Skip to content

Update rest-assured to v6#58

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/major-rest-assured
Open

Update rest-assured to v6#58
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/major-rest-assured

Conversation

@renovate

@renovate renovate Bot commented May 11, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
io.rest-assured:json-path (source) 5.5.76.0.1 age confidence
io.rest-assured:rest-assured (source) 5.5.76.0.1 age confidence

Release Notes

rest-assured/rest-assured (io.rest-assured:json-path)

v6.0.1

  • Fix a JsonPath denial-of-service where oversized numeric literals in untrusted JSON were parsed into arbitrarily large BigIntegers, an O(n^2) CPU and heap cost. JSON number tokens are now capped at 1000 characters by default, configurable via JsonPathConfig.numberLengthLimit and JsonConfig.numberLengthLimit (a negative value disables the check). Thanks to Brian Lee (PhD security researcher, Georgia Tech SSLab) for the private report.
  • Use custom Jackson 3 object mapper in JsonPath (#​1858) (thanks to gkiel for PR)
  • Fix Spring MockMvc cookie handling with Jakarta-only servlet APIs (fixes #​1853)
  • Use Jackson 3 mapper in JsonPath deserialization when Jackson 3 is the only Jackson on the classpath (#​1865) (thanks to dickerpulli for PR)
  • Add JsonPath.using(Jackson3ObjectMapperFactory) overload (#​1861) (thanks to Anusha-7254 for PR)
  • Fix typo in duplicate-finder-maven-plugin phase property (#​1866) (thanks to metacosm for PR)
  • Fix incorrect serialization of enum constants declared with a body when used as query/path parameters (#​1799)
  • The spring-mock-mvc and spring-web-test-client modules now target Spring Framework 7 and no longer expose their own Spring version as a transitive dependency (the Spring dependencies are declared optional), so they no longer drag Spring 5 onto a Spring Boot 4 / Spring Framework 7 classpath. This removes the need for manual Spring exclusions on Spring Boot 4 (fixes #​1853, #​1868). Thanks to spencerarq for the detailed investigation.

v6.0.0

  • Fix a JsonPath denial-of-service where oversized numeric literals in untrusted JSON were parsed into arbitrarily large BigIntegers, an O(n^2) CPU and heap cost. JSON number tokens are now capped at 1000 characters by default, configurable via JsonPathConfig.numberLengthLimit and JsonConfig.numberLengthLimit (a negative value disables the check). Thanks to Brian Lee (PhD security researcher, Georgia Tech SSLab) for the private report.
  • Use custom Jackson 3 object mapper in JsonPath (#​1858) (thanks to gkiel for PR)
  • Fix Spring MockMvc cookie handling with Jakarta-only servlet APIs (fixes #​1853)
  • Use Jackson 3 mapper in JsonPath deserialization when Jackson 3 is the only Jackson on the classpath (#​1865) (thanks to dickerpulli for PR)
  • Add JsonPath.using(Jackson3ObjectMapperFactory) overload (#​1861) (thanks to Anusha-7254 for PR)
  • Fix typo in duplicate-finder-maven-plugin phase property (#​1866) (thanks to metacosm for PR)
  • Fix incorrect serialization of enum constants declared with a body when used as query/path parameters (#​1799)
  • The spring-mock-mvc and spring-web-test-client modules now target Spring Framework 7 and no longer expose their own Spring version as a transitive dependency (the Spring dependencies are declared optional), so they no longer drag Spring 5 onto a Spring Boot 4 / Spring Framework 7 classpath. This removes the need for manual Spring exclusions on Spring Boot 4 (fixes #​1853, #​1868). Thanks to spencerarq for the detailed investigation.

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • "before 9am on Monday"
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot changed the title Update rest-assured to v6 (major) Update rest-assured to v6 May 12, 2026
@renovate renovate Bot force-pushed the renovate/major-rest-assured branch from 966c17e to 9d09270 Compare June 2, 2026 01:03
@sonarqubecloud

sonarqubecloud Bot commented Jun 2, 2026

Copy link
Copy Markdown

@renovate renovate Bot force-pushed the renovate/major-rest-assured branch from 9d09270 to 31fad8e Compare July 10, 2026 21:59
@sonarqubecloud

Copy link
Copy Markdown

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants