chore(deps): update dependency org.assertj:assertj-core to v3.27.7 [security]#48
Closed
renovate[bot] wants to merge 113 commits intomainfrom
Closed
chore(deps): update dependency org.assertj:assertj-core to v3.27.7 [security]#48renovate[bot] wants to merge 113 commits intomainfrom
renovate[bot] wants to merge 113 commits intomainfrom
Conversation
This implements low-level support for scrollable views
Makes it easier to deal with rectangles that should be based on the size of enclosing rectangles
…ion digest to 4bf8a28
…e-plugin to v2.22.2
…r-plugin to v3.14.0
…ncy-plugin to v2.10
Renamed `StyledBuffer` to `LineBuffer` and made implementations part of the file. Renamed `Panel` to `Buffer` and made implementations and `PanelView` part of the file. Deleted `StyledCharSequence` and folded its API into `LineBuffer`.
This will cause a style reset to be inserted if we change from an unknown state to a new state
Instead of `Renderable`. This marks a shift away from using `Buffer` for rendering to preferring regular strings.
`LineBuffer.putString()` did not account for wide characters when adding text to the buffer.
Before we could only set attributes, which then created confusion when we want to switch to another style. Are certain attributes unset because we don't care about them or do we actively want to unset them? This information is now kept in Style.
Removed separate `LineBuffer` class in favor of simply treating line buffers as a 2-dimensional `Buffer` of height 1.
renovate
bot
changed the title
renovate
bot
changed the title
renovate
bot
changed the title
Contributor
Author
Renovate Ignore NotificationBecause you closed this PR without merging, Renovate will ignore this update ( If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
3.27.6→3.27.7Warning
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
GitHub Vulnerability Alerts
CVE-2026-24400
An XML External Entity (XXE) vulnerability exists in
org.assertj.core.util.xml.XmlStringPrettyFormatter: thetoXmlDocument(String)method initializesDocumentBuilderFactorywith default settings, without disabling DTDs or external entities. This formatter is used by theisXmlEqualTo(CharSequence)assertion forCharSequencevalues.An application is vulnerable only when it uses untrusted XML input with one of the following methods:
isXmlEqualTo(CharSequence)fromorg.assertj.core.api.AbstractCharSequenceAssertxmlPrettyFormat(String)fromorg.assertj.core.util.xml.XmlStringPrettyFormatterImpact
If untrusted XML input is processed by the methods mentioned above (e.g., in test environments handling external fixture files), an attacker could:
file://URIs (e.g.,/etc/passwd, application configuration files)Mitigation
isXmlEqualTo(CharSequence)has been deprecated in favor of XMLUnit in version 3.18.0 and will be removed in version 4.0. Users of affected versions should, in order of preference:isXmlEqualTo(CharSequence)with XMLUnit, orisXmlEqualTo(CharSequence)orXmlStringPrettyFormatterwith untrusted input.XmlStringPrettyFormatterhas historically been considered a utility forisXmlEqualTo(CharSequence)rather than a feature for AssertJ users, so it is deprecated in version 3.27.7 and removed in version 4.0, with no replacement.References
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.