Update dependency org.springframework.security:spring-security-crypto to v6.3.0 #7

Renovate Bot (Automatisiert) · 2024-06-15T15:35:50+02:00

2024-06-15 15:35:50 +02:00

This PR contains the following updates:

Package	Type	Update	Change
org.springframework.security:spring-security-crypto (source)	compile	minor	`6.2.3` -> `6.3.0`

Release Notes

spring-projects/spring-security (org.springframework.security:spring-security-crypto)

`v6.3.0`

Compare Source

⭐ New Features

Add getters to OAuth2AuthorizedClientId #13648
Add timeout defaults to JwtDecoders #14890
doc: added hint to declare GrantedAuthorityDefaults as infrastructure bean #15065
Improve logging for Global Authentication #14711
Minor docs fix #15043
Minor Documentation update on import needed for using Kotlin DSL #14969
OAuth2 Client Authentication docs are incomplete #14982
Proofread CasAuthenticationFilter documentation #14883
Replace "Spring Boot 2.x" with "Spring Boot" #14919
Simplify Disabling application/x-www-form-urlencoded Encoding Client ID and Secret #14859
Support Specifying Identifier for relying-party-registrations Element #14487
Update What's New in 6.3 #14918

🪲 Bug Fixes

Do Not Invalidate Current Session When Its Registered #15066
Fix MethodAuthorizationDeniedPostProcessor does not exist in java doc #14955
fix docs error in AuthenticatedReactiveAuthorizationManager #14979
OIDC Logout section is not shown in the navbar #15113
Wrong information for RequestCacheAwareFilter in the Spring Security documentation. #14996

🔨 Dependency Upgrades

Bump ch.qos.logback:logback-classic from 1.5.5 to 1.5.6 #14926
Bump com.fasterxml.jackson:jackson-bom from 2.17.0 to 2.17.1 #15010
Bump com.gradle.develocity from 3.17.2 to 3.17.3 #15051
Bump com.gradle.develocity from 3.17.3 to 3.17.4 #15104
Bump io.micrometer:micrometer-observation from 1.12.5 to 1.12.6 #15068
Bump io.mockk:mockk from 1.13.10 to 1.13.11 #15086
Bump io.projectreactor:reactor-bom from 2023.0.5 to 2023.0.6 #15076
Bump org-apache-maven-resolver from 1.9.18 to 1.9.19 #14940
Bump org-apache-maven-resolver from 1.9.19 to 1.9.20 #14987
Bump org-aspectj from 1.9.22 to 1.9.22.1 #15052
Bump org-bouncycastle from 1.78 to 1.78.1 #14929
Bump org-eclipse-jetty from 11.0.20 to 11.0.21 #15087
Bump org.hibernate.orm:hibernate-core from 6.4.4.Final to 6.4.5.Final #14948
Bump org.hibernate.orm:hibernate-core from 6.4.5.Final to 6.4.6.Final #14952
Bump org.hibernate.orm:hibernate-core from 6.4.6.Final to 6.4.7.Final #14962
Bump org.hibernate.orm:hibernate-core from 6.4.7.Final to 6.4.8.Final #14980
Bump org.jetbrains.kotlin:kotlin-bom from 1.9.23 to 1.9.24 #15025
Bump org.jetbrains.kotlin:kotlin-gradle-plugin from 1.9.23 to 1.9.24 #15026
Bump org.jetbrains.kotlinx:kotlinx-coroutines-bom from 1.8.0 to 1.8.1 #15053
Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.13 to 4.33.15 #14945
Bump org.springframework.data:spring-data-bom from 2024.0.0-RC1 to 2024.0.0 #15103
Bump org.springframework:spring-framework-bom from 6.1.6 to 6.1.7 #15088

🔩 Build Updates

Attach Antora Docs to Pull Requests #15061
Bump com.github.spullara.mustache.java:compiler from 0.9.11 to 0.9.12 #14986
Bump com.github.spullara.mustache.java:compiler from 0.9.12 to 0.9.13 #14999
Bump io.spring.ge.conventions from 0.0.16 to 0.0.17 #14963
Bump io.spring.gradle:spring-security-release-plugin from 1.0.2 to 1.0.3 #14928
Consider Adding a Build Updates section to the release changelog #15039

❤️ Contributors

Thank you to all the contributors who worked on this release:

