Skip to content

build(deps): bump io.rest-assured:rest-assured from 6.0.0 to 6.0.1#558

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/gradle/io.rest-assured-rest-assured-6.0.1
Open

build(deps): bump io.rest-assured:rest-assured from 6.0.0 to 6.0.1#558
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/gradle/io.rest-assured-rest-assured-6.0.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 13, 2026

Copy link
Copy Markdown
Contributor

Bumps io.rest-assured:rest-assured from 6.0.0 to 6.0.1.

Changelog

Sourced from io.rest-assured:rest-assured's changelog.

Changelog 6.0.1 (2026-07-10)

  • Fix a JsonPath denial-of-service where oversized numeric literals in untrusted JSON were parsed into arbitrarily large BigIntegers, an O(n^2) CPU and heap cost. JSON number tokens are now capped at 1000 characters by default, configurable via JsonPathConfig.numberLengthLimit and JsonConfig.numberLengthLimit (a negative value disables the check). Thanks to Brian Lee (PhD security researcher, Georgia Tech SSLab) for the private report.
  • Use custom Jackson 3 object mapper in JsonPath (#1858) (thanks to gkiel for PR)
  • Fix Spring MockMvc cookie handling with Jakarta-only servlet APIs (fixes #1853)
  • Use Jackson 3 mapper in JsonPath deserialization when Jackson 3 is the only Jackson on the classpath (#1865) (thanks to dickerpulli for PR)
  • Add JsonPath.using(Jackson3ObjectMapperFactory) overload (#1861) (thanks to Anusha-7254 for PR)
  • Fix typo in duplicate-finder-maven-plugin phase property (#1866) (thanks to metacosm for PR)
  • Fix incorrect serialization of enum constants declared with a body when used as query/path parameters (#1799)
  • The spring-mock-mvc and spring-web-test-client modules now target Spring Framework 7 and no longer expose their own Spring version as a transitive dependency (the Spring dependencies are declared optional), so they no longer drag Spring 5 onto a Spring Boot 4 / Spring Framework 7 classpath. This removes the need for manual Spring exclusions on Spring Boot 4 (fixes #1853, #1868). Thanks to spencerarq for the detailed investigation.

Changelog 5.5.7 (2026-01-16)

  • Spring MockMvc module now supports Spring Framework 7.0 (thanks to Marcin Grzejszczak for PR)
Commits
  • 8cc835a [maven-release-plugin] prepare release rest-assured-6.0.1
  • 92551ed Sync dist and OSGi module versions during release
  • 29b55e2 Sync dist and osgi module parent versions to 6.0.1-SNAPSHOT
  • f1abe77 [ci skip] Preparing for release
  • d134dfb Target Spring Framework 7 in the Spring modules and stop leaking Spring onto ...
  • a146f56 Add AGENTS.md with changelog convention, reference it from CLAUDE.md
  • 2bbb19a Fix remaining duplicate-finder property typo in spring7-mvc-webapp
  • c5214b8 Fix serialization of enum constants declared with a body (#1799)
  • bc4608f [ci skip] Updated changelog to reflect the latest changes
  • 2054f37 Add JsonPath.using(Jackson3ObjectMapperFactory) overload
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [io.rest-assured:rest-assured](https://github.com/rest-assured/rest-assured) from 6.0.0 to 6.0.1.
- [Changelog](https://github.com/rest-assured/rest-assured/blob/master/changelog.txt)
- [Commits](rest-assured/rest-assured@rest-assured-6.0.0...rest-assured-6.0.1)

---
updated-dependencies:
- dependency-name: io.rest-assured:rest-assured
  dependency-version: 6.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Jul 13, 2026
@dependabot dependabot Bot requested a review from a team as a code owner July 13, 2026 00:33
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Jul 13, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file java Pull requests that update Java code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants