ContinuousSecurityTooling / zap-java

Apache License 2.0
0 stars 0 forks source link

fix(deps): update dependency org.testng:testng to v7 [security] #58

Closed renovate[bot] closed 1 year ago

renovate[bot] commented 1 year ago

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
org.testng:testng (source) 6.14.3 -> 7.7.0 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2022-4065

A vulnerability was found in cbeust testng. It has been declared as critical. Affected by this vulnerability is the function testngXmlExistsInJar of the file testng-core/src/main/java/org/testng/JarFileUtils.java of the component XML File Parser. The manipulation leads to path traversal. The attack can be launched remotely. A patch is available in version 7.7.0 at commit 9150736cd2c123a6a3b60e6193630859f9f0422b. It is recommended to apply a patch to fix this issue. The patch was pushed into the master branch but no releases have yet been made with the patch included.


Release Notes

cbeust/testng ### [`v7.7.0`](https://togithub.com/cbeust/testng/releases/tag/7.7.0): TestNG v7.7.0 #### What's Changed - Replace FindBugs by SpotBugs by [@​gruenich](https://togithub.com/gruenich) in [https://github.com/cbeust/testng/pull/2781](https://togithub.com/cbeust/testng/pull/2781) - Gradle: Drop forUseAtConfigurationTime() by [@​gruenich](https://togithub.com/gruenich) in [https://github.com/cbeust/testng/pull/2783](https://togithub.com/cbeust/testng/pull/2783) - Added ability to provide custom message to assertThrows\expectThrows methods by [@​anatolyuzhakov](https://togithub.com/anatolyuzhakov) in [https://github.com/cbeust/testng/pull/2793](https://togithub.com/cbeust/testng/pull/2793) - Fix issue 2801 - Only resolve hostname once by [@​spkrka](https://togithub.com/spkrka) in [https://github.com/cbeust/testng/pull/2802](https://togithub.com/cbeust/testng/pull/2802) - \[SECURITY] Fix Zip Slip Vulnerability by [@​JLLeitschuh](https://togithub.com/JLLeitschuh) in [https://github.com/cbeust/testng/pull/2806](https://togithub.com/cbeust/testng/pull/2806) - GITHUB-2807 - Failsafe buildStackTrace by [@​seregamorph](https://togithub.com/seregamorph) in [https://github.com/cbeust/testng/pull/2808](https://togithub.com/cbeust/testng/pull/2808) - Prevent overlogging of debug msgs in Graph impl by [@​krmahadevan](https://togithub.com/krmahadevan) in [https://github.com/cbeust/testng/pull/2813](https://togithub.com/cbeust/testng/pull/2813) - Streamline dataprovider invoking in abstract classes by [@​krmahadevan](https://togithub.com/krmahadevan) in [https://github.com/cbeust/testng/pull/2814](https://togithub.com/cbeust/testng/pull/2814) - Streamline TestResult due to expectedExceptions by [@​krmahadevan](https://togithub.com/krmahadevan) in [https://github.com/cbeust/testng/pull/2815](https://togithub.com/cbeust/testng/pull/2815) - Unexpected test runs count with retry analyzer by [@​krmahadevan](https://togithub.com/krmahadevan) in [https://github.com/cbeust/testng/pull/2816](https://togithub.com/cbeust/testng/pull/2816) - Make PackageUtils compliant with JPMS by [@​krmahadevan](https://togithub.com/krmahadevan) in [https://github.com/cbeust/testng/pull/2817](https://togithub.com/cbeust/testng/pull/2817) - Ability to retry a data provider during failures by [@​krmahadevan](https://togithub.com/krmahadevan) in [https://github.com/cbeust/testng/pull/2820](https://togithub.com/cbeust/testng/pull/2820) - Refactoring by [@​krmahadevan](https://togithub.com/krmahadevan) in [https://github.com/cbeust/testng/pull/2821](https://togithub.com/cbeust/testng/pull/2821) - Fixing bug with DataProvider retry by [@​krmahadevan](https://togithub.com/krmahadevan) in [https://github.com/cbeust/testng/pull/2822](https://togithub.com/cbeust/testng/pull/2822) - Add config key for callback