fix(deps): update dependency org.jenkins-ci.plugins:junit to v1166 [security] #5026
+1
−1
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
renovate
bot
force-pushed
the
renovate/maven-org.jenkins-ci.plugins-junit-vulnerability
branch
3 times, most recently
from
5433ca8 to
fcfc4c1
Compare
renovate
bot
force-pushed
the
renovate/maven-org.jenkins-ci.plugins-junit-vulnerability
branch
7 times, most recently
from
2d7c96c to
6d7702b
Compare
renovate
bot
force-pushed
the
renovate/maven-org.jenkins-ci.plugins-junit-vulnerability
branch
7 times, most recently
from
b13d752 to
4b9fb0e
Compare
renovate
bot
force-pushed
the
renovate/maven-org.jenkins-ci.plugins-junit-vulnerability
branch
2 times, most recently
from
222a442 to
9367b54
Compare
renovate
bot
force-pushed
the
renovate/maven-org.jenkins-ci.plugins-junit-vulnerability
branch
8 times, most recently
from
0fce35a to
2315a86
Compare
renovate
bot
force-pushed
the
renovate/maven-org.jenkins-ci.plugins-junit-vulnerability
branch
2 times, most recently
from
49e56e6 to
9febf66
Compare
renovate
bot
force-pushed
the
renovate/maven-org.jenkins-ci.plugins-junit-vulnerability
branch
from
855fc0f to
2c42a7e
Compare
|
/it-go |
renovate
bot
force-pushed
the
renovate/maven-org.jenkins-ci.plugins-junit-vulnerability
branch
from
2c42a7e to
777349d
Compare
|
/it-go |
renovate
bot
force-pushed
the
renovate/maven-org.jenkins-ci.plugins-junit-vulnerability
branch
from
777349d to
f3cf024
Compare
|
/it-go |
renovate
bot
force-pushed
the
renovate/maven-org.jenkins-ci.plugins-junit-vulnerability
branch
from
f3cf024 to
1f3f7b8
Compare
|
/it-go |
renovate
bot
force-pushed
the
renovate/maven-org.jenkins-ci.plugins-junit-vulnerability
branch
from
1f3f7b8 to
39e38db
Compare
|
/it-go |
renovate
bot
force-pushed
the
renovate/maven-org.jenkins-ci.plugins-junit-vulnerability
branch
from
39e38db to
83033cc
Compare
|
/it-go |
renovate
bot
force-pushed
the
renovate/maven-org.jenkins-ci.plugins-junit-vulnerability
branch
from
83033cc to
eacbf6b
Compare
|
/it-go |
renovate
bot
force-pushed
the
renovate/maven-org.jenkins-ci.plugins-junit-vulnerability
branch
from
eacbf6b to
b9b22e6
Compare
|
/it-go |
renovate
bot
force-pushed
the
renovate/maven-org.jenkins-ci.plugins-junit-vulnerability
branch
from
b9b22e6 to
1563908
Compare
|
/it-go |
renovate
bot
force-pushed
the
renovate/maven-org.jenkins-ci.plugins-junit-vulnerability
branch
from
1563908 to
50b58c2
Compare
|
/it-go |
renovate
bot
force-pushed
the
renovate/maven-org.jenkins-ci.plugins-junit-vulnerability
branch
from
50b58c2 to
e0a77d3
Compare
|
/it-go |
renovate
bot
force-pushed
the
renovate/maven-org.jenkins-ci.plugins-junit-vulnerability
branch
from
e0a77d3 to
a1b98c7
Compare
|
/it-go |
renovate
bot
force-pushed
the
renovate/maven-org.jenkins-ci.plugins-junit-vulnerability
branch
from
a1b98c7 to
845a8aa
Compare
|
/it-go |
renovate
bot
force-pushed
the
renovate/maven-org.jenkins-ci.plugins-junit-vulnerability
branch
from
845a8aa to
1aa6668
Compare
|
/it-go |
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
1.24->1166.1168.vd6b_8042a_06deGitHub Vulnerability Alerts
CVE-2022-45380
JUnit Plugin 1159.v0b_396e1e07dd and earlier converts HTTP(S) URLs in test report output to clickable links.
This is done in an unsafe manner, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
JUnit Plugin 1160.vf1f01a_a_ea_b_7f no longer converts URLs to clickable links.
CVE-2022-34176
JUnit Plugin 1119.va_a_5e9068da_d7 and earlier does not escape descriptions of test results.
This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission.
JUnit Plugin 1119.1121.vc43d0fc45561 applies the configured markup formatter to descriptions of test results.
CVE-2023-25761
Jenkins JUnit Plugin 1166.va_436e268e972 and earlier does not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control test case class names in the JUnit resources processed by the plugin.
CVE-2018-1000411
A cross-site request forgery vulnerability exists in Jenkins JUnit Plugin 1.25 and earlier in TestObject.java that allows setting the description of a test result.
Release Notes
jenkinsci/junit-plugin (org.jenkins-ci.plugins:junit)
v1166.1168.vd6b_8042a_06deCompare Source
v1166.va_436e268e972Compare Source
🚀 New features and improvements
✍ Other changes
📦 Dependency updates
v1160.vf1f01a_a_ea_b_7fCompare Source
v1159.v0b_396e1e07ddCompare Source
👷 Changes for plugin developers
📦 Dependency updates
v1156.vcf492e95a_a_b_0Compare Source
📦 Dependency updates
v1153.v1c24f1a_d2553Compare Source
🚀 New features and improvements
📦 Dependency updates
v1150.v5c2848328b_60Compare Source
🚀 New features and improvements
scriptblock in "failed-test.jelly" to external file (#439) @Jagrutiti👻 Maintenance
📦 Dependency updates
v1144.v909f4d9978e8Compare Source
🚀 New features and improvements
v1143.1145.v81b_b_9579a_019Compare Source
v1143.v8d9a_e3355270Compare Source
🚦 Tests
📦 Dependency updates
v1119.1124.va_a_8ccde5658fCompare Source
v1119.1122.v750e65d31b_db_Compare Source
v1119.1121.vc43d0fc45561Compare Source
v1119.va_a_5e9068da_d7👻 Automatic releases are now enabled on merge to master
This comes with a new version number format, see https://www.jenkins.io/jep/229
🚀 New features and improvements
skipOldReportsdefaulted to false) (#384) @olamy🐛 Bug fixes
📝 Documentation updates
📦 Dependency updates
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.