From 078769dbfffc0584248f085e66e8e1585ae258b7 Mon Sep 17 00:00:00 2001
From: Christoph Pirkl <4711730+kaklakariada@users.noreply.github.com>
Date: Wed, 8 May 2024 13:30:44 +0200
Subject: [PATCH] #570: Fixed CVE-2024-31573 (#572)

---
 doc/changes/changelog.md     |  1 +
 doc/changes/changes_4.3.1.md | 65 ++++++++++++++++++++++++++++++++++++
 parent-pom/pom.xml           | 10 +++---
 3 files changed, 71 insertions(+), 5 deletions(-)
 create mode 100644 doc/changes/changes_4.3.1.md

diff --git a/doc/changes/changelog.md b/doc/changes/changelog.md
index 3a96c1d3..0bc7384e 100644
--- a/doc/changes/changelog.md
+++ b/doc/changes/changelog.md
@@ -1,5 +1,6 @@
 # Changes
 
+* [4.3.1](changes_4.3.1.md)
 * [4.3.0](changes_4.3.0.md)
 * [4.2.0](changes_4.2.0.md)
 * [4.1.0](changes_4.1.0.md)
diff --git a/doc/changes/changes_4.3.1.md b/doc/changes/changes_4.3.1.md
new file mode 100644
index 00000000..d545e5bd
--- /dev/null
+++ b/doc/changes/changes_4.3.1.md
@@ -0,0 +1,65 @@
+# Project Keeper 4.3.1, released 2024-05-??
+
+Code name: Fix CVE-2024-31573 in `org.xmlunit:xmlunit-core:jar:2.9.1:test`
+
+## Summary
+
+This release fixes vulnerability CVE-2024-31573 in `org.xmlunit:xmlunit-core:jar:2.9.1:test`.
+
+## Security
+
+* #570: Fixed CVE-2024-31573 in `org.xmlunit:xmlunit-core:jar:2.9.1:test`
+
+## Dependency Updates
+
+### Project Keeper Core
+
+#### Compile Dependency Updates
+
+* Updated `com.exasol:project-keeper-shared-model-classes:4.3.0` to `4.3.1`
+* Updated `org.xmlunit:xmlunit-core:2.9.1` to `2.10.0`
+
+#### Runtime Dependency Updates
+
+* Updated `com.exasol:project-keeper-java-project-crawler:4.3.0` to `4.3.1`
+
+#### Test Dependency Updates
+
+* Updated `com.exasol:project-keeper-shared-test-setup:4.3.0` to `4.3.1`
+* Updated `org.xmlunit:xmlunit-matchers:2.9.1` to `2.10.0`
+
+### Project Keeper Command Line Interface
+
+#### Compile Dependency Updates
+
+* Updated `com.exasol:project-keeper-core:4.3.0` to `4.3.1`
+
+#### Test Dependency Updates
+
+* Updated `com.exasol:project-keeper-shared-test-setup:4.3.0` to `4.3.1`
+
+### Project Keeper Maven Plugin
+
+#### Compile Dependency Updates
+
+* Updated `com.exasol:project-keeper-core:4.3.0` to `4.3.1`
+
+#### Test Dependency Updates
+
+* Updated `org.xmlunit:xmlunit-matchers:2.9.1` to `2.10.0`
+
+### Project Keeper Java Project Crawler
+
+#### Compile Dependency Updates
+
+* Updated `com.exasol:project-keeper-shared-model-classes:4.3.0` to `4.3.1`
+
+#### Test Dependency Updates
+
+* Updated `org.xmlunit:xmlunit-matchers:2.9.1` to `2.10.0`
+
+### Project Keeper Shared Test Setup
+
+#### Compile Dependency Updates
+
+* Updated `com.exasol:project-keeper-shared-model-classes:4.3.0` to `4.3.1`
diff --git a/parent-pom/pom.xml b/parent-pom/pom.xml
index 8cf80252..7958df57 100644
--- a/parent-pom/pom.xml
+++ b/parent-pom/pom.xml
@@ -28,13 +28,13 @@
         </repository>
     </distributionManagement>
     <properties>
-        <revision>4.3.0</revision>
+        <revision>4.3.1</revision>
         <!-- Integration test ProjectKeeperMojoIT starts a Maven build which requires Java 17. -->
         <java.version>17</java.version>
         <maven.version>3.9.6</maven.version>
         <minimum.maven.version>3.6.3</minimum.maven.version>
         <junit.version>5.10.2</junit.version>
-        <xmlunit.version>2.9.1</xmlunit.version>
+        <xmlunit.version>2.10.0</xmlunit.version>
         <mockito.version>5.11.0</mockito.version>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
@@ -84,12 +84,12 @@
                 <!-- Upgrade transitive dependency of org.eclipse:yasson to fix CVE-2023-4043 -->
                 <groupId>org.eclipse.parsson</groupId>
                 <artifactId>parsson</artifactId>
-                <version>1.1.5</version>
+                <version>1.1.6</version>
             </dependency>
             <dependency>
                 <groupId>org.apache.maven.plugin-tools</groupId>
                 <artifactId>maven-plugin-annotations</artifactId>
-                <version>3.12.0</version>
+                <version>3.13.0</version>
                 <scope>provided</scope>
             </dependency>
             <dependency>
@@ -248,7 +248,7 @@
             <dependency>
                 <groupId>org.itsallcode</groupId>
                 <artifactId>hamcrest-auto-matcher</artifactId>
-                <version>0.6.0</version>
+                <version>0.7.0</version>
                 <scope>test</scope>
             </dependency>
         </dependencies>