Skip to content

Bump the rest-assured group with 2 updates#2040

Merged
github-actions[bot] merged 1 commit into
mainfrom
dependabot/maven/rest-assured-317bb201a3
Jul 13, 2026
Merged

Bump the rest-assured group with 2 updates#2040
github-actions[bot] merged 1 commit into
mainfrom
dependabot/maven/rest-assured-317bb201a3

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 13, 2026

Copy link
Copy Markdown
Contributor

Bumps the rest-assured group with 2 updates: io.rest-assured:rest-assured and io.rest-assured:json-path.

Updates io.rest-assured:rest-assured from 6.0.0 to 6.0.1

Changelog

Sourced from io.rest-assured:rest-assured's changelog.

Changelog 6.0.1 (2026-07-10)

  • Fix a JsonPath denial-of-service where oversized numeric literals in untrusted JSON were parsed into arbitrarily large BigIntegers, an O(n^2) CPU and heap cost. JSON number tokens are now capped at 1000 characters by default, configurable via JsonPathConfig.numberLengthLimit and JsonConfig.numberLengthLimit (a negative value disables the check). Thanks to Brian Lee (PhD security researcher, Georgia Tech SSLab) for the private report.
  • Use custom Jackson 3 object mapper in JsonPath (#1858) (thanks to gkiel for PR)
  • Fix Spring MockMvc cookie handling with Jakarta-only servlet APIs (fixes #1853)
  • Use Jackson 3 mapper in JsonPath deserialization when Jackson 3 is the only Jackson on the classpath (#1865) (thanks to dickerpulli for PR)
  • Add JsonPath.using(Jackson3ObjectMapperFactory) overload (#1861) (thanks to Anusha-7254 for PR)
  • Fix typo in duplicate-finder-maven-plugin phase property (#1866) (thanks to metacosm for PR)
  • Fix incorrect serialization of enum constants declared with a body when used as query/path parameters (#1799)
  • The spring-mock-mvc and spring-web-test-client modules now target Spring Framework 7 and no longer expose their own Spring version as a transitive dependency (the Spring dependencies are declared optional), so they no longer drag Spring 5 onto a Spring Boot 4 / Spring Framework 7 classpath. This removes the need for manual Spring exclusions on Spring Boot 4 (fixes #1853, #1868). Thanks to spencerarq for the detailed investigation.

Changelog 5.5.7 (2026-01-16)

  • Spring MockMvc module now supports Spring Framework 7.0 (thanks to Marcin Grzejszczak for PR)
Commits
  • 8cc835a [maven-release-plugin] prepare release rest-assured-6.0.1
  • 92551ed Sync dist and OSGi module versions during release
  • 29b55e2 Sync dist and osgi module parent versions to 6.0.1-SNAPSHOT
  • f1abe77 [ci skip] Preparing for release
  • d134dfb Target Spring Framework 7 in the Spring modules and stop leaking Spring onto ...
  • a146f56 Add AGENTS.md with changelog convention, reference it from CLAUDE.md
  • 2bbb19a Fix remaining duplicate-finder property typo in spring7-mvc-webapp
  • c5214b8 Fix serialization of enum constants declared with a body (#1799)
  • bc4608f [ci skip] Updated changelog to reflect the latest changes
  • 2054f37 Add JsonPath.using(Jackson3ObjectMapperFactory) overload
  • Additional commits viewable in compare view

Updates io.rest-assured:json-path from 6.0.0 to 6.0.1

Changelog

Sourced from io.rest-assured:json-path's changelog.

Changelog 6.0.1 (2026-07-10)

  • Fix a JsonPath denial-of-service where oversized numeric literals in untrusted JSON were parsed into arbitrarily large BigIntegers, an O(n^2) CPU and heap cost. JSON number tokens are now capped at 1000 characters by default, configurable via JsonPathConfig.numberLengthLimit and JsonConfig.numberLengthLimit (a negative value disables the check). Thanks to Brian Lee (PhD security researcher, Georgia Tech SSLab) for the private report.
  • Use custom Jackson 3 object mapper in JsonPath (#1858) (thanks to gkiel for PR)
  • Fix Spring MockMvc cookie handling with Jakarta-only servlet APIs (fixes #1853)
  • Use Jackson 3 mapper in JsonPath deserialization when Jackson 3 is the only Jackson on the classpath (#1865) (thanks to dickerpulli for PR)
  • Add JsonPath.using(Jackson3ObjectMapperFactory) overload (#1861) (thanks to Anusha-7254 for PR)
  • Fix typo in duplicate-finder-maven-plugin phase property (#1866) (thanks to metacosm for PR)
  • Fix incorrect serialization of enum constants declared with a body when used as query/path parameters (#1799)
  • The spring-mock-mvc and spring-web-test-client modules now target Spring Framework 7 and no longer expose their own Spring version as a transitive dependency (the Spring dependencies are declared optional), so they no longer drag Spring 5 onto a Spring Boot 4 / Spring Framework 7 classpath. This removes the need for manual Spring exclusions on Spring Boot 4 (fixes #1853, #1868). Thanks to spencerarq for the detailed investigation.

