 in /gbfs-validator-java-cli in the maven group across 1 directory #175

Bump org.wiremock:wiremock from 3.0.1 to 3.0.3 in /gbfs-validator-java-cli in the maven group across 1 directory #175

Uh oh!

Conversation

dependabot bot commented on behalf of github Oct 12, 2025

3.0.3 - Security Release

🔒 Security

🔗 Related releases

Credits

3.0.2

🐛 Bug fixes

👻 Maintenance

📦 Dependency updates

Uh oh!

codecov-commenter commented Oct 12, 2025

Codecov Report

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants