deps(deps): bump xmlunit.version from 2.11.0 to 2.12.0 by dependabot[bot] · Pull Request #25 · ktestify/ktestify-core

dependabot · 2026-06-01T23:15:28Z

Bumps xmlunit.version from 2.11.0 to 2.12.0.
Updates org.xmlunit:xmlunit-core from 2.11.0 to 2.12.0

Release notes

Sourced from org.xmlunit:xmlunit-core's releases.

XMLUnit for Java 2.12.0

This release may require you to adjust you configuration when comparing files that use DTDs. When XMLUnit 2.6.0 has been release it was intended to disallow DTD parsing by default, but due to a bug still allowed it. This has now been fixed.

Full list of changes:

bumped xmlunit-assertj3's dependency on assert to 3.27.7.

This is to make people aware of GHSA-rqfh-9r24-8c9r

XMLUnit itself does not use the affected code in AssertJ so the upgrade is not strictly necessary - and this is why the xmlunit-assertj module is not updated. In fact the assertions provided by xmlunit-assertj3 are the recommended upgrade path for users of AssertJ 3.x+.

PRs #320 and #321

actually made withDTDParsingDisabled do what it says.

This is a bugfix and in a way it is backwards incompatible as it changes default behavior in a way that I intended to do with XMLUnit 2.6.0 eight years ago. DocumentBuilderFactoryConfigurer.DefaultWithDTDParsing provides the behavior of XMLUnit 2.6.0 to 2.11.0.

PRs #326 by @jmestwa-coder and #328

Changelog

Sourced from org.xmlunit:xmlunit-core's changelog.

XMLUnit for Java 2.12.0 - /Released 2026-05-31/

bumped xmlunit-assertj3's dependency on assert to 3.27.7.

This is to make people aware of GHSA-rqfh-9r24-8c9r

XMLUnit itself does not use the affected code in AssertJ so the upgrade is not strictly necessary - and this is why the xmlunit-assertj module is not updated. In fact the assertions provided by xmlunit-assertj3 are the recommended upgrade path for users of AssertJ 3.x+.

PRs #320 and #321

actually made withDTDParsingDisabled do what it says.

This is a bugfix and in a way it is backwards incompatible as it changes default behavior in a way that I intended to do with XMLUnit 2.6.0 eight years ago. DocumentBuilderFactoryConfigurer.DefaultWithDTDParsing provides the behavior of XMLUnit 2.6.0 to 2.11.0.

PRs #326 by @jmestwa-coder and #328

Commits

35a8243 prepare 2.12.0 release
e84de90 make javadoc build work
7e11085 bump plugins
9bfc67b Merge pull request #328 from xmlunit/fix-tests-introduce-new-DefaultWithDtdPa...
b5361e0 adjust tests, allow DTD parsing where necessary
e71cc58 introduce DefaultWithDTDParsing configuration
aafa4e4 Merge pull request #327 from xmlunit/rel-notes
a799d5c xmlunit-assertj3 is also certainly recommended for assertj 3 users
ba255e7 Merge pull request #326 from jmestwa-coder/dtd-parsing-disabled
3a28d4e fix withDTDParsingDisabled to actually reject doctype declarations
Additional commits viewable in compare view

Updates org.xmlunit:xmlunit-matchers from 2.11.0 to 2.12.0

Release notes

Sourced from org.xmlunit:xmlunit-matchers's releases.

XMLUnit for Java 2.12.0

This release may require you to adjust you configuration when comparing files that use DTDs. When XMLUnit 2.6.0 has been release it was intended to disallow DTD parsing by default, but due to a bug still allowed it. This has now been fixed.

Full list of changes:

bumped xmlunit-assertj3's dependency on assert to 3.27.7.

This is to make people aware of GHSA-rqfh-9r24-8c9r

XMLUnit itself does not use the affected code in AssertJ so the upgrade is not strictly necessary - and this is why the xmlunit-assertj module is not updated. In fact the assertions provided by xmlunit-assertj3 are the recommended upgrade path for users of AssertJ 3.x+.

PRs #320 and #321

actually made withDTDParsingDisabled do what it says.

This is a bugfix and in a way it is backwards incompatible as it changes default behavior in a way that I intended to do with XMLUnit 2.6.0 eight years ago. DocumentBuilderFactoryConfigurer.DefaultWithDTDParsing provides the behavior of XMLUnit 2.6.0 to 2.11.0.

PRs #326 by @jmestwa-coder and #328

Changelog

Sourced from org.xmlunit:xmlunit-matchers's changelog.

XMLUnit for Java 2.12.0 - /Released 2026-05-31/

bumped xmlunit-assertj3's dependency on assert to 3.27.7.

This is to make people aware of GHSA-rqfh-9r24-8c9r

XMLUnit itself does not use the affected code in AssertJ so the upgrade is not strictly necessary - and this is why the xmlunit-assertj module is not updated. In fact the assertions provided by xmlunit-assertj3 are the recommended upgrade path for users of AssertJ 3.x+.

PRs #320 and #321

actually made withDTDParsingDisabled do what it says.

This is a bugfix and in a way it is backwards incompatible as it changes default behavior in a way that I intended to do with XMLUnit 2.6.0 eight years ago. DocumentBuilderFactoryConfigurer.DefaultWithDTDParsing provides the behavior of XMLUnit 2.6.0 to 2.11.0.

PRs #326 by @jmestwa-coder and #328

Commits

35a8243 prepare 2.12.0 release
e84de90 make javadoc build work
7e11085 bump plugins
9bfc67b Merge pull request #328 from xmlunit/fix-tests-introduce-new-DefaultWithDtdPa...
b5361e0 adjust tests, allow DTD parsing where necessary
e71cc58 introduce DefaultWithDTDParsing configuration
aafa4e4 Merge pull request #327 from xmlunit/rel-notes
a799d5c xmlunit-assertj3 is also certainly recommended for assertj 3 users
ba255e7 Merge pull request #326 from jmestwa-coder/dtd-parsing-disabled
3a28d4e fix withDTDParsingDisabled to actually reject doctype declarations
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps `xmlunit.version` from 2.11.0 to 2.12.0. Updates `org.xmlunit:xmlunit-core` from 2.11.0 to 2.12.0 - [Release notes](https://github.com/xmlunit/xmlunit/releases) - [Changelog](https://github.com/xmlunit/xmlunit/blob/main/RELEASE_NOTES.md) - [Commits](xmlunit/xmlunit@v2.11.0...v2.12.0) Updates `org.xmlunit:xmlunit-matchers` from 2.11.0 to 2.12.0 - [Release notes](https://github.com/xmlunit/xmlunit/releases) - [Changelog](https://github.com/xmlunit/xmlunit/blob/main/RELEASE_NOTES.md) - [Commits](xmlunit/xmlunit@v2.11.0...v2.12.0) --- updated-dependencies: - dependency-name: org.xmlunit:xmlunit-core dependency-version: 2.12.0 dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: org.xmlunit:xmlunit-matchers dependency-version: 2.12.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

github-actions · 2026-06-01T23:15:40Z

Dependency Review

The following issues were found:

✅ 0 vulnerable package(s)
✅ 0 package(s) with incompatible licenses
✅ 0 package(s) with invalid SPDX license definitions
⚠️ 2 package(s) with unknown licenses.

See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA ed64a1d.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

pom.xml

Package	Version	License	Issue Type
org.xmlunit:xmlunit-core	2.12.0	Null	Unknown License
org.xmlunit:xmlunit-matchers	2.12.0	Null	Unknown License

Allowed Licenses:
Apache-2.0, MIT, BSD-2-Clause, BSD-3-Clause, ISC, LGPL-2.0-only, LGPL-2.1-only, LGPL-2.1-or-later, EPL-1.0, EPL-2.0, CDDL-1.0, CC0-1.0

