Skip to content

Bump xmlunit.version from 2.11.0 to 2.12.0#608

Merged
coheigea merged 1 commit into
mainfrom
dependabot/maven/xmlunit.version-2.12.0
Jun 16, 2026
Merged

Bump xmlunit.version from 2.11.0 to 2.12.0#608
coheigea merged 1 commit into
mainfrom
dependabot/maven/xmlunit.version-2.12.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 8, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps xmlunit.version from 2.11.0 to 2.12.0.
Updates org.xmlunit:xmlunit-core from 2.11.0 to 2.12.0

Release notes

Sourced from org.xmlunit:xmlunit-core's releases.

XMLUnit for Java 2.12.0

This release may require you to adjust you configuration when comparing files that use DTDs. When XMLUnit 2.6.0 has been release it was intended to disallow DTD parsing by default, but due to a bug still allowed it. This has now been fixed.

Full list of changes:

  • bumped xmlunit-assertj3's dependency on assert to 3.27.7.

    This is to make people aware of GHSA-rqfh-9r24-8c9r

    XMLUnit itself does not use the affected code in AssertJ so the upgrade is not strictly necessary - and this is why the xmlunit-assertj module is not updated. In fact the assertions provided by xmlunit-assertj3 are the recommended upgrade path for users of AssertJ 3.x+.

    PRs #320 and #321

  • actually made withDTDParsingDisabled do what it says.

    This is a bugfix and in a way it is backwards incompatible as it changes default behavior in a way that I intended to do with XMLUnit 2.6.0 eight years ago. DocumentBuilderFactoryConfigurer.DefaultWithDTDParsing provides the behavior of XMLUnit 2.6.0 to 2.11.0.

    PRs #326 by @​jmestwa-coder and #328

Changelog

Sourced from org.xmlunit:xmlunit-core's changelog.

XMLUnit for Java 2.12.0 - /Released 2026-05-31/

  • bumped xmlunit-assertj3's dependency on assert to 3.27.7.

    This is to make people aware of GHSA-rqfh-9r24-8c9r

    XMLUnit itself does not use the affected code in AssertJ so the upgrade is not strictly necessary - and this is why the xmlunit-assertj module is not updated. In fact the assertions provided by xmlunit-assertj3 are the recommended upgrade path for users of AssertJ 3.x+.

    PRs #320 and #321

  • actually made withDTDParsingDisabled do what it says.

    This is a bugfix and in a way it is backwards incompatible as it changes default behavior in a way that I intended to do with XMLUnit 2.6.0 eight years ago. DocumentBuilderFactoryConfigurer.DefaultWithDTDParsing provides the behavior of XMLUnit 2.6.0 to 2.11.0.

    PRs #326 by @​jmestwa-coder and #328

Commits
  • 35a8243 prepare 2.12.0 release
  • e84de90 make javadoc build work
  • 7e11085 bump plugins
  • 9bfc67b Merge pull request #328 from xmlunit/fix-tests-introduce-new-DefaultWithDtdPa...
  • b5361e0 adjust tests, allow DTD parsing where necessary
  • e71cc58 introduce DefaultWithDTDParsing configuration
  • aafa4e4 Merge pull request #327 from xmlunit/rel-notes
  • a799d5c xmlunit-assertj3 is also certainly recommended for assertj 3 users
  • ba255e7 Merge pull request #326 from jmestwa-coder/dtd-parsing-disabled
  • 3a28d4e fix withDTDParsingDisabled to actually reject doctype declarations
  • Additional commits viewable in compare view

Updates org.xmlunit:xmlunit-matchers from 2.11.0 to 2.12.0

Release notes

Sourced from org.xmlunit:xmlunit-matchers's releases.

XMLUnit for Java 2.12.0

This release may require you to adjust you configuration when comparing files that use DTDs. When XMLUnit 2.6.0 has been release it was intended to disallow DTD parsing by default, but due to a bug still allowed it. This has now been fixed.

Full list of changes:

  • bumped xmlunit-assertj3's dependency on assert to 3.27.7.

    This is to make people aware of GHSA-rqfh-9r24-8c9r

    XMLUnit itself does not use the affected code in AssertJ so the upgrade is not strictly necessary - and this is why the xmlunit-assertj module is not updated. In fact the assertions provided by xmlunit-assertj3 are the recommended upgrade path for users of AssertJ 3.x+.

    PRs #320 and #321

  • actually made withDTDParsingDisabled do what it says.

    This is a bugfix and in a way it is backwards incompatible as it changes default behavior in a way that I intended to do with XMLUnit 2.6.0 eight years ago. DocumentBuilderFactoryConfigurer.DefaultWithDTDParsing provides the behavior of XMLUnit 2.6.0 to 2.11.0.

