search

Cantara / Java-Auto-Update

Java Auto-Update - wrapper to automaticall upgrade a Java application.
https://wiki.cantara.no/display/JAU/Java+Auto-Update
Apache License 2.0
49 stars 14 forks source link

chore(deps): update dependency org.testng:testng to v7.7.0 [security] #142

Closed renovate[bot] closed 1 year ago

renovate[bot] commented 1 year ago

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
org.testng:testng (source) 7.5 -> 7.7.0 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2022-4065

A vulnerability was found in cbeust testng. It has been declared as critical. Affected by this vulnerability is the function testngXmlExistsInJar of the file testng-core/src/main/java/org/testng/JarFileUtils.java of the component XML File Parser. The manipulation leads to path traversal. The attack can be launched remotely. A patch is available in version 7.7.0 at commit 9150736cd2c123a6a3b60e6193630859f9f0422b. It is recommended to apply a patch to fix this issue. The patch was pushed into the master branch but no releases have yet been made with the patch included.

Release Notes

cbeust/testng ### [`v7.7.0`](https://togithub.com/cbeust/testng/releases/tag/7.7.0): TestNG v7.7.0 [Compare Source](https://togithub.com/cbeust/testng/compare/7.6.1...7.7.0) #### What's Changed - Replace FindBugs by SpotBugs by [@​gruenich](https://togithub.com/gruenich) in [https://github.com/cbeust/testng/pull/2781](https://togithub.com/cbeust/testng/pull/2781) - Gradle: Drop forUseAtConfigurationTime() by [@​gruenich](https://togithub.com/gruenich) in [https://github.com/cbeust/testng/pull/2783](https://togithub.com/cbeust/testng/pull/2783) - Added ability to provide custom message to assertThrows\expectThrows methods by [@​anatolyuzhakov](https://togithub.com/anatolyuzhakov) in [https://github.com/cbeust/testng/pull/2793](https://togithub.com/cbeust/testng/pull/2793) - Fix issue 2801 - Only resolve hostname once by [@​spkrka](https://togithub.com/spkrka) in [https://github.com/cbeust/testng/pull/2802](https://togithub.com/cbeust/testng/pull/2802) - \[SECURITY] Fix Zip Slip Vulnerability by [@​JLLeitschuh](https://togithub.com/JLLeitschuh) in [https://github.com/cbeust/testng/pull/2806](https://togithub.com/cbeust/testng/pull/2806) - GITHUB-2807 - Failsafe buildStackTrace by [@​seregamorph](https://togithub.com/seregamorph) in [https://github.com/cbeust/testng/pull/2808](https://togithub.com/cbeust/testng/pull/2808) - Prevent overlogging of debug msgs in Graph impl by [@​krmahadevan](https://togithub.com/krmahadevan) in [https://github.com/cbeust/testng/pull/2813](https://togithub.com/cbeust/testng/pull/2813) - Streamline dataprovider invoking in abstract classes by [@​krmahadevan](https://togithub.com/krmahadevan) in [https://github.com/cbeust/testng/pull/2814](https://togithub.com/cbeust/testng/pull/2814) - Streamline TestResult due to expectedExceptions by [@​krmahadevan](https://togithub.com/krmahadevan) in [https://github.com/cbeust/testng/pull/2815](https://togithub.com/cbeust/testng/pull/2815) - Unexpected test runs count with retry analyzer by [@​krmahadevan](https://togithub.com/krmahadevan) in [https://github.com/cbeust/testng/pull/2816](https://togithub.com/cbeust/testng/pull/2816) - Make PackageUtils compliant with JPMS by [@​krmahadevan](https://togithub.com/krmahadevan) in [https://github.com/cbeust/testng/pull/2817](https://togithub.com/cbeust/testng/pull/2817) - Ability to retry a data provider during failures by [@​krmahadevan](https://togithub.com/krmahadevan) in [https://github.com/cbeust/testng/pull/2820](https://togithub.com/cbeust/testng/pull/2820) - Refactoring by [@​krmahadevan](https://togithub.com/krmahadevan) in [https://github.com/cbeust/testng/pull/2821](https://togithub.com/cbeust/testng/pull/2821) - Fixing bug with DataProvider retry by [@​krmahadevan](https://togithub.com/krmahadevan) in [https://github.com/cbeust/testng/pull/2822](https://togithub.com/cbeust/testng/pull/2822) - Add config key for callback discrepancy behavior by [@​krmahadevan](https://togithub.com/krmahadevan) in [https://github.com/cbeust/testng/pull/2823](https://togithub.com/cbeust/testng/pull/2823) - Upgrading versions by [@​krmahadevan](https://togithub.com/krmahadevan) in [https://github.com/cbeust/testng/pull/2824](https://togithub.com/cbeust/testng/pull/2824) - Fix [#​2770](https://togithub.com/cbeust/testng/issues/2770): FileAlreadyExistsException on copy by [@​melloware](https://togithub.com/melloware) in [https://github.com/cbeust/testng/pull/2827](https://togithub.com/cbeust/testng/pull/2827) - JarFileUtils.delete(File f) throw actual exception (instead of FileNotFound) when file cannot be deleted [#​2825](https://togithub.com/cbeust/testng/issues/2825) by [@​speedythesnail](https://togithub.com/speedythesnail) in [https://github.com/cbeust/testng/pull/2826](https://togithub.com/cbeust/testng/pull/2826) - GITHUB-2830 - Failsafe parameter.toString by [@​seregamorph](https://togithub.com/seregamorph) in [https://github.com/cbeust/testng/pull/2831](https://togithub.com/cbeust/testng/pull/2831) - Changing assertion message of the osgitest by [@​krmahadevan](https://togithub.com/krmahadevan) in [https://github.com/cbeust/testng/pull/2832](https://togithub.com/cbeust/testng/pull/2832) - hidden spotbugs in release [#​2829](https://togithub.com/cbeust/testng/issues/2829) by [@​bobshie](https://togithub.com/bobshie) in [https://github.com/cbeust/testng/pull/2833](https://togithub.com/cbeust/testng/pull/2833) - Enhancing the Matrix by [@​krmahadevan](https://togithub.com/krmahadevan) in [https://github.com/cbeust/testng/pull/2834](https://togithub.com/cbeust/testng/pull/2834) - Avoid Compilation errors on Semeru JDK flavour. by [@​krmahadevan](https://togithub.com/krmahadevan) in [https://github.com/cbeust/testng/pull/2835](https://togithub.com/cbeust/testng/pull/2835) - Add addition yml extension by [@​speedythesnail](https://togithub.com/speedythesnail) in [https://github.com/cbeust/testng/pull/2837](https://togithub.com/cbeust/testng/pull/2837) - Support getting dependencies info for a test by [@​krmahadevan](https://togithub.com/krmahadevan) in [https://github.com/cbeust/testng/pull/2839](https://togithub.com/cbeust/testng/pull/2839) - Honour regex in dependsOnMethods by [@​krmahadevan](https://togithub.com/krmahadevan) in [https://github.com/cbeust/testng/pull/2838](https://togithub.com/cbeust/testng/pull/2838) - Ensure All tests run all the time by [@​krmahadevan](https://togithub.com/krmahadevan) in [https://github.com/cbeust/testng/pull/2842](https://togithub.com/cbeust/testng/pull/2842) - Deprecate support for running Spock Tests by [@​krmahadevan](https://togithub.com/krmahadevan) in [https://github.com/cbeust/testng/pull/2846](https://togithub.com/cbeust/testng/pull/2846) - Streamline dependsOnMethods for configurations by [@​krmahadevan](https://togithub.com/krmahadevan) in [https://github.com/cbeust/testng/pull/2845](https://togithub.com/cbeust/testng/pull/2845) - Ensure ITestContext available for JUnit4 tests by [@​krmahadevan](https://togithub.com/krmahadevan) in [https://github.com/cbeust/testng/pull/2848](https://togithub.com/cbeust/testng/pull/2848) - Deprecate support for running JUnit tests by [@​krmahadevan](https://togithub.com/krmahadevan) in [https://github.com/cbeust/testng/pull/2849](https://togithub.com/cbeust/testng/pull/2849) #### New Contributors - [@​gruenich](https://togithub.com/gruenich) made their first contribution in [https://github.com/cbeust/testng/pull/2781](https://togithub.com/cbeust/testng/pull/2781) - [@​anatolyuzhakov](https://togithub.com/anatolyuzhakov) made their first contribution in [https://github.com/cbeust/testng/pull/2793](https://togithub.com/cbeust/testng/pull/2793) - [@​spkrka](https://togithub.com/spkrka) made