discrepancy behavior by [@​krmahadevan](https://togithub.com/krmahadevan) in [https://github.com/cbeust/testng/pull/2823](https://togithub.com/cbeust/testng/pull/2823) - Upgrading versions by [@​krmahadevan](https://togithub.com/krmahadevan) in [https://github.com/cbeust/testng/pull/2824](https://togithub.com/cbeust/testng/pull/2824) - Fix [#​2770](https://togithub.com/cbeust/testng/issues/2770): FileAlreadyExistsException on copy by [@​melloware](https://togithub.com/melloware) in [https://github.com/cbeust/testng/pull/2827](https://togithub.com/cbeust/testng/pull/2827) - JarFileUtils.delete(File f) throw actual exception (instead of FileNotFound) when file cannot be deleted [#​2825](https://togithub.com/cbeust/testng/issues/2825) by [@​speedythesnail](https://togithub.com/speedythesnail) in [https://github.com/cbeust/testng/pull/2826](https://togithub.com/cbeust/testng/pull/2826) - GITHUB-2830 - Failsafe parameter.toString by [@​seregamorph](https://togithub.com/seregamorph) in [https://github.com/cbeust/testng/pull/2831](https://togithub.com/cbeust/testng/pull/2831) - Changing assertion message of the osgitest by [@​krmahadevan](https://togithub.com/krmahadevan) in [https://github.com/cbeust/testng/pull/2832](https://togithub.com/cbeust/testng/pull/2832) - hidden spotbugs in release [#​2829](https://togithub.com/cbeust/testng/issues/2829) by [@​bobshie](https://togithub.com/bobshie) in [https://github.com/cbeust/testng/pull/2833](https://togithub.com/cbeust/testng/pull/2833) - Enhancing the Matrix by [@​krmahadevan](https://togithub.com/krmahadevan) in [https://github.com/cbeust/testng/pull/2834](https://togithub.com/cbeust/testng/pull/2834) - Avoid Compilation errors on Semeru JDK flavour. by [@​krmahadevan](https://togithub.com/krmahadevan) in [https://github.com/cbeust/testng/pull/2835](https://togithub.com/cbeust/testng/pull/2835) - Add addition yml extension by [@​speedythesnail](https://togithub.com/speedythesnail) in [https://github.com/cbeust/testng/pull/2837](https://togithub.com/cbeust/testng/pull/2837) - Support getting dependencies info for a test by [@​krmahadevan](https://togithub.com/krmahadevan) in [https://github.com/cbeust/testng/pull/2839](https://togithub.com/cbeust/testng/pull/2839) - Honour regex in dependsOnMethods by [@​krmahadevan](https://togithub.com/krmahadevan) in [https://github.com/cbeust/testng/pull/2838](https://togithub.com/cbeust/testng/pull/2838) - Ensure All tests run all the time by [@​krmahadevan](https://togithub.com/krmahadevan) in [https://github.com/cbeust/testng/pull/2842](https://togithub.com/cbeust/testng/pull/2842) - Deprecate support for running Spock Tests by [@​krmahadevan](https://togithub.com/krmahadevan) in [https://github.com/cbeust/testng/pull/2846](https://togithub.com/cbeust/testng/pull/2846) - Streamline dependsOnMethods for configurations by [@​krmahadevan](https://togithub.com/krmahadevan) in [https://github.com/cbeust/testng/pull/2845](https://togithub.com/cbeust/testng/pull/2845) - Ensure ITestContext available for JUnit4 tests by [@​krmahadevan](https://togithub.com/krmahadevan) in [https://github.com/cbeust/testng/pull/2848](https://togithub.com/cbeust/testng/pull/2848) - Deprecate support for running JUnit tests by [@​krmahadevan](https://togithub.com/krmahadevan) in [https://github.com/cbeust/testng/pull/2849](https://togithub.com/cbeust/testng/pull/2849) #### New Contributors - [@​gruenich](https://togithub.com/gruenich) made their first contribution in [https://github.com/cbeust/testng/pull/2781](https://togithub.com/cbeust/testng/pull/2781) - [@​anatolyuzhakov](https://togithub.com/anatolyuzhakov) made their first contribution in [https://github.com/cbeust/testng/pull/2793](https://togithub.com/cbeust/testng/pull/2793) - [@​spkrka](https://togithub.com/spkrka) made