    PRs #326 by @​jmestwa-coder and #328

Changelog

Sourced from org.xmlunit:xmlunit-matchers's changelog.

XMLUnit for Java 2.12.0 - /Released 2026-05-31/

  • bumped xmlunit-assertj3's dependency on assert to 3.27.7.

    This is to make people aware of GHSA-rqfh-9r24-8c9r

    XMLUnit itself does not use the affected code in AssertJ so the upgrade is not strictly necessary - and this is why the xmlunit-assertj module is not updated. In fact the assertions provided by xmlunit-assertj3 are the recommended upgrade path for users of AssertJ 3.x+.

    PRs #320 and #321

  • actually made withDTDParsingDisabled do what it says.

    This is a bugfix and in a way it is backwards incompatible as it changes default behavior in a way that I intended to do with XMLUnit 2.6.0 eight years ago. DocumentBuilderFactoryConfigurer.DefaultWithDTDParsing provides the behavior of XMLUnit 2.6.0 to 2.11.0.

    PRs #326 by @​jmestwa-coder and #328

Commits
  • 35a8243 prepare 2.12.0 release
  • e84de90 make javadoc build work
  • 7e11085 bump plugins
  • 9bfc67b Merge pull request #328 from xmlunit/fix-tests-introduce-new-DefaultWithDtdPa...
  • b5361e0 adjust tests, allow DTD parsing where necessary
  • e71cc58 introduce DefaultWithDTDParsing configuration
  • aafa4e4 Merge pull request #327 from xmlunit/rel-notes
  • a799d5c xmlunit-assertj3 is also certainly recommended for assertj 3 users
  • ba255e7 Merge pull request #326 from jmestwa-coder/dtd-parsing-disabled
  • 3a28d4e fix withDTDParsingDisabled to actually reject doctype declarations
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Jun 8, 2026
@coheigea

coheigea commented Jun 16, 2026

Copy link
Copy Markdown
Contributor

@dependabot rebase

@dependabot
Bump xmlunit.version from 2.11.0 to 2.12.0
c2c9cc3 
Bumps `xmlunit.version` from 2.11.0 to 2.12.0.

Updates `org.xmlunit:xmlunit-core` from 2.11.0 to 2.12.0
- [Release notes](https://github.com/xmlunit/xmlunit/releases)
- [Changelog](https://github.com/xmlunit/xmlunit/blob/main/RELEASE_NOTES.md)
- [Commits](xmlunit/xmlunit@v2.11.0...v2.12.0)

Updates `org.xmlunit:xmlunit-matchers` from 2.11.0 to 2.12.0
- [Release notes](https://github.com/xmlunit/xmlunit/releases)
- [Changelog](https://github.com/xmlunit/xmlunit/blob/main/RELEASE_NOTES.md)
- [Commits](xmlunit/xmlunit@v2.11.0...v2.12.0)

---
updated-dependencies:
- dependency-name: org.xmlunit:xmlunit-core
  dependency-version: 2.12.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
- dependency-name: org.xmlunit:xmlunit-matchers
  dependency-version: 2.12.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/maven/xmlunit.version-2.12.0 branch from 9925ec5 to c2c9cc3 Compare June 16, 2026 07:17
@coheigea coheigea merged commit 60a470d into main Jun 16, 2026
3 checks passed
@dependabot dependabot Bot deleted the dependabot/maven/xmlunit.version-2.12.0 branch June 16, 2026 11:41
coheigea pushed a commit that referenced this pull request Jun 16, 2026
@dependabot @coheigea
Bump xmlunit.version from 2.11.0 to 2.12.0 (#608)
0a53d78 
Bumps `xmlunit.version` from 2.11.0 to 2.12.0.

Updates `org.xmlunit:xmlunit-core` from 2.11.0 to 2.12.0
- [Release notes](https://github.com/xmlunit/xmlunit/releases)
- [Changelog](https://github.com/xmlunit/xmlunit/blob/main/RELEASE_NOTES.md)
- [Commits](xmlunit/xmlunit@v2.11.0...v2.12.0)

Updates `org.xmlunit:xmlunit-matchers` from 2.11.0 to 2.12.0
- [Release notes](https://github.com/xmlunit/xmlunit/releases)
- [Changelog](https://github.com/xmlunit/xmlunit/blob/main/RELEASE_NOTES.md)
- [Commits](xmlunit/xmlunit@v2.11.0...v2.12.0)

---
updated-dependencies:
- dependency-name: org.xmlunit:xmlunit-core
  dependency-version: 2.12.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
- dependency-name: org.xmlunit:xmlunit-matchers
  dependency-version: 2.12.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coheigea coheigea coheigea approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file java Pull requests that update Java code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@coheigea