Update dependency io.rest-assured:rest-assured to v5

[renovate]

Note

Mend has cancelled the proposed renaming of the Renovate GitHub app being renamed to mend[bot].

This notice will be removed on 2025-10-07.

---

This PR contains the following updates:

Package	Change	Age	Confidence
io.rest-assured:rest-assured (source)	4.5.1 -> 5.5.6

---

Release Notes

rest-assured/rest-assured (io.rest-assured:rest-assured)

v5.5.6

• Remove deprecated constructors in multipart handling (#​1827) (thanks to Tobias Unger for PR)
• Fix NPE in RequestSpecificationImpl #​1830 (thanks to Boyarshinov Alexander for PR)
• Bump commons-lang3 from 3.16.0 to 3.18.0 (thanks to Ash Skelton for PR)

v5.5.5

• The rest-assured-bom project is back and works

v5.5.4

• The rest-assured-bom project is back

v5.5.3

• Greatly improved csrf support. When applying csrf, it'll automatically forward the cookies to returns from the GET request to the csrf token and apply it to the actual request. These cookies will also be applied to the CookieFilter automatically (if configured) and SessionFilter (if configured). For example:
  given().
  csrf("/login").
  formParam("name", "My New Name").
  when().
  post("/users/123").
  then().
  statusCode(200);

  Now the cookies returned from the GET request to login will be automatically applied to the POST to "/users/123".

  If you have a CookieFilter defined for multiple requests, the cookies returned by GET to /login will be automatically stored in the CookieFilter and used in the second request.

    var cookieFilter = new CookieFilter()
    given().filter(cookieFilter).csrf("/login").formParam("name", "My New Name").when().post("/users/123").then().statusCode(200);
    given().filter(cookieFilter).when().get("/users/123").then().statusCode(200);
  

  You can disable this behavior by setting automaticallyApplyCookies to false the csrf config:
  given().
  config(config().csrfConfig(csrfConfig().automaticallyApplyCookies(false))).
  csrf("/login").
  when().
  ...

v5.5.2

• CookieFilter now supports setting cookies correctly when Apache HTTP Client does internal redirects (when redirects().follow(true) is set).
• Upgrading kotlin module to use Kotlin 2.2.1
• Downgrading scale module to version 3.3.3 (LTS version) (thanks for Carlos Eduardo for PR)

v5.5.1

• Use Long in maxAge(Matcher<? super Integer> maxAgeMatcher) (thanks to julianladisch for PR)
• Fix so that GZIP doesn't become gzıp for Turkish environments (thanks to rdmrtn for PR)
• Upgraded jakarta.jakartaee-web-api to version 10.0.0 (#​1800)

v5.5.0

• Removing custom validation of pathParams in the mock-mvc module and instead rely on the Spring implementation(issue 1782) (thanks to taeyeon-Kim for pull request)

• Fixing "Error java.lang.NoSuchMethodError for HttpMethod.resolve()" in mock-mvc module (issue 1760) (thanks to d0vi for pull request)

• Fix #​1707: SVG file upload - fatal error :1:1: content is not allowed in prolog (#​1777) (thanks to Byounghee kim for pull request)

• Fix #​1773: Remove check for response HTTP status code. (thanks to macmon for pull request)

• Introducing the "scala-extensions" module for Scala 3 (#​1770). This means that you can write tests like this in Scala 3:

  @​Test
  def extraction with rest assured scala extensions: Unit =
  val message: String = Given(req =>
  req.port(7000)
  req.header("Header", "Header")
  req.body("hello")
  )
  .When(
  _.put("/the/path")
  )
  .Extract(
  _.path("message")
  )
  assertThat(message).isEqualTo("Hello World")
  (thanks to Carlos Eduardo for pull request)

• Remove deprecated Content-Transfer-Encoding from multipart post headers (#​1762) (thanks to Michal Trna for pull request)

• Fixed pathParams double encoding in mock-mvd module (#​1756) (thanks to Dmitry Kaukov for pull request)

• Upgraded Groovy from version 4.0.16 to 4.0.22

• Upgraded Jackson from version 2.14.3 to 2.17.1

• Upgraded kotlin extension module to use Kotlin 2.0.0 (previously 1.9.20 was used)

• Upgraded Guava library from 32.0.1-jre to 33.2.1-jre

v5.4.0

• Properly parse primitive JSON values (thanks to Jörg Eichhorn for pull request)
• Upgraded Groovy from 4.0.10 to 4.0.16
• Introduce spring-web-test-client-kotlin-extensions (#​1731) (thanks for TheDevLuffy for pull request). This means that if you depend on: org.restassured:spring-web-test-client-kotlin-extensions:<version> you can write code like this for Spring WebTest client:
  val id: Int =
  Given {
  webTestClient(webTestClient)
  param("name", "Johan")
  } When {
  get("/greeting")
  } Then {
  body(
  "id", Matchers.equalTo(1),
  "content", Matchers.equalTo("Hello, Johan!")
  )
  } Extract {
  path("id")
  }
• Fix 1746: JsonPath: wrong result and exception when jsonPath partly evaluates to string/boolean/number (#​1747) (thanks to Oleksandr Kulychok for pull request)
• Add support for negative indexes in JsonPath (thanks to Oleksandr Kulychok for pull request). This means that you can now do e.g. String object = JsonPath.from("").getString("[-1].email");
• Upgraded Kotlin from 1.9.10 to 1.9.21

