dependabot[bot] opened a new pull request, #868: URL: https://github.com/apache/ws-axiom/pull/868
Bumps [org.xmlunit:xmlunit-assertj3](https://github.com/xmlunit/xmlunit) from 2.11.0 to 2.12.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/xmlunit/xmlunit/releases";>org.xmlunit:xmlunit-assertj3's releases</a>.</em></p> <blockquote> <h2>XMLUnit for Java 2.12.0</h2> <p>This release may require you to adjust you configuration when comparing files that use DTDs. When XMLUnit 2.6.0 has been release it was intended to disallow DTD parsing by default, but due to a bug still allowed it. This has now been fixed.</p> <p>Full list of changes:</p> <ul> <li> <p>bumped xmlunit-assertj3's dependency on assert to 3.27.7.</p> <p>This is to make people aware of <a href="https://github.com/assertj/assertj/security/advisories/GHSA-rqfh-9r24-8c9r";>https://github.com/assertj/assertj/security/advisories/GHSA-rqfh-9r24-8c9r</a></p> <p>XMLUnit itself does not use the affected code in AssertJ so the upgrade is not strictly necessary - and this is why the xmlunit-assertj module is not updated. In fact the assertions provided by xmlunit-assertj3 are the recommended upgrade path for users of AssertJ 3.x+.</p> <p>PRs <a href="https://redirect.github.com/xmlunit/xmlunit/pull/320";>#320</a> and <a href="https://redirect.github.com/xmlunit/xmlunit/pull/321";>#321</a></p> </li> <li> <p>actually made <code>withDTDParsingDisabled</code> do what it says.</p> <p>This is a bugfix and in a way it is backwards incompatible as it changes default behavior in a way that I intended to do with XMLUnit 2.6.0 eight years ago. <code>DocumentBuilderFactoryConfigurer.DefaultWithDTDParsing</code> provides the behavior of XMLUnit 2.6.0 to 2.11.0.</p> <p>PRs <a href="https://redirect.github.com/xmlunit/xmlunit/pull/326";>#326</a> by <a href="https://github.com/jmestwa-coder";><code>@jmestwa-coder</code></a> and <a href="https://redirect.github.com/xmlunit/xmlunit/pull/328";>#328</a></p> </li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/xmlunit/xmlunit/blob/main/RELEASE_NOTES.md";>org.xmlunit:xmlunit-assertj3's changelog</a>.</em></p> <blockquote> <h2>XMLUnit for Java 2.12.0 - /Released 2026-05-31/</h2> <ul> <li> <p>bumped xmlunit-assertj3's dependency on assert to 3.27.7.</p> <p>This is to make people aware of <a href="https://github.com/assertj/assertj/security/advisories/GHSA-rqfh-9r24-8c9r";>https://github.com/assertj/assertj/security/advisories/GHSA-rqfh-9r24-8c9r</a></p> <p>XMLUnit itself does not use the affected code in AssertJ so the upgrade is not strictly necessary - and this is why the xmlunit-assertj module is not updated. In fact the assertions provided by xmlunit-assertj3 are the recommended upgrade path for users of AssertJ 3.x+.</p> <p>PRs <a href="https://redirect.github.com/xmlunit/xmlunit/pull/320";>#320</a> and <a href="https://redirect.github.com/xmlunit/xmlunit/pull/321";>#321</a></p> </li> <li> <p>actually made <code>withDTDParsingDisabled</code> do what it says.</p> <p>This is a bugfix and in a way it is backwards incompatible as it changes default behavior in a way that I intended to do with XMLUnit 2.6.0 eight years ago. <code>DocumentBuilderFactoryConfigurer.DefaultWithDTDParsing</code> provides the behavior of XMLUnit 2.6.0 to 2.11.0.</p> <p>PRs <a href="https://redirect.github.com/xmlunit/xmlunit/pull/326";>#326</a> by <a href="https://github.com/jmestwa-coder";><code>@jmestwa-coder</code></a> and <a href="https://redirect.github.com/xmlunit/xmlunit/pull/328";>#328</a></p> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/xmlunit/xmlunit/commit/35a824382e081a4464d27b21e16aab29b16aad61";><code>35a8243</code></a> prepare 2.12.0 release</li> <li><a href="https://github.com/xmlunit/xmlunit/commit/e84de90ed8e66fc27700f785227c5d96c71e7e65";><code>e84de90</code></a> make javadoc build work</li> <li><a href="https://github.com/xmlunit/xmlunit/commit/7e1108541147769777fafbd964607fb0936468cc";><code>7e11085</code></a> bump plugins</li> <li><a href="https://github.com/xmlunit/xmlunit/commit/9bfc67b82a79eb072c606b0dfffec210170e6b8d";><code>9bfc67b</code></a> Merge pull request <a href="https://redirect.github.com/xmlunit/xmlunit/issues/328";>#328</a> from xmlunit/fix-tests-introduce-new-DefaultWithDtdPa...</li> <li><a href="https://github.com/xmlunit/xmlunit/commit/b5361e0d4ebaea1112e20bc5c2232f66918c0ef8";><code>b5361e0</code></a> adjust tests, allow DTD parsing where necessary</li> <li><a href="https://github.com/xmlunit/xmlunit/commit/e71cc583a3884e41f922bd58e107e3ba3f33bcf3";><code>e71cc58</code></a> introduce DefaultWithDTDParsing configuration</li> <li><a href="https://github.com/xmlunit/xmlunit/commit/aafa4e4604a76d27c28c4670379af40295ad5213";><code>aafa4e4</code></a> Merge pull request <a href="https://redirect.github.com/xmlunit/xmlunit/issues/327";>#327</a> from xmlunit/rel-notes</li> <li><a href="https://github.com/xmlunit/xmlunit/commit/a799d5c6ac4663f27cc0b44cc590321df3534734";><code>a799d5c</code></a> xmlunit-assertj3 is also certainly recommended for assertj 3 users</li> <li><a href="https://github.com/xmlunit/xmlunit/commit/ba255e7455992240d95f7bcee2a1b965012d8f2e";><code>ba255e7</code></a> Merge pull request <a href="https://redirect.github.com/xmlunit/xmlunit/issues/326";>#326</a> from jmestwa-coder/dtd-parsing-disabled</li> <li><a href="https://github.com/xmlunit/xmlunit/commit/3a28d4e4890db41088841a0b67b7723709cb8979";><code>3a28d4e</code></a> fix withDTDParsingDisabled to actually reject doctype declarations</li> <li>Additional commits viewable in <a href="https://github.com/xmlunit/xmlunit/compare/v2.11.0...v2.12.0";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
