chore(deps-dev): bump org.wiremock:wiremock from 3.0.1 to 3.0.4

[dependabot[bot]]

Bumps org.wiremock:wiremock from 3.0.1 to 3.0.4.

Release notes

Sourced from org.wiremock:wiremock's releases.

3.0.4

🚀 New features and improvements

• Add working equals & readable toString to NetworkAddressRange (#2358) @​Mahoney

🐛 Bug fixes

• Fix standalone missing filename extension bug (#2366) @​tomakehurst
• Added a setter for max template cache entries in WireMockConfiguration (#2365) @​tomakehurst
• Second attempt at fixing shaded webhooks plugin (#2362) @​tomakehurst

👻 Maintenance

• Bump org.scala-lang:scala-library test dependency from 2.13.11 to 2.13.12 (#2360) @​dependabot

✍ Other changes

• Add tests proving we match on request bodies (#2367) @​Mahoney

3.0.3 - Security Release

🔒 Security

This security release addresses the following issues

• CVE-2023-41327 - Controlled SSRF through URL in the WireMock Webhooks Extension and WireMock Studio
  • Base CVSS Score: 4.6 (AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C)
• CVE-2023-41329 - Domain restrictions bypass via DNS Rebinding in WireMock and WireMock Studio webhooks, proxy and recorder modes
  • Base CVSS Score: 3.9 (AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L/E:F/RL:O/RC:C)

NOTE: WireMock Studio, a proprietary distribution discontinued in 2022, is also affected by those issues and also affected by CVE-2023-39967 - Overall CVSS Score 8.6 - “Controlled and full-read SSRF through URL parameter when testing a request, webhooks and proxy mode”. The fixes will not be provided. The vendor recommends migrating to WireMock Cloud which is available as SaaS and private beta for on-premises deployments

🔗 Related releases

• WireMock Docker 3.0.3-1 - Docker Image with the Patch
• WireMock 2.35.1 / WireMock Docker 2.35.1-1 - Backport to WireMock 2.x
• Python WireMock 2.6.1 - Python library that bundles the WireMock JAR file
• NOTE: Other distributions like Testcontainers modules or Helm chart need explicit version declaration, and hence a user action is needed to update the dependencies should they be considered a risk

Credits

@​W0rty, @​numacanedo, @​Mahoney, @​tomakehurst, @​oleg-nenashev

3.0.2

🐛 Bug fixes

• fix: avoid crash when printing help in wiremock-standalone (#2351) @​tomasbjerre

... (truncated)

Commits

• 0315cd4 2nd attempt at fixing non-shaded webhooks JAR problem by disabling the JAR ta...
• 8e15b7d Bumped patch version
• e4dbb74 Merge pull request #2360 from wiremock/dependabot/gradle/org.scala-lang-scala...
• 3233c53 Bump org.scala-lang:scala-library from 2.13.11 to 2.13.12
• 7a51264 Bumped patch version
• 0f72091 Stop NetworkAddressRules doing DNS lookups
• 984e79f Make NetworkAddressRulesAdheringDnsResolver testable
• 92d7793 Applied DNS resolver enforcement to webhooks extension
• 027ddaf Moved enforcement of network address rules to Apache client DNS resolver to a...
• 21a9622 Bumped patch version
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov[bot]]

Codecov Report

Merging #103 (da6f61d) into main (a40a837) will not change coverage. The diff coverage is n/a.

@@            Coverage Diff            @@
##               main     #103   +/-   ##
=========================================
  Coverage     79.83%   79.83%           
  Complexity      269      269           
=========================================
  Files            42       42           
  Lines          1552     1552           
  Branches        248      248           
=========================================
  Hits           1239     1239           
  Misses          137      137           
  Partials        176      176           

:mega: We’re building smart automated test selection to slash your CI/CD build times. Learn more

[dependabot[bot]]

Superseded by #104.