chore(deps): update dependency org.assertj:assertj-core to v3.27.7 [security]#29
Open
renovate[bot] wants to merge 1 commit intomainfrom
Open
chore(deps): update dependency org.assertj:assertj-core to v3.27.7 [security]#29renovate[bot] wants to merge 1 commit intomainfrom
renovate[bot] wants to merge 1 commit intomainfrom
Conversation
renovate
bot
force-pushed
the
renovate/version.assertj
branch
from
800daa5 to
a95aa1b
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/version.assertj
branch
from
a95aa1b to
05b7d7e
Compare
renovate
bot
changed the title
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/version.assertj
branch
from
05b7d7e to
26153dc
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/version.assertj
branch
from
26153dc to
01980af
Compare
renovate
bot
force-pushed
the
renovate/version.assertj
branch
from
01980af to
4898573
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/version.assertj
branch
from
4898573 to
c9e97f5
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/version.assertj
branch
from
c9e97f5 to
590f412
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/version.assertj
branch
from
590f412 to
1a10778
Compare
renovate
bot
changed the title
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/version.assertj
branch
from
1a10778 to
de211a7
Compare
renovate
bot
force-pushed
the
renovate/version.assertj
branch
2 times, most recently
from
da85563 to
97379cb
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/version.assertj
branch
from
97379cb to
70c821d
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/version.assertj
branch
from
70c821d to
279a2a5
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/version.assertj
branch
from
279a2a5 to
ef28f47
Compare
renovate
bot
changed the title
renovate
bot
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
3.24.2→3.27.7GitHub Vulnerability Alerts
CVE-2026-24400
An XML External Entity (XXE) vulnerability exists in
org.assertj.core.util.xml.XmlStringPrettyFormatter: thetoXmlDocument(String)method initializesDocumentBuilderFactorywith default settings, without disabling DTDs or external entities. This formatter is used by theisXmlEqualTo(CharSequence)assertion forCharSequencevalues.An application is vulnerable only when it uses untrusted XML input with one of the following methods:
isXmlEqualTo(CharSequence)fromorg.assertj.core.api.AbstractCharSequenceAssertxmlPrettyFormat(String)fromorg.assertj.core.util.xml.XmlStringPrettyFormatterImpact
If untrusted XML input is processed by the methods mentioned above (e.g., in test environments handling external fixture files), an attacker could:
file://URIs (e.g.,/etc/passwd, application configuration files)Mitigation
isXmlEqualTo(CharSequence)has been deprecated in favor of XMLUnit in version 3.18.0 and will be removed in version 4.0. Users of affected versions should, in order of preference:isXmlEqualTo(CharSequence)with XMLUnit, orisXmlEqualTo(CharSequence)orXmlStringPrettyFormatterwith untrusted input.XmlStringPrettyFormatterhas historically been considered a utility forisXmlEqualTo(CharSequence)rather than a feature for AssertJ users, so it is deprecated in version 3.27.7 and removed in version 4.0, with no replacement.References
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.