their first contribution in [https://github.com/cbeust/testng/pull/2802](https://togithub.com/cbeust/testng/pull/2802) - [@​JLLeitschuh](https://togithub.com/JLLeitschuh) made their first contribution in [https://github.com/cbeust/testng/pull/2806](https://togithub.com/cbeust/testng/pull/2806) - [@​seregamorph](https://togithub.com/seregamorph) made their first contribution in [https://github.com/cbeust/testng/pull/2808](https://togithub.com/cbeust/testng/pull/2808) - [@​melloware](https://togithub.com/melloware) made their first contribution in [https://github.com/cbeust/testng/pull/2827](https://togithub.com/cbeust/testng/pull/2827) - [@​speedythesnail](https://togithub.com/speedythesnail) made their first contribution in [https://github.com/cbeust/testng/pull/2826](https://togithub.com/cbeust/testng/pull/2826) - [@​bobshie](https://togithub.com/bobshie) made their first contribution in [https://github.com/cbeust/testng/pull/2833](https://togithub.com/cbeust/testng/pull/2833) **Full Changelog**: https://github.com/cbeust/testng/compare/7.6.1...7.7.0 ### [`v7.6.1`](https://togithub.com/cbeust/testng/releases/tag/7.6.1): TestNG v7.6.1 This is a bug fix release and just includes 1 bug fix in it. #### What's Changed - Fix Files.copy() such that parent dirs are created by [@​krmahadevan](https://togithub.com/krmahadevan) in [https://github.com/cbeust/testng/pull/2764](https://togithub.com/cbeust/testng/pull/2764) - Remove deprecated utility methods by [@​krmahadevan](https://togithub.com/krmahadevan) in [https://github.com/cbeust/testng/pull/2762](https://togithub.com/cbeust/testng/pull/2762) - Fix typos by [@​asolntsev](https://togithub.com/asolntsev) in [https://github.com/cbeust/testng/pull/2772](https://togithub.com/cbeust/testng/pull/2772) **Full Changelog**: https://github.com/cbeust/testng/compare/7.6.0...7.6.1 ### [`v7.6.0`](https://togithub.com/cbeust/testng/releases/tag/7.6.0) [Compare Source](https://togithub.com/cbeust/testng/compare/7.5...7.6.0) #### What's Changed - Remove redundant Parameter implementation by [@​krmahadevan](https://togithub.com/krmahadevan) in [https://github.com/cbeust/testng/pull/2706](https://togithub.com/cbeust/testng/pull/2706) - Upgrade to JDK11 by [@​krmahadevan](https://togithub.com/krmahadevan) in [https://github.com/cbeust/testng/pull/2705](https://togithub.com/cbeust/testng/pull/2705) - Move SimpleBaseTest to be Kotlin based by [@​krmahadevan](https://togithub.com/krmahadevan) in [https://github.com/cbeust/testng/pull/2703](https://togithub.com/cbeust/testng/pull/2703) - Restore testnames when using suites in suite. by [@​martinaldrin](https://togithub.com/martinaldrin) in [https://github.com/cbeust/testng/pull/2712](https://togithub.com/cbeust/testng/pull/2712) - Moving ClassHelperTests into Kotlin by [@​krmahadevan](https://togithub.com/krmahadevan) in [https://github.com/cbeust/testng/pull/2716](https://togithub.com/cbeust/testng/pull/2716) - IHookable and IConfigurable callback discrepancy by [@​krmahadevan](https://togithub.com/krmahadevan) in [https://github.com/cbeust/testng/pull/2713](https://togithub.com/cbeust/testng/pull/2713) - Minor refactoring by [@​krmahadevan](https://togithub.com/krmahadevan) in [https://github.com/cbeust/testng/pull/2718](https://togithub.com/cbeust/testng/pull/2718) - Add additional condition for assertEqualsNoOrder by [@​Dymitriux](https://togithub.com/Dymitriux) in [https://github.com/cbeust/testng/pull/2723](https://togithub.com/cbeust/testng/pull/2723) - beforeConfiguration() listener method should be invoked for skipped configurations as well by [@​bj-9527](https://togithub.com/bj-9527) in [https://github.com/cbeust/testng/pull/2732](https://togithub.com/cbeust/testng/pull/2732) - [#​2734](https://togithub.com/cbeust/testng/issues/2734) keep