Changelog 5.5.7 (2026-01-16)

  • Spring MockMvc module now supports Spring Framework 7.0 (thanks to Marcin Grzejszczak for PR)
Commits
  • 8cc835a [maven-release-plugin] prepare release rest-assured-6.0.1
  • 92551ed Sync dist and OSGi module versions during release
  • 29b55e2 Sync dist and osgi module parent versions to 6.0.1-SNAPSHOT
  • f1abe77 [ci skip] Preparing for release
  • d134dfb Target Spring Framework 7 in the Spring modules and stop leaking Spring onto ...
  • a146f56 Add AGENTS.md with changelog convention, reference it from CLAUDE.md
  • 2bbb19a Fix remaining duplicate-finder property typo in spring7-mvc-webapp
  • c5214b8 Fix serialization of enum constants declared with a body (#1799)
  • bc4608f [ci skip] Updated changelog to reflect the latest changes
  • 2054f37 Add JsonPath.using(Jackson3ObjectMapperFactory) overload
  • Additional commits viewable in compare view

Updates io.rest-assured:json-path from 6.0.0 to 6.0.1

Changelog

Sourced from io.rest-assured:json-path's changelog.

Changelog 6.0.1 (2026-07-10)

  • Fix a JsonPath denial-of-service where oversized numeric literals in untrusted JSON were parsed into arbitrarily large BigIntegers, an O(n^2) CPU and heap cost. JSON number tokens are now capped at 1000 characters by default, configurable via JsonPathConfig.numberLengthLimit and JsonConfig.numberLengthLimit (a negative value disables the check). Thanks to Brian Lee (PhD security researcher, Georgia Tech SSLab) for the private report.
  • Use custom Jackson 3 object mapper in JsonPath (#1858) (thanks to gkiel for PR)
  • Fix Spring MockMvc cookie handling with Jakarta-only servlet APIs (fixes #1853)
  • Use Jackson 3 mapper in JsonPath deserialization when Jackson 3 is the only Jackson on the classpath (#1865) (thanks to dickerpulli for PR)
  • Add JsonPath.using(Jackson3ObjectMapperFactory) overload (#1861) (thanks to Anusha-7254 for PR)
  • Fix typo in duplicate-finder-maven-plugin phase property (#1866) (thanks to metacosm for PR)
  • Fix incorrect serialization of enum constants declared with a body when used as query/path parameters (#1799)
  • The spring-mock-mvc and spring-web-test-client modules now target Spring Framework 7 and no longer expose their own Spring version as a transitive dependency (the Spring dependencies are declared optional), so they no longer drag Spring 5 onto a Spring Boot 4 / Spring Framework 7 classpath. This removes the need for manual Spring exclusions on Spring Boot 4 (fixes #1853, #1868). Thanks to spencerarq for the detailed investigation.

Changelog 5.5.7 (2026-01-16)

  • Spring MockMvc module now supports Spring Framework 7.0 (thanks to Marcin Grzejszczak for PR)
Commits
  • 8cc835a [maven-release-plugin] prepare release rest-assured-6.0.1
  • 92551ed Sync dist and OSGi module versions during release
  • 29b55e2 Sync dist and osgi module parent versions to 6.0.1-SNAPSHOT
  • f1abe77 [ci skip] Preparing for release
  • d134dfb Target Spring Framework 7 in the Spring modules and stop leaking Spring onto ...
  • a146f56 Add AGENTS.md with changelog convention, reference it from CLAUDE.md
  • 2bbb19a Fix remaining duplicate-finder property typo in spring7-mvc-webapp
  • c5214b8 Fix serialization of enum constants declared with a body (#1799)
  • bc4608f [ci skip] Updated changelog to reflect the latest changes
  • 2054f37 Add JsonPath.using(Jackson3ObjectMapperFactory) overload
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the rest-assured group with 2 updates: [io.rest-assured:rest-assured](https://github.com/rest-assured/rest-assured) and [io.rest-assured:json-path](https://github.com/rest-assured/rest-assured).


Updates `io.rest-assured:rest-assured` from 6.0.0 to 6.0.1
- [Changelog](https://github.com/rest-assured/rest-assured/blob/master/changelog.txt)
- [Commits](rest-assured/rest-assured@rest-assured-6.0.0...rest-assured-6.0.1)

Updates `io.rest-assured:json-path` from 6.0.0 to 6.0.1
- [Changelog](https://github.com/rest-assured/rest-assured/blob/master/changelog.txt)
- [Commits](rest-assured/rest-assured@rest-assured-6.0.0...rest-assured-6.0.1)

Updates `io.rest-assured:json-path` from 6.0.0 to 6.0.1
- [Changelog](https://github.com/rest-assured/rest-assured/blob/master/changelog.txt)
- [Commits](rest-assured/rest-assured@rest-assured-6.0.0...rest-assured-6.0.1)

---
updated-dependencies:
- dependency-name: io.rest-assured:rest-assured
  dependency-version: 6.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: rest-assured
- dependency-name: io.rest-assured:json-path
  dependency-version: 6.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: rest-assured
- dependency-name: io.rest-assured:json-path
  dependency-version: 6.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: rest-assured
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Jul 13, 2026
@github-actions
github-actions Bot enabled auto-merge July 13, 2026 00:52
@github-actions
github-actions Bot merged commit 92c6a32 into main Jul 13, 2026
6 of 7 checks passed
@dependabot
dependabot Bot deleted the dependabot/maven/rest-assured-317bb201a3 branch July 13, 2026 00:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file java Pull requests that update Java code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants