dependabot[bot] opened a new pull request, #24675: URL: https://github.com/apache/camel/pull/24675
Bumps [io.rest-assured:rest-assured](https://github.com/rest-assured/rest-assured) from 6.0.0 to 6.0.1. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/rest-assured/rest-assured/blob/master/changelog.txt">io.rest-assured:rest-assured's changelog</a>.</em></p> <blockquote> <h2>Changelog 6.0.1 (2026-07-10)</h2> <ul> <li>Fix a JsonPath denial-of-service where oversized numeric literals in untrusted JSON were parsed into arbitrarily large BigIntegers, an O(n^2) CPU and heap cost. JSON number tokens are now capped at 1000 characters by default, configurable via JsonPathConfig.numberLengthLimit and JsonConfig.numberLengthLimit (a negative value disables the check). Thanks to Brian Lee (PhD security researcher, Georgia Tech SSLab) for the private report.</li> <li>Use custom Jackson 3 object mapper in JsonPath (<a href="https://redirect.github.com/rest-assured/rest-assured/issues/1858">#1858</a>) (thanks to gkiel for PR)</li> <li>Fix Spring MockMvc cookie handling with Jakarta-only servlet APIs (fixes <a href="https://redirect.github.com/rest-assured/rest-assured/issues/1853">#1853</a>)</li> <li>Use Jackson 3 mapper in JsonPath deserialization when Jackson 3 is the only Jackson on the classpath (<a href="https://redirect.github.com/rest-assured/rest-assured/issues/1865">#1865</a>) (thanks to dickerpulli for PR)</li> <li>Add JsonPath.using(Jackson3ObjectMapperFactory) overload (<a href="https://redirect.github.com/rest-assured/rest-assured/issues/1861">#1861</a>) (thanks to Anusha-7254 for PR)</li> <li>Fix typo in duplicate-finder-maven-plugin phase property (<a href="https://redirect.github.com/rest-assured/rest-assured/issues/1866">#1866</a>) (thanks to metacosm for PR)</li> <li>Fix incorrect serialization of enum constants declared with a body when used as query/path parameters (<a href="https://redirect.github.com/rest-assured/rest-assured/issues/1799">#1799</a>)</li> <li>The spring-mock-mvc and spring-web-test-client modules now target Spring Framework 7 and no longer expose their own Spring version as a transitive dependency (the Spring dependencies are declared optional), so they no longer drag Spring 5 onto a Spring Boot 4 / Spring Framework 7 classpath. This removes the need for manual Spring exclusions on Spring Boot 4 (fixes <a href="https://redirect.github.com/rest-assured/rest-assured/issues/1853">#1853</a>, <a href="https://redirect.github.com/rest-assured/rest-assured/issues/1868">#1868</a>). Thanks to spencerarq for the detailed investigation.</li> </ul> <h2>Changelog 5.5.7 (2026-01-16)</h2> <ul> <li>Spring MockMvc module now supports Spring Framework 7.0 (thanks to Marcin Grzejszczak for PR)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/rest-assured/rest-assured/commit/8cc835a516ece11c5a6af30c328cf8e10f564314"><code>8cc835a</code></a> [maven-release-plugin] prepare release rest-assured-6.0.1</li> <li><a href="https://github.com/rest-assured/rest-assured/commit/92551ed73a02dbe6d6cd89e1f6a91dd0f1b4d71d"><code>92551ed</code></a> Sync dist and OSGi module versions during release</li> <li><a href="https://github.com/rest-assured/rest-assured/commit/29b55e24dddab3b99841fc13ed5799916060ba17"><code>29b55e2</code></a> Sync dist and osgi module parent versions to 6.0.1-SNAPSHOT</li> <li><a href="https://github.com/rest-assured/rest-assured/commit/f1abe776be4a17e034e6a72eb905d195f81a830a"><code>f1abe77</code></a> [ci skip] Preparing for release</li> <li><a href="https://github.com/rest-assured/rest-assured/commit/d134dfb3ed147f35d90aef33cf9123581c956e28"><code>d134dfb</code></a> Target Spring Framework 7 in the Spring modules and stop leaking Spring onto ...</li> <li><a href="https://github.com/rest-assured/rest-assured/commit/a146f5600425a02479ea247ed0c86c5222d6b9cf"><code>a146f56</code></a> Add AGENTS.md with changelog convention, reference it from CLAUDE.md</li> <li><a href="https://github.com/rest-assured/rest-assured/commit/2bbb19a282df9ecebdcbaa93cde5c073e5bc9720"><code>2bbb19a</code></a> Fix remaining duplicate-finder property typo in spring7-mvc-webapp</li> <li><a href="https://github.com/rest-assured/rest-assured/commit/c5214b82740644f8fdd72930e99d1139de8a27f8"><code>c5214b8</code></a> Fix serialization of enum constants declared with a body (<a href="https://redirect.github.com/rest-assured/rest-assured/issues/1799">#1799</a>)</li> <li><a href="https://github.com/rest-assured/rest-assured/commit/bc4608fbad56eca8fb640632e3b44fc993127808"><code>bc4608f</code></a> [ci skip] Updated changelog to reflect the latest changes</li> <li><a href="https://github.com/rest-assured/rest-assured/commit/2054f37233111bd78357dbfc7d2800f951e13819"><code>2054f37</code></a> Add JsonPath.using(Jackson3ObjectMapperFactory) overload</li> <li>Additional commits viewable in <a href="https://github.com/rest-assured/rest-assured/compare/rest-assured-6.0.0...rest-assured-6.0.1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