@Crain-32, @Kehrlann, @MrJovanovic13, @ch4mpy, @dependabot[bot], @joaquinjsb, @kse-music, @madorb, @rishiraj88, and @vvaadd

`v6.2.4`

Compare Source

🪲 Bug Fixes

SpaCsrfTokenRequestHandler(Kotlin) documented in csrf-integration-javascript-spa causes NullPointerException #14805
Address AuthorizationObservationConvention Package Tangle #14795
bug org.springframework.security.oauth2.server.resource.introspection.SpringOpaqueTokenIntrospector introspect method error #14848
Transactional annotation breaks AOT for native image #14865

🔨 Dependency Upgrades

Bump io.micrometer:micrometer-observation from 1.12.4 to 1.12.5 #14867
Bump io.projectreactor:reactor-bom from 2023.0.4 to 2023.0.5 #14873
Bump io.spring.ge.conventions from 0.0.15 to 0.0.16 #14821
Bump io.spring.gradle:spring-security-release-plugin from 1.0.1 to 1.0.2 #14786
Bump org-aspectj from 1.9.21.2 to 1.9.22 #14798
Bump org.slf4j:slf4j-api from 2.0.12 to 2.0.13 #14907
Bump org.springframework.data:spring-data-bom from 2023.1.4 to 2023.1.5 #14908
Bump org.springframework.ldap:spring-ldap-core from 3.2.2 to 3.2.3 #14896
Bump org.springframework:spring-framework-bom from 6.1.5 to 6.1.6 #14895
Update org.opensaml:opensaml-core4 to 4.3.1 #14850

❤️ Contributors

Thank you to all the contributors who worked on this release:

@dependabot[bot]