their first contribution in [https://github.com/cbeust/testng/pull/2802](https://togithub.com/cbeust/testng/pull/2802) - [@​JLLeitschuh](https://togithub.com/JLLeitschuh) made their first contribution in [https://github.com/cbeust/testng/pull/2806](https://togithub.com/cbeust/testng/pull/2806) - [@​seregamorph](https://togithub.com/seregamorph) made their first contribution in [https://github.com/cbeust/testng/pull/2808](https://togithub.com/cbeust/testng/pull/2808) - [@​melloware](https://togithub.com/melloware) made their first contribution in [https://github.com/cbeust/testng/pull/2827](https://togithub.com/cbeust/testng/pull/2827) - [@​speedythesnail](https://togithub.com/speedythesnail) made their first contribution in [https://github.com/cbeust/testng/pull/2826](https://togithub.com/cbeust/testng/pull/2826) - [@​bobshie](https://togithub.com/bobshie) made their first contribution in [https://github.com/cbeust/testng/pull/2833](https://togithub.com/cbeust/testng/pull/2833) **Full Changelog**: https://github.com/cbeust/testng/compare/7.6.1...7.7.0 ### [`v7.6.1`](https://togithub.com/cbeust/testng/releases/tag/7.6.1): TestNG v7.6.1 [Compare Source](https://togithub.com/cbeust/testng/compare/7.6.0...7.6.1) This is a bug fix release and just includes 1 bug fix in it. #### What's Changed - Fix Files.copy() such that parent dirs are created by [@​krmahadevan](https://togithub.com/krmahadevan) in [https://github.com/cbeust/testng/pull/2764](https://togithub.com/cbeust/testng/pull/2764) - Remove deprecated utility methods by [@​krmahadevan](https://togithub.com/krmahadevan) in [https://github.com/cbeust/testng/pull/2762](https://togithub.com/cbeust/testng/pull/2762) - Fix typos by [@​asolntsev](https://togithub.com/asolntsev) in [https://github.com/cbeust/testng/pull/2772](https://togithub.com/cbeust/testng/pull/2772) **Full Changelog**: https://github.com/cbeust/testng/compare/7.6.0...7.6.1 ### [`v7.6.0`](https://togithub.com/cbeust/testng/releases/tag/7.6.0) [Compare Source](https://togithub.com/cbeust/testng/compare/7.5...7.6.0) #### What's Changed - Remove redundant Parameter implementation by [@​krmahadevan](https://togithub.com/krmahadevan) in [https://github.com/cbeust/testng/pull/2706](https://togithub.com/cbeust/testng/pull/2706) - Upgrade to JDK11 by [@​krmahadevan](https://togithub.com/krmahadevan) in [https://github.com/cbeust/testng/pull/2705](https://togithub.com/cbeust/testng/pull/2705) - Move SimpleBaseTest to be Kotlin based by [@​krmahadevan](https://togithub.com/krmahadevan) in [https://github.com/cbeust/testng/pull/2703](https://togithub.com/cbeust/testng/pull/2703) - Restore testnames when using suites in suite. by [@​martinaldrin](https://togithub.com/martinaldrin) in [https://github.com/cbeust/testng/pull/2712](https://togithub.com/cbeust/testng/pull/2712) - Moving ClassHelperTests into Kotlin by [@​krmahadevan](https://togithub.com/krmahadevan) in [https://github.com/cbeust/testng/pull/2716](https://togithub.com/cbeust/testng/pull/2716) - IHookable and IConfigurable callback discrepancy by [@​krmahadevan](https://togithub.com/krmahadevan) in [https://github.com/cbeust/testng/pull/2713](https://togithub.com/cbeust/testng/pull/2713) - Minor refactoring by [@​krmahadevan](https://togithub.com/krmahadevan) in [https://github.com/cbeust/testng/pull/2718](https://togithub.com/cbeust/testng/pull/2718) - Add additional condition for assertEqualsNoOrder by [@​Dymitriux](https://togithub.com/Dymitriux) in [https://github.com/cbeust/testng/pull/2723](https://togithub.com/cbeust/testng/pull/2723) - beforeConfiguration() listener method should be invoked for skipped configurations as well by [@​bj-9527](https://togithub.com/bj-9527) in [https://github.com/cbeust/testng/pull/2732](https://togithub.com/cbeust/testng/pull/2732) - [#​2734](https://togithub.com/cbeust/testng/issues/2734) keep