Hi Tom,
Wasn't sure whether this constitutes as a issue on GitHub but noticed this post which seemed relevant.
I've recently been trying to upgrade the version of jackson within wiremock 2.16.0 (as well as zjsonpatch) due a several vulnerabilities associated with databind and core (before 2.8.11.1 and 2.9.x before 2.9.5).
Modifying the current version of zjsonpatch to latest version causes a test failure in the EqualToJsonTest:
com.github.tomakehurst.wiremock.matching.EqualToJsonTest > ignoresExtraObjectAttributesAndArrayOrderWhenConfigured FAILED
java.lang.AssertionError
at org.junit.Assert.fail(Assert.java:86)
at org.junit.Assert.assertTrue(Assert.java:41)
at org.junit.Assert.assertTrue(Assert.java:52)
at com.github.tomakehurst.wiremock.matching.EqualToJsonTest.ignoresExtraObjectAttributesAndArrayOrderWhenConfigured(EqualToJsonTest.java:259)
I've tried my best to resolve the issue but it seems that something has changed within zjsonpatch from version 0.3.0 onwards which causes this condition to fail each time. I would rather not remove test to get the wiremock to build as I recognise there are additional tests which must validate the handling of JSON.
- Any ideas of what is causing this test to fail now?
- Will you be upgrading the version of zjsonpatch and jackson in the future?
For interest, I would recommend using synk.io as it will keep you notified of vulnerabilities associated with your repository. Completely at your discretion of whether you want to resolve the issues or not, but from a security perspective it is useful to know. I've included some links below of the high issues associated with jackson databind and core.
Lastly, appreciate all the hard work that has gone into wiremock and I think its an excellent tool.
Many thanks
Kevin