the initial order of listeners by [@​asolntsev](https://togithub.com/asolntsev) in [https://github.com/cbeust/testng/pull/2737](https://togithub.com/cbeust/testng/pull/2737) - SuiteRunner could not be initial by default Configuration by [@​bj-9527](https://togithub.com/bj-9527) in [https://github.com/cbeust/testng/pull/2744](https://togithub.com/cbeust/testng/pull/2744) - Enable Dataprovider failures to be considered. by [@​krmahadevan](https://togithub.com/krmahadevan) in [https://github.com/cbeust/testng/pull/2748](https://togithub.com/cbeust/testng/pull/2748) - BeforeGroups should run before any matched test by [@​velma](https://togithub.com/velma) in [https://github.com/cbeust/testng/pull/2749](https://togithub.com/cbeust/testng/pull/2749) - Fix possible StringIndexOutOfBoundsException exception in XmlReporter by [@​velma](https://togithub.com/velma) in [https://github.com/cbeust/testng/pull/2750](https://togithub.com/cbeust/testng/pull/2750) - DataProvider: possibility to unload dataprovider class, when done with it by [@​dsankouski](https://togithub.com/dsankouski) in [https://github.com/cbeust/testng/pull/2739](https://togithub.com/cbeust/testng/pull/2739) - fix possibilty that AfterGroups method is invoked before all tests by [@​velma](https://togithub.com/velma) in [https://github.com/cbeust/testng/pull/2753](https://togithub.com/cbeust/testng/pull/2753) - fix equals implementation for WrappedTestNGMethod by [@​velma](https://togithub.com/velma) in [https://github.com/cbeust/testng/pull/2755](https://togithub.com/cbeust/testng/pull/2755) - Upgrade dependencies, Upgrade to JDK17 by [@​hduerkop](https://togithub.com/hduerkop) in [https://github.com/cbeust/testng/pull/2747](https://togithub.com/cbeust/testng/pull/2747) - Wire-In listeners consistently by [@​krmahadevan](https://togithub.com/krmahadevan) in [https://github.com/cbeust/testng/pull/2756](https://togithub.com/cbeust/testng/pull/2756) - Streamline AfterClass invocation by [@​krmahadevan](https://togithub.com/krmahadevan) in [https://github.com/cbeust/testng/pull/2757](https://togithub.com/cbeust/testng/pull/2757) - Show FQMN for tests in console by [@​krmahadevan](https://togithub.com/krmahadevan) in [https://github.com/cbeust/testng/pull/2758](https://togithub.com/cbeust/testng/pull/2758) - Fix 2725 by [@​krmahadevan](https://togithub.com/krmahadevan) in [https://github.com/cbeust/testng/pull/2759](https://togithub.com/cbeust/testng/pull/2759) #### New Contributors - [@​Dymitriux](https://togithub.com/Dymitriux) made their first contribution in [https://github.com/cbeust/testng/pull/2723](https://togithub.com/cbeust/testng/pull/2723) - [@​asolntsev](https://togithub.com/asolntsev) made their first contribution in [https://github.com/cbeust/testng/pull/2737](https://togithub.com/cbeust/testng/pull/2737) - [@​velma](https://togithub.com/velma) made their first contribution in [https://github.com/cbeust/testng/pull/2749](https://togithub.com/cbeust/testng/pull/2749) - [@​hduerkop](https://togithub.com/hduerkop) made their first contribution in [https://github.com/cbeust/testng/pull/2747](https://togithub.com/cbeust/testng/pull/2747) **Full Changelog**: https://github.com/cbeust/testng/compare/7.5...7.6.0 ### [`v7.5`](https://togithub.com/cbeust/testng/compare/7.4.0...7.5) [Compare Source](https://togithub.com/cbeust/testng/compare/7.4.0...7.5) ### [`v7.4.0`](https://togithub.com/cbeust/testng/compare/7.3.0...7.4.0) [Compare Source](https://togithub.com/cbeust/testng/compare/7.3.0...7.4.0) ### [`v7.0.0`](https://togithub.com/cbeust/testng/compare/6.14.3...7.0.0) [Compare Source](https://togithub.com/cbeust/testng/compare/6.14.3...7.0.0)

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.



This PR has been generated by Mend Renovate. View repository job log here.