SWI-3723 [Snyk] Security upgrade org.assertj:assertj-core from 3.11.1 to 3.27.7

[bwappsec]

Snyk has created this PR to fix 1 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

• pom.xml

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score	Upgrade
	XML External Entity (XXE) Injection SNYK-JAVA-ORGASSERTJ-15102413	105	org.assertj:assertj-core: 3.11.1 -> 3.27.7 No Path Found No Known Exploit

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 XML External Entity (XXE) Injection

[bwappsec]

This is a large minor version upgrade for a test assertion library. While it remains on the same major version, several subtle breaking changes were introduced between versions 3.11.1 and 3.27.7 that could cause test failures.

• Behavioral Changes: The behavior of recursive comparison has changed; it no longer uses overridden equals methods by default (since v3.17.0) and bare-name getter resolution is disabled (since v3.18.0).
• API Changes: A breaking change was introduced in v3.12.0 where assertThat(Iterator) now returns an IteratorAssert instead of an IterableAssert. Another change in v3.12.0 to containsOnlyKeys can cause unexpected behavior with java.nio.file.Path.
• Security: This upgrade fixes an XXE vulnerability (CVE-2026-24400) in the isXmlEqualTo assertion.

Source: AssertJ GitHub Issues and Documentation

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[bwappsec]

This is a significant minor version upgrade for a test library, spanning from 3.11.1 to 3.27.7. While not a major version change, several breaking changes have been introduced across these versions that may require test code modifications.

Key breaking changes include:

• Since v3.18.0: Property extraction from bare-name getters (e.g., name() instead of getName()) is now disabled by default. [2]
• Since v3.17.0: Recursive comparison no longer uses overridden equals() methods by default. [2]
• Since v3.12.0: A method overload for containsOnlyKeys can cause assertions on java.nio.file.Path objects to behave unexpectedly. [1]

Source: AssertJ documentation and GitHub issues. [1, 2]
Recommendation: Review tests that use recursive comparison, property extraction, or Path assertions, as they are likely to be affected.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[bwappsec]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues
✅	Code Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.