From c0fe4b917109c6167e9b096ca60be689b913d7f2 Mon Sep 17 00:00:00 2001
From: "Kevin W. Wall" <kevin.w.wall@gmail.com>
Date: Thu, 27 Jan 2022 09:43:14 -0500
Subject: [PATCH 1/2] Update README.md

Try to clarify that they are probably really looking for ESAPI 2.x at https://github.com/ESAPI/esapi-java-legacy.
---
 README.md | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 3ad453b..fde322a 100644
--- a/README.md
+++ b/README.md
@@ -7,7 +7,10 @@ Welcome to the Home of ESAPI 3.x
 
 News
 ==========
-The development of ESAPI 3 is still within the _very early_ planning stages. The code that is currently in this GitHub repo (as of 2020-07-17) is likely to be completely rewritten, possibly several times. If you wish to participate, please sign up for the Google Group "[esapi-project-dev](mailto:esapi-project-dev@owasp.org)", and feel free to start a new discussion thread. Note you MUST subscribe to the Google Group list before you may POST to it. [Subscribe to ESAPI Developers list](https://groups.google.com/a/owasp.org/forum/#!forum/esapi-project-dev/join).
+First off, if you are looking for a version of ESAPI to use with your JVM-based project, this is not the one you are looking for. Instead, you want the latest ESAPI 2.x version from [esapi-java-legacy](https://github.com/ESAPI/esapi-java-legacy). This ESAPI repo is for the development of ESAPI 3 which
+is still in the _very early_ planning stages. The code that is currently in this GitHub repo (as of 2020-07-17) is likely to be completely rewritten, possibly several times, therefore please do not bother to submit PRs or GitHub issues relating to outdated or vulnerable dependencies. ESAPI 3 has not been released, even as a Release Candidate and we will make sure all the dependencies are updated when we do get around to making RC versions available.
+
+If you wish to participate, please sign up for the Google Group "[esapi-project-dev](mailto:esapi-project-dev@owasp.org)", and feel free to start a new discussion thread. Note you MUST subscribe to the Google Group list before you may POST to it. [Subscribe to ESAPI Developers list](https://groups.google.com/a/owasp.org/forum/#!forum/esapi-project-dev/join).
 
 Notes
 ==========

From 61e4693355bf1b90a29d27149c0ab6436056ab90 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Tue, 20 Dec 2022 22:39:57 -0500
Subject: [PATCH 2/2] Update to testng 7.7.0 so dependabot stops complaing
 about vulnerabilities. (See
 https://github.com/ESAPI/esapi-java/security/dependabot/1.) Note I think this
 version of testng requires Java 11 or later. Also note that this really
 wasn't an issue because:         * The vulnerability is only with a
 dependency of scope 'test'.         * We currently have no tests anyway.

---
 pom.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index 0655b75..3b87637 100644
--- a/pom.xml
+++ b/pom.xml
@@ -147,7 +147,7 @@
         <dependency>
             <groupId>org.testng</groupId>
             <artifactId>testng</artifactId>
-            <version>6.8.5</version>
+            <version>7.7.0</version>
             <scope>test</scope>
         </dependency>
         <dependency>
@@ -158,4 +158,4 @@
         </dependency>
     </dependencies>
 
-</project>
\ No newline at end of file
+</project>