Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): bump org.wiremock:wiremock from 3.0.1 to 3.0.3 #107

Closed
wants to merge 1 commit into from
Closed

chore(deps): bump org.wiremock:wiremock from 3.0.1 to 3.0.3 #107

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Sep 8, 2023
edited
Loading

Bumps org.wiremock:wiremock from 3.0.1 to 3.0.3.

Release notes

Sourced from org.wiremock:wiremock's releases.

3.0.3 - Security Release

🔒 Security

This security release addresses the following issues

NOTE: WireMock Studio, a proprietary distribution discontinued in 2022, is also affected by those issues and also affected by CVE-2023-39967 - Overall CVSS Score 8.6 - “Controlled and full-read SSRF through URL parameter when testing a request, webhooks and proxy mode”. The fixes will not be provided. The vendor recommends migrating to WireMock Cloud which is available as SaaS and private beta for on-premises deployments

🔗 Related releases

Credits

@​W0rty, @​numacanedo, @​Mahoney, @​tomakehurst, @​oleg-nenashev

3.0.2

🐛 Bug fixes

👻 Maintenance

📦 Dependency updates

Commits
  • 7a51264 Bumped patch version
  • 0f72091 Stop NetworkAddressRules doing DNS lookups
  • 984e79f Make NetworkAddressRulesAdheringDnsResolver testable
  • 92d7793 Applied DNS resolver enforcement to webhooks extension
  • 027ddaf Moved enforcement of network address rules to Apache client DNS resolver to a...
  • 21a9622 Bumped patch version
  • 1bb8b2d Bump org.eclipse.jetty:jetty-bom from 11.0.15 to 11.0.16 (#2346)
  • 3fc3b88 Bump org.slf4j:log4j-over-slf4j from 2.0.7 to 2.0.9 (#2353)
  • 0456440 Bump org.sonarqube from 4.3.0.3225 to 4.3.1.3277 (#2352)
  • 18ccdc6 Merge pull request #2356 from wiremock/reset-system-properties
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps): bump org.wiremock:wiremock from 3.0.1 to 3.0.3
d81fd27 
Bumps [org.wiremock:wiremock](https://github.com/wiremock/wiremock) from 3.0.1 to 3.0.3.
- [Release notes](https://github.com/wiremock/wiremock/releases)
- [Commits](wiremock/wiremock@3.0.1...3.0.3)

---
updated-dependencies:
- dependency-name: org.wiremock:wiremock
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Sep 8, 2023
@DarkAtra
Copy link
Owner

@dependabot rebase

@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Sep 11, 2023

Looks like org.wiremock:wiremock is up-to-date now, so this is no longer needed.

@dependabot dependabot bot closed this Sep 11, 2023
@dependabot dependabot bot deleted the dependabot/maven/org.wiremock-wiremock-3.0.3 branch September 11, 2023 08:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file java Pull requests that update Java code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@DarkAtra