From 7662174670d73db70a29c7234a3b15cb3605e3a5 Mon Sep 17 00:00:00 2001
From: Chen Dai <daichen@amazon.com>
Date: Mon, 30 Mar 2026 18:06:55 -0700
Subject: [PATCH] fix(common): Bump assertj-core from 3.9.1 to 3.27.7

Addresses CVE-2026-24400 (GHSA-rqfh-9r24-8c9r), an XXE vulnerability
in AssertJ's isXmlEqualTo assertion when parsing untrusted XML. While
the vulnerable method is not used in this codebase and assertj-core is
test-scoped only, this bump resolves the security scanner finding on
the 2.19 branch.

Signed-off-by: Chen Dai <daichen@amazon.com>
---
 common/build.gradle | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/common/build.gradle b/common/build.gradle
index 7722c64ac7e..06f7c75b55d 100644
--- a/common/build.gradle
+++ b/common/build.gradle
@@ -45,7 +45,7 @@ dependencies {
     implementation "com.github.seancfoley:ipaddress:5.4.2"
 
     testImplementation group: 'junit', name: 'junit', version: '4.13.2'
-    testImplementation group: 'org.assertj', name: 'assertj-core', version: '3.9.1'
+    testImplementation group: 'org.assertj', name: 'assertj-core', version: '3.27.7'
     testImplementation group: 'com.google.guava', name: 'guava', version: "${guava_version}"
     testImplementation group: 'org.hamcrest', name: 'hamcrest-library', version: '2.1'
     testImplementation('org.junit.jupiter:junit-jupiter:5.9.3')