the initial order of listeners by [@​asolntsev](https://togithub.com/asolntsev) in [https://github.com/cbeust/testng/pull/2737](https://togithub.com/cbeust/testng/pull/2737) - SuiteRunner could not be initial by default Configuration by [@​bj-9527](https://togithub.com/bj-9527) in [https://github.com/cbeust/testng/pull/2744](https://togithub.com/cbeust/testng/pull/2744) - Enable Dataprovider failures to be considered. by [@​krmahadevan](https://togithub.com/krmahadevan) in [https://github.com/cbeust/testng/pull/2748](https://togithub.com/cbeust/testng/pull/2748) - BeforeGroups should run before any matched test by [@​velma](https://togithub.com/velma) in [https://github.com/cbeust/testng/pull/2749](https://togithub.com/cbeust/testng/pull/2749) - Fix possible StringIndexOutOfBoundsException exception in XmlReporter by [@​velma](https://togithub.com/velma) in [https://github.com/cbeust/testng/pull/2750](https://togithub.com/cbeust/testng/pull/2750) - DataProvider: possibility to unload dataprovider class, when done with it by [@​dsankouski](https://togithub.com/dsankouski) in [https://github.com/cbeust/testng/pull/2739](https://togithub.com/cbeust/testng/pull/2739) - fix possibilty that AfterGroups method is invoked before all tests by [@​velma](https://togithub.com/velma) in [https://github.com/cbeust/testng/pull/2753](https://togithub.com/cbeust/testng/pull/2753) - fix equals implementation for WrappedTestNGMethod by [@​velma](https://togithub.com/velma) in [https://github.com/cbeust/testng/pull/2755](https://togithub.com/cbeust/testng/pull/2755) - Upgrade dependencies, Upgrade to JDK17 by [@​hduerkop](https://togithub.com/hduerkop) in [https://github.com/cbeust/testng/pull/2747](https://togithub.com/cbeust/testng/pull/2747) - Wire-In listeners consistently by [@​krmahadevan](https://togithub.com/krmahadevan) in [https://github.com/cbeust/testng/pull/2756](https://togithub.com/cbeust/testng/pull/2756) - Streamline AfterClass invocation by [@​krmahadevan](https://togithub.com/krmahadevan) in [https://github.com/cbeust/testng/pull/2757](https://togithub.com/cbeust/testng/pull/2757) - Show FQMN for tests in console by [@​krmahadevan](https://togithub.com/krmahadevan) in [https://github.com/cbeust/testng/pull/2758](https://togithub.com/cbeust/testng/pull/2758) - Fix 2725 by [@​krmahadevan](https://togithub.com/krmahadevan) in [https://github.com/cbeust/testng/pull/2759](https://togithub.com/cbeust/testng/pull/2759) #### New Contributors - [@​Dymitriux](https://togithub.com/Dymitriux) made their first contribution in [https://github.com/cbeust/testng/pull/2723](https://togithub.com/cbeust/testng/pull/2723) - [@​asolntsev](https://togithub.com/asolntsev) made their first contribution in [https://github.com/cbeust/testng/pull/2737](https://togithub.com/cbeust/testng/pull/2737) - [@​velma](https://togithub.com/velma) made their first contribution in [https://github.com/cbeust/testng/pull/2749](https://togithub.com/cbeust/testng/pull/2749) - [@​hduerkop](https://togithub.com/hduerkop) made their first contribution in [https://github.com/cbeust/testng/pull/2747](https://togithub.com/cbeust/testng/pull/2747) **Full Changelog**: https://github.com/cbeust/testng/compare/7.5...7.6.0

Configuration

šŸ“… Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

šŸš¦ Automerge: Disabled by config. Please merge this manually once you are satisfied.

ā™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

šŸ”• Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by Mend Renovate. View repository job log here.

renovate[bot] commented 1 year ago

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update (7.7.0). You will get a PR once a newer version is released. To ignore this dependency forever, add it to the ignoreDeps array of your Renovate config.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.