OpenSSF Scorecard

Package

Version

Score

Details

maven/org.xmlunit:xmlunit-core

2.12.0

🟢 5.2

Details

Check	Score	Reason
Maintained	⚠️ 0	0 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0
Token-Permissions	⚠️ -1	No tokens found
Dangerous-Workflow	⚠️ -1	no workflows found
Code-Review	⚠️ 0	Found 0/11 approved changesets -- score normalized to 0
Packaging	⚠️ -1	packaging workflow not detected
Security-Policy	🟢 10	security policy file detected
Binary-Artifacts	🟢 10	no binaries found in the repo
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	⚠️ -1	no dependencies found
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases	🟢 8	5 out of the last 5 releases have a total of 5 signed artifacts.
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

maven/org.xmlunit:xmlunit-matchers

2.12.0

🟢 5.2

Details

Check	Score	Reason
Maintained	⚠️ 0	0 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0
Token-Permissions	⚠️ -1	No tokens found
Dangerous-Workflow	⚠️ -1	no workflows found
Code-Review	⚠️ 0	Found 0/11 approved changesets -- score normalized to 0
Packaging	⚠️ -1	packaging workflow not detected
Security-Policy	🟢 10	security policy file detected
Binary-Artifacts	🟢 10	no binaries found in the repo
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	⚠️ -1	no dependencies found
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases	🟢 8	5 out of the last 5 releases have a total of 5 signed artifacts.
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

Scanned Files

pom.xml

github-actions · 2026-06-01T23:15:43Z

📋 Unreleased Changelog Preview

This is what the next release notes will look like based on commits in this PR.

Changelog

All notable changes to this project will be documented in this file.

[Unreleased]

⬆️ Dependency Updates

Bump com.diffplug.spotless:spotless-maven-plugin (deps-dev) — @dependabot[bot]
Bump org.slf4j:slf4j-api in the logging group (deps) — @dependabot[bot]
Bump the kafka group with 2 updates (deps) — @dependabot[bot]
Bump the kafka group across 1 directory with 2 updates (deps) — @dependabot[bot]
Bump the junit5 group across 1 directory with 3 updates (deps-dev) — @dependabot[bot]
Bump xmlunit.version from 2.11.0 to 2.12.0 (deps)

🐛 Bug Fixes

Fixed an issue where a release on GitHub would not have the jars attached — @nil-malh

Generated by git-cliff

🔄 Run #79 · Mon, 01 Jun 2026 23:15:42 GMT

github-actions · 2026-06-01T23:19:00Z

✅ Test Results

	Metric	Count
✅	Passed	655
❌	Failed	0
⏭️	Skipped	0
📊	Total	655

✅ Coverage

	Type	Coverage	Covered / Total
📏	Lines	83.7%	1720 / 2056
🌿	Branches	72.7%	518 / 713
🔧	Methods	83.3%	359 / 431

🔄 CI run #99 · Mon, 01 Jun 2026 23:19:00 GMT

dependabot Bot added dependencies java labels Jun 1, 2026

dependabot Bot requested a review from nil-malh as a code owner June 1, 2026 23:15

dependabot Bot added dependencies java labels Jun 1, 2026

nil-malh approved these changes Jun 2, 2026

View reviewed changes

nil-malh merged commit ed2cf7f into main Jun 2, 2026
10 checks passed

dependabot Bot deleted the dependabot/maven/xmlunit.version-2.12.0 branch June 2, 2026 23:10

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

deps(deps): bump xmlunit.version from 2.11.0 to 2.12.0#25

deps(deps): bump xmlunit.version from 2.11.0 to 2.12.0#25
nil-malh merged 1 commit into
mainfrom
dependabot/maven/xmlunit.version-2.12.0

dependabot Bot commented on behalf of github Jun 1, 2026

Uh oh!

github-actions Bot commented Jun 1, 2026

Uh oh!

github-actions Bot commented Jun 1, 2026

Uh oh!

github-actions Bot commented Jun 1, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot Bot commented on behalf of github Jun 1, 2026

XMLUnit for Java 2.12.0

XMLUnit for Java 2.12.0 - /Released 2026-05-31/

XMLUnit for Java 2.12.0

XMLUnit for Java 2.12.0 - /Released 2026-05-31/

Uh oh!

github-actions Bot commented Jun 1, 2026

Dependency Review

Snapshot Warnings

License Issues

pom.xml

OpenSSF Scorecard

Scanned Files

Uh oh!

github-actions Bot commented Jun 1, 2026

📋 Unreleased Changelog Preview

Changelog

[Unreleased]

⬆️ Dependency Updates

🐛 Bug Fixes

Uh oh!

github-actions Bot commented Jun 1, 2026

✅ Test Results

✅ Coverage

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant