JUnit Secuirty Vulnerability

[marshmallowrobot]

Summary

Dependabot has identified several security vulnerabilities in the 3rd party libraries Pacbot relies on. In most cases, these vulnerabilities can be resolved by upgrading the library to the most current version.

Maintainers, if you're internal to T-Mobile, you should have been seeing these security alerts coming in over the last several weeks. Please respond to these in a timely manner.

Vulnerable versions: >= 4.7, < 4.13.1 | Patched version: 4.13.1 | Upgrade junit:junit to version 4.13.1 or later

If upgrading this dependency is not possible at the moment, please respond to this with a series of issues (or story cards in a project) that break down the code issues and describe a possible fix. If these are visible, your community can help resolve them quickly.

Patching

Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using.

- Java 1.7 and higher users: this vulnerability is fixed in 4.13.1.
- Java 1.6 and lower users: no patch is available, you must use the workaround below.

Workarounds

If you are unable to patch, or are stuck running on Java 1.6, specifying the java.io.tmpdir system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability.

[matthewjtum]

This was resolved by Merge pull request #93

[albertlinmao]

This was resolved by merge PR #93

[albertlinmao]

This was resolved by merge PR #93

[albertlinmao]

This was resolved by merge PR #93