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [org.springframework.security:spring-security-crypto](https://spring.io/projects/spring-security) ([source](https://github.com/spring-projects/spring-security)) | compile | minor | `6.2.3` -> `6.3.0` | --- ### Release Notes <details> <summary>spring-projects/spring-security (org.springframework.security:spring-security-crypto)</summary> ### [`v6.3.0`](https://github.com/spring-projects/spring-security/releases/tag/6.3.0) [Compare Source](https://github.com/spring-projects/spring-security/compare/6.2.4...6.3.0) #### :star: New Features - Add getters to `OAuth2AuthorizedClientId` [#13648](https://github.com/spring-projects/spring-security/pull/13648) - Add timeout defaults to JwtDecoders [#14890](https://github.com/spring-projects/spring-security/pull/14890) - doc: added hint to declare GrantedAuthorityDefaults as infrastructure bean [#15065](https://github.com/spring-projects/spring-security/issues/15065) - Improve logging for Global Authentication [#14711](https://github.com/spring-projects/spring-security/pull/14711) - Minor docs fix [#15043](https://github.com/spring-projects/spring-security/pull/15043) - Minor Documentation update on import needed for using Kotlin DSL [#14969](https://github.com/spring-projects/spring-security/pull/14969) - OAuth2 Client Authentication docs are incomplete [#14982](https://github.com/spring-projects/spring-security/issues/14982) - Proofread CasAuthenticationFilter documentation [#14883](https://github.com/spring-projects/spring-security/pull/14883) - Replace "Spring Boot 2.x" with "Spring Boot" [#14919](https://github.com/spring-projects/spring-security/pull/14919) - Simplify Disabling application/x-www-form-urlencoded Encoding Client ID and Secret [#14859](https://github.com/spring-projects/spring-security/pull/14859) - Support Specifying Identifier for relying-party-registrations Element [#14487](https://github.com/spring-projects/spring-security/issues/14487) - Update What's New in 6.3 [#14918](https://github.com/spring-projects/spring-security/issues/14918) #### :beetle: Bug Fixes - Do Not Invalidate Current Session When Its Registered [#15066](https://github.com/spring-projects/spring-security/pull/15066) - Fix MethodAuthorizationDeniedPostProcessor does not exist in java doc [#14955](https://github.com/spring-projects/spring-security/pull/14955) - fix docs error in AuthenticatedReactiveAuthorizationManager [#14979](https://github.com/spring-projects/spring-security/pull/14979) - OIDC Logout section is not shown in the navbar [#15113](https://github.com/spring-projects/spring-security/issues/15113) - Wrong information for RequestCacheAwareFilter in the Spring Security documentation. [#14996](https://github.com/spring-projects/spring-security/issues/14996) #### :hammer: Dependency Upgrades - Bump ch.qos.logback:logback-classic from 1.5.5 to 1.5.6 [#14926](https://github.com/spring-projects/spring-security/pull/14926) - Bump com.fasterxml.jackson:jackson-bom from 2.17.0 to 2.17.1 [#15010](https://github.com/spring-projects/spring-security/pull/15010) - Bump com.gradle.develocity from 3.17.2 to 3.17.3 [#15051](https://github.com/spring-projects/spring-security/pull/15051) - Bump com.gradle.develocity from 3.17.3 to 3.17.4 [#15104](https://github.com/spring-projects/spring-security/pull/15104) - Bump io.micrometer:micrometer-observation from 1.12.5 to 1.12.6 [#15068](https://github.com/spring-projects/spring-security/pull/15068) - Bump io.mockk:mockk from 1.13.10 to 1.13.11 [#15086](https://github.com/spring-projects/spring-security/pull/15086) - Bump io.projectreactor:reactor-bom from 2023.0.5 to 2023.0.6 [#15076](https://github.com/spring-projects/spring-security/pull/15076) - Bump org-apache-maven-resolver from 1.9.18 to 1.9.19 [#14940](https://github.com/spring-projects/spring-security/pull/14940) - Bump org-apache-maven-resolver from 1.9.19 to 1.9.20 [#14987](https://github.com/spring-projects/spring-security/pull/14987) - Bump org-aspectj from 1.9.22 to 1.9.22.1 [#15052](https://github.com/spring-projects/spring-security/pull/15052) - Bump org-bouncycastle from 1.78 to 1.78.1 [#14929](https://github.com/spring-projects/spring-security/pull/14929) - Bump org-eclipse-jetty from 11.0.20 to 11.0.21 [#15087](https://github.com/spring-projects/spring-security/pull/15087) - Bump org.hibernate.orm:hibernate-core from 6.4.4.Final to 6.4.5.Final [#14948](https://github.com/spring-projects/spring-security/pull/14948) - Bump org.hibernate.orm:hibernate-core from 6.4.5.Final to 6.4.6.Final [#14952](https://github.com/spring-projects/spring-security/pull/14952) - Bump org.hibernate.orm:hibernate-core from 6.4.6.Final to 6.4.7.Final [#14962](https://github.com/spring-projects/spring-security/pull/14962) - Bump org.hibernate.orm:hibernate-core from 6.4.7.Final to 6.4.8.Final [#14980](https://github.com/spring-projects/spring-security/pull/14980) - Bump org.jetbrains.kotlin:kotlin-bom from 1.9.23 to 1.9.24 [#15025](https://github.com/spring-projects/spring-security/pull/15025) - Bump org.jetbrains.kotlin:kotlin-gradle-plugin from 1.9.23 to 1.9.24 [#15026](https://github.com/spring-projects/spring-security/pull/15026) - Bump org.jetbrains.kotlinx:kotlinx-coroutines-bom from 1.8.0 to 1.8.1 [#15053](https://github.com/spring-projects/spring-security/pull/15053) - Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.13 to 4.33.15 [#14945](https://github.com/spring-projects/spring-security/pull/14945) - Bump org.springframework.data:spring-data-bom from 2024.0.0-RC1 to 2024.0.0 [#15103](https://github.com/spring-projects/spring-security/pull/15103) - Bump org.springframework:spring-framework-bom from 6.1.6 to 6.1.7 [#15088](https://github.com/spring-projects/spring-security/pull/15088) #### :nut_and_bolt: Build Updates - Attach Antora Docs to Pull Requests [#15061](https://github.com/spring-projects/spring-security/issues/15061) - Bump com.github.spullara.mustache.java:compiler from 0.9.11 to 0.9.12 [#14986](https://github.com/spring-projects/spring-security/pull/14986) - Bump com.github.spullara.mustache.java:compiler from 0.9.12 to 0.9.13 [#14999](https://github.com/spring-projects/spring-security/pull/14999) - Bump io.spring.ge.conventions from 0.0.16 to 0.0.17 [#14963](https://github.com/spring-projects/spring-security/pull/14963) - Bump io.spring.gradle:spring-security-release-plugin from 1.0.2 to 1.0.3 [#14928](https://github.com/spring-projects/spring-security/pull/14928) - Consider Adding a Build Updates section to the release changelog [#15039](https://github.com/spring-projects/spring-security/issues/15039) #### :heart: Contributors Thank you to all the contributors who worked on this release: [@Crain-32](https://github.com/Crain-32), [@Kehrlann](https://github.com/Kehrlann), [@MrJovanovic13](https://github.com/MrJovanovic13), [@ch4mpy](https://github.com/ch4mpy), [@dependabot](https://github.com/dependabot)\[bot], [@joaquinjsb](https://github.com/joaquinjsb), [@kse-music](https://github.com/kse-music), [@madorb](https://github.com/madorb), [@rishiraj88](https://github.com/rishiraj88), and [@vvaadd](https://github.com/vvaadd) ### [`v6.2.4`](https://github.com/spring-projects/spring-security/releases/tag/6.2.4) [Compare Source](https://github.com/spring-projects/spring-security/compare/6.2.3...6.2.4) #### :beetle: Bug Fixes - SpaCsrfTokenRequestHandler(Kotlin) documented in csrf-integration-javascript-spa causes NullPointerException [#14805](https://github.com/spring-projects/spring-security/issues/14805) - Address AuthorizationObservationConvention Package Tangle [#14795](https://github.com/spring-projects/spring-security/issues/14795) - bug org.springframework.security.oauth2.server.resource.introspection.SpringOpaqueTokenIntrospector introspect method error [#14848](https://github.com/spring-projects/spring-security/issues/14848) - Transactional annotation breaks AOT for native image [#14865](https://github.com/spring-projects/spring-security/issues/14865) #### :hammer: Dependency Upgrades - Bump io.micrometer:micrometer-observation from 1.12.4 to 1.12.5 [#14867](https://github.com/spring-projects/spring-security/pull/14867) - Bump io.projectreactor:reactor-bom from 2023.0.4 to 2023.0.5 [#14873](https://github.com/spring-projects/spring-security/pull/14873) - Bump io.spring.ge.conventions from 0.0.15 to 0.0.16 [#14821](https://github.com/spring-projects/spring-security/pull/14821) - Bump io.spring.gradle:spring-security-release-plugin from 1.0.1 to 1.0.2 [#14786](https://github.com/spring-projects/spring-security/pull/14786) - Bump org-aspectj from 1.9.21.2 to 1.9.22 [#14798](https://github.com/spring-projects/spring-security/pull/14798) - Bump org.slf4j:slf4j-api from 2.0.12 to 2.0.13 [#14907](https://github.com/spring-projects/spring-security/pull/14907) - Bump org.springframework.data:spring-data-bom from 2023.1.4 to 2023.1.5 [#14908](https://github.com/spring-projects/spring-security/pull/14908) - Bump org.springframework.ldap:spring-ldap-core from 3.2.2 to 3.2.3 [#14896](https://github.com/spring-projects/spring-security/pull/14896) - Bump org.springframework:spring-framework-bom from 6.1.5 to 6.1.6 [#14895](https://github.com/spring-projects/spring-security/pull/14895) - Update org.opensaml:opensaml-core4 to 4.3.1 [#14850](https://github.com/spring-projects/spring-security/issues/14850) #### :heart: Contributors Thank you to all the contributors who worked on this release: [@dependabot](https://github.com/dependabot)\[bot] </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).

Renovate Bot (Automatisiert) added 1 commit 2024-06-15 15:35:51 +02:00

Update dependency org.springframework.security:spring-security-crypto to v6.3.0 02a2549e9e

Renovate Bot (Automatisiert) force-pushed renovate/version.springsec from 02a2549e9e to 97bee7d209

2024-06-15 15:51:24 +02:00

Compare

Denys Konovalov merged commit 54ad89fbdd into main

2024-06-15 15:51:59 +02:00

Denys Konovalov deleted branch renovate/version.springsec

2024-06-15 15:51:59 +02:00

Denys Konovalov referenced this issue from a commit

2024-06-15 15:51:59 +02:00

Merge pull request 'Update dependency org.springframework.security:spring-security-crypto to v6.3.0' (#7) from renovate/version.springsec into main