Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade TestNG 7.4.0 -> 7.7.1 #469

Merged
merged 3 commits into from
Jan 24, 2023
Merged

Upgrade TestNG 7.4.0 -> 7.7.1 #469

merged 3 commits into from
Jan 24, 2023

Conversation

Picnic-Bot
Copy link
Contributor

This PR contains the following updates:

Package Type Update Change
org.testng:testng (source) compile minor 7.4.0 -> 7.7.0

GitHub Vulnerability Alerts

CVE-2022-4065

A vulnerability was found in cbeust testng. It has been declared as critical. Affected by this vulnerability is the function testngXmlExistsInJar of the file testng-core/src/main/java/org/testng/JarFileUtils.java of the component XML File Parser. The manipulation leads to path traversal. The attack can be launched remotely. A patch is available in version 7.7.0 at commit 9150736cd2c123a6a3b60e6193630859f9f0422b. It is recommended to apply a patch to fix this issue. The patch was pushed into the master branch but no releases have yet been made with the patch included.

Release Notes

cbeust/testng

v7.7.0: TestNG v7.7.0

Compare Source

What's Changed

New Contributors

Full Changelog: testng-team/testng@7.6.1...7.7.0

v7.6.1: TestNG v7.6.1

Compare Source

This is a bug fix release and just includes 1 bug fix in it.

What's Changed

Full Changelog: testng-team/testng@7.6.0...7.6.1

v7.6.0

Compare Source

What's Changed

New Contributors

Full Changelog: testng-team/testng@7.5...7.6.0

v7.5

Compare Source

  • If you want to rebase/retry this PR, check this box

@Stephan202 Stephan202 force-pushed the renovate/maven-org.testng-testng-vulnerability branch from 2ae1d72 to 32d6cab Compare January 19, 2023 06:47
@github-actions
Copy link

Looks good. No mutations were possible for these changes.
Mutation testing report by Pitest. Review any surviving mutants by inspecting the line comments under Files changed.

Stephan202
Stephan202 approved these changes Jan 19, 2023
View reviewed changes
Copy link
Member

@Stephan202 Stephan202 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This PR replaced #82. There I wrote:

The java.util.Collection overload is new. We should review whether there are any other new assertion methods for which we should add Refaster templates.

By now we started working on an automated solution to this issue, so let's just merge this PR with minimal changes. I added a small commit.

There's no suggested commit message; I suspect because of the [SECURITY] PR title suffix (CC @Badbond). Suggested commit message:

Upgrade TestNG 7.4.0 -> 7.7.1 (#469)

See:
- https://github.com/cbeust/testng/blob/master/CHANGES.txt
- https://github.com/cbeust/testng/releases/tag/7.6.0
- https://github.com/cbeust/testng/releases/tag/7.6.1
- https://github.com/cbeust/testng/releases/tag/7.7.0
- https://github.com/cbeust/testng/releases/tag/7.7.1
- https://github.com/cbeust/testng/compare/7.4.0...7.7.1

(Not sure why Renovate didn't, but I also further bumped the upgrade to 7.7.1.)

@Stephan202 Stephan202 changed the title Upgrade org.testng:testng 7.4.0 -> 7.7.0 [SECURITY] Upgrade org.testng:testng 7.4.0 -> 7.7.1 Jan 19, 2023
@Stephan202 Stephan202 mentioned this pull request Jan 19, 2023
Closed
1 task
@Picnic-Bot
Copy link
Contributor Author

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.
You can manually request rebase by checking the rebase/retry box above.

Warning: custom changes will be lost.

@github-actions
Copy link

Looks good. No mutations were possible for these changes.
Mutation testing report by Pitest. Review any surviving mutants by inspecting the line comments under Files changed.

@Picnic-Bot
Copy link
Contributor Author

Suggested commit message:

Upgrade testng 7.4.0 -> 7.7.1

See:
- https://github.com/cbeust/testng/releases/tag/7.6.1
- https://github.com/cbeust/testng/releases/tag/7.7.0
- https://github.com/cbeust/testng/releases/tag/7.7.1
- https://github.com/cbeust/testng/compare/7.6.0...7.7.1

@Stephan202
Copy link
Member

Ah, and indeed now the suggested commit message does show up :)

@Badbond
Copy link
Member

Badbond commented Jan 19, 2023

Thanks @Stephan202. Filed a ticket internally. 👍

@Stephan202 Stephan202 added this to the 0.8.0 milestone Jan 19, 2023
@rickie rickie force-pushed the renovate/maven-org.testng-testng-vulnerability branch from ef3cc70 to afdac37 Compare January 24, 2023 08:33
@github-actions
Copy link

Looks good. No mutations were possible for these changes.
Mutation testing report by Pitest. Review any surviving mutants by inspecting the line comments under Files changed.

@rickie rickie changed the title Upgrade org.testng:testng 7.4.0 -> 7.7.1 Upgrade TestNG 7.4.0 -> 7.7.1 Jan 24, 2023
@rickie rickie merged commit a5b5f43 into master Jan 24, 2023
@rickie rickie deleted the renovate/maven-org.testng-testng-vulnerability branch January 24, 2023 08:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rickie rickie rickie approved these changes

@Stephan202 Stephan202 Stephan202 approved these changes

Assignees
No one assigned
Labels
dependencies
Milestone
0.8.0
Development

Successfully merging this pull request may close these issues.
4 participants
@Picnic-Bot @Stephan202 @Badbond @rickie