v5.3.2

• Add onFailMessage into validatable response (#​1724). This means that you can use onFailMessage after then like: when().get("/somewhere").then().onFailMessage("My fail message").statusCode(200); (thanks to Ilya Koshaleu for pull request)
• Added support for path parameters methods in RestAssuredMockMvc (#​1723) (thanks to Jefersom Martins for pull request)
• Make header blacklisting case-insensitive (#​1722) (thanks to Bekh-Ivanov Aleksey for pull request)
• Blacklisted headers added to LogConfig are now case-insensitive by default
• Fixed so that testing multipart data request along with passing path parameters doesn't fail anymore in RestAssuredMockMvc (#​1673) (thanks to Andrey Demin for pull request)
• Improved compatibility issues with newer version of Spring Security
• Upgraded kotlin from 1.8.22 to 1.9.10
• Upgraded scala to 2.12.18

v5.3.1

• Upgraded Guava library to 32.0.1-jre
• Fixed "Unexpected logic in PathSupport.getPath" (issue 1682) (thanks to fucct for pull request)
• Fixed "Not able to POST xml file using Inpustream" (issue 1160) (thanks to Balasaravanan for pull request)
• Fixed "MockMvcRequestSenderImpl convertCookies function is not copying the httpOnly, sameSite and expires from the servletCookies into the cookieBuilder" (issue 1462) (thanks to Justin Tay for pull request))
• Fixed "Accept cookies that have an expiration date" (issue 1430) (thanks to Stéphane Épardaud for pull request)
• Upgraded the Kotlin extension module to use Kotlin 1.8.22
• Upgraded Groovy to 4.0.11
• Upgraded faster jackson to 2.14.3
• Upgraded Hamcrest to 2.2

v5.3.0

• Added (much) improved support for CSRF tokens when sent as a header and not in a form
• Enable the use of relaxedHTTPSValidation with two-way ssl (issue #​1631) (thanks to Mathieu Amblard for pull request)
• Lastest Spring Framework 6 is now supported again (thanks to Marcin Grzejszczak for pull request)
• Removed content assignment from asPrettyString() (thanks to Bartłomiej Chabowski for pull request)
• Allow contentType() to accept Spring MediaType in Spring MockMvc module (thanks to Hantsy Bai for pull request)
• Upgraded kotlin from 1.7.10 to 1.7.20 in the kotlin module
• Upgraded groovy from 4.0.1 to 4.0.6
• Updated jackson from version 2.13.2 to 2.13.4

v5.2.1

• Lastest Spring Framework 6 is now supported again (thanks to Marcin Grzejszczak for pull request)

v5.2.0

• Improved FilterContext used in Filters by adding the method FilterContext#hasValue(name, object). This makes it easier to check if a value exists and is equal to the expect object.

• Introducing a much improved CSRF (cross-site request forgery) support. For example:
  given().
  csrf("/users").
  formParm("firstName", "John").
  formParm("lastName", "Doe").
  when().
  post("/users").
  then().
  statusCode(200);

  This will first make a GET request to /users (due to csrf("/users")) to get an HTML page that contains the CSRF token.
  Rest Assured will then automatically try to find the input field that contains the CSRF token and include in the POST to /users.

  Here's an example of what Rest Assured expects as a response for the GET request to /users:

  <title>Add User</title>

  First Name:
  Last Name:

  The csrf input field name is called "_csrf", and it'll be automatically detected by REST Assured.

• Fixed so that form authentication takes CSRF into account. The previous form authentication CSRF implementation didn't really work (sorry!).
  Now you can combine csrf with form authentication and it actually works as expected! Note that for requests other than GET or HEAD,
  you need to specify both form authentication and csrf, e.g.

  given().
  csrf("/users").
  formParm("firstName", "John").
  formParm("lastName", "Doe").
  auth().form("j_spring_security_check", "j_username", "j_password").
  when().
  post("/users").
  then().
  statusCode(200);

  The reason for this is that the server returns a new CSRF token per request. So after the login request (with will use the CSRF token from the login page),
  REST Assured needs to make an additional GET request to /users to get a new CSRF token. This token will then finally be supplied with the "POST" request
  to "/users".

• Adds support for Multipart upload via http PATCH method (thanks to Madis Liias for pull request)

• Upgraded kotlin module to using Kotlin 1.7.10 (previously 1.6.21 was used)

v5.1.1

• Added support for Spring Framework 6.0 in Spring WebClientTest module
• Overwrite responseLogDetail when merging ResponseSpecificationImpl (issue 1493) (thanks to petur for pull request)
• Fix: rootPath does not allow chaining paths with leading operators (issue 1577) (thanks to Roman Mitasov for pull request)
• Fix: body(InputStream) does not work (issue 1480) (thanks to fedinskiy for pull request)
• Fix: jsonPath - return null if list(array) does not exists in input document (issue 1544) (thanks to Oleksandr Kulychok for pull request)
• Fix: Re-added groovy package to package imports for OSGi support (issue 1567) (thanks to Steven Huypens for pull request)
• Fix: class cast exception in RequestPrinter with byte[] body (thanks to Andreas Grub for pull request)
• Upgraded gson from 2.6.2 to 2.9.0

v5.1.0

• Upgrading kotlin to 1.6.21
• Moved package io.restassured.assertion to io.restassured.internal.assertion since the classes in this package should be internal.
  Not all files have been moved yet, but refactoring will continue in the next release.
• Added support for Spring Framework 6.0 and Jakarta API's in Spring MockMvc module.

v5.0.1

• Fixed so that with RestAssuredHttpBuilder no longer requires ResponseSpecificationImpl but rather a FilterableResponseSpecification

v5.0.0

• Breaking change: REST Assured now builds on Groovy 4!
• Excluded example projects from rest assured bom file (issue 1546)
• Updated jackson from version 2.11.1 to 2.13.2 (issue 1555)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.