Update dependency org.springframework.security:spring-security-crypto to v6.3.1 #9

Merged
Denys Konovalov merged 1 commits from renovate/version.springsec into main 2024-06-20 00:07:42 +02:00

This PR contains the following updates:

Package Type Update Change
org.springframework.security:spring-security-crypto (source) compile patch 6.3.0 -> 6.3.1

Release Notes

spring-projects/spring-security (org.springframework.security:spring-security-crypto)

v6.3.1

Compare Source

New Features

  • Clarify the behavior of Concurrent Session Management when an IdP is involved #​15071
  • Mention all required dependencies in LDAP documentation #​15245
  • Minor docs fix #​15144

🪲 Bug Fixes

  • AbstractRequestMatcherRegistry#requestMatchers should pick MvcRequestMatcher when using MockMvc #​15211
  • Assert WebSession is not null #​15179
  • DispatcherServletDelegatingRequestMatcher causes errors when running tests with MockMvc #​15197
  • Documentation clarification after #​12783 has been closed is needed. #​15208
  • Fix Java example in multitenanci.adoc #​15151
  • Fix Kotlin example in authorize-http-requests.adoc #​15129
  • Incorrect documentation for OIDC Back-Channel Logout #​15212
  • IpAddressMatcher.matches(String address) still accepts URLs #​15172
  • LDIF file on official documentation breaks the startup process #​15167
  • Link to article with remember-me-persistent-token strategy is broken #​15149
  • OpenSaml4AssertionValidator is not respecting clock skew settings #​15183
  • Resolving invalid CSRF token values is not consistent #​15186
  • spring-security/docs/modules/ROOT/pages/servlet/authorization /method-security #​15143
  • SpringOpaqueTokenIntrospector does not add scopes as granted authorities properly #​15165

🔨 Dependency Upgrades

  • Bump io.micrometer:micrometer-observation from 1.12.6 to 1.12.7 #​15225
  • Bump io.projectreactor:reactor-bom from 2023.0.6 to 2023.0.7 #​15229
  • Bump org.apache.directory.shared:shared-ldap from 0.9.15 to 0.9.19 #​15161
  • Bump org.apache.maven:maven-resolver-provider from 3.9.6 to 3.9.7 #​15168
  • Bump org.gretty:gretty from 4.1.3 to 4.1.4 #​15133
  • Bump org.hibernate.orm:hibernate-core from 6.4.8.Final to 6.4.9.Final #​15228
  • Bump org.hsqldb:hsqldb from 2.7.2 to 2.7.3 #​15193
  • Bump org.springframework.data:spring-data-bom from 2024.0.0 to 2024.0.1 #​15260
  • Bump org.springframework.ldap:spring-ldap-core from 3.2.3 to 3.2.4 #​15251
  • Bump org.springframework:spring-framework-bom from 6.1.7 to 6.1.8 #​15134
  • Bump org.springframework:spring-framework-bom from 6.1.8 to 6.1.9 #​15252

🔩 Build Updates

  • Bump @antora/collector-extension from 1.0.0-alpha.3 to 1.0.0-alpha.4 in /docs #​15159
  • Bump @springio/antora-extensions from 1.10.0 to 1.11.1 in /docs #​15141
  • Bump com.gradle.develocity from 3.17.4 to 3.17.5 #​15239
  • Bump gradle/gradle-build-action from 2 to 3 #​15157
  • Bump io-spring-javaformat from 0.0.41 to 0.0.42 #​15219
  • Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.15 to 4.33.16 #​15176
  • Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.16 to 4.33.17 #​15218
  • Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.17 to 4.33.19 #​15261
  • Bump spring-io/spring-doc-actions from 17ed79e to 5a57bcc #​15139

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​dependabot[bot] and @​theHacker


Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [org.springframework.security:spring-security-crypto](https://spring.io/projects/spring-security) ([source](https://github.com/spring-projects/spring-security)) | compile | patch | `6.3.0` -> `6.3.1` | --- ### Release Notes <details> <summary>spring-projects/spring-security (org.springframework.security:spring-security-crypto)</summary> ### [`v6.3.1`](https://github.com/spring-projects/spring-security/releases/tag/6.3.1) [Compare Source](https://github.com/spring-projects/spring-security/compare/6.3.0...6.3.1) #### :star: New Features - Clarify the behavior of Concurrent Session Management when an IdP is involved [#&#8203;15071](https://github.com/spring-projects/spring-security/issues/15071) - Mention all required dependencies in LDAP documentation [#&#8203;15245](https://github.com/spring-projects/spring-security/issues/15245) - Minor docs fix [#&#8203;15144](https://github.com/spring-projects/spring-security/issues/15144) #### :beetle: Bug Fixes - AbstractRequestMatcherRegistry#requestMatchers should pick MvcRequestMatcher when using MockMvc [#&#8203;15211](https://github.com/spring-projects/spring-security/issues/15211) - Assert WebSession is not null [#&#8203;15179](https://github.com/spring-projects/spring-security/issues/15179) - DispatcherServletDelegatingRequestMatcher causes errors when running tests with MockMvc [#&#8203;15197](https://github.com/spring-projects/spring-security/issues/15197) - Documentation clarification after [#&#8203;12783](https://github.com/spring-projects/spring-security/issues/12783) has been closed is needed. [#&#8203;15208](https://github.com/spring-projects/spring-security/issues/15208) - Fix Java example in multitenanci.adoc [#&#8203;15151](https://github.com/spring-projects/spring-security/issues/15151) - Fix Kotlin example in authorize-http-requests.adoc [#&#8203;15129](https://github.com/spring-projects/spring-security/pull/15129) - Incorrect documentation for OIDC Back-Channel Logout [#&#8203;15212](https://github.com/spring-projects/spring-security/issues/15212) - IpAddressMatcher.matches(String address) still accepts URLs [#&#8203;15172](https://github.com/spring-projects/spring-security/issues/15172) - LDIF file on official documentation breaks the startup process [#&#8203;15167](https://github.com/spring-projects/spring-security/issues/15167) - Link to article with remember-me-persistent-token strategy is broken [#&#8203;15149](https://github.com/spring-projects/spring-security/issues/15149) - OpenSaml4AssertionValidator is not respecting clock skew settings [#&#8203;15183](https://github.com/spring-projects/spring-security/issues/15183) - Resolving invalid CSRF token values is not consistent [#&#8203;15186](https://github.com/spring-projects/spring-security/issues/15186) - spring-security/docs/modules/ROOT/pages/servlet/authorization /method-security [#&#8203;15143](https://github.com/spring-projects/spring-security/issues/15143) - SpringOpaqueTokenIntrospector does not add scopes as granted authorities properly [#&#8203;15165](https://github.com/spring-projects/spring-security/issues/15165) #### :hammer: Dependency Upgrades - Bump io.micrometer:micrometer-observation from 1.12.6 to 1.12.7 [#&#8203;15225](https://github.com/spring-projects/spring-security/pull/15225) - Bump io.projectreactor:reactor-bom from 2023.0.6 to 2023.0.7 [#&#8203;15229](https://github.com/spring-projects/spring-security/pull/15229) - Bump org.apache.directory.shared:shared-ldap from 0.9.15 to 0.9.19 [#&#8203;15161](https://github.com/spring-projects/spring-security/pull/15161) - Bump org.apache.maven:maven-resolver-provider from 3.9.6 to 3.9.7 [#&#8203;15168](https://github.com/spring-projects/spring-security/pull/15168) - Bump org.gretty:gretty from 4.1.3 to 4.1.4 [#&#8203;15133](https://github.com/spring-projects/spring-security/pull/15133) - Bump org.hibernate.orm:hibernate-core from 6.4.8.Final to 6.4.9.Final [#&#8203;15228](https://github.com/spring-projects/spring-security/pull/15228) - Bump org.hsqldb:hsqldb from 2.7.2 to 2.7.3 [#&#8203;15193](https://github.com/spring-projects/spring-security/pull/15193) - Bump org.springframework.data:spring-data-bom from 2024.0.0 to 2024.0.1 [#&#8203;15260](https://github.com/spring-projects/spring-security/pull/15260) - Bump org.springframework.ldap:spring-ldap-core from 3.2.3 to 3.2.4 [#&#8203;15251](https://github.com/spring-projects/spring-security/pull/15251) - Bump org.springframework:spring-framework-bom from 6.1.7 to 6.1.8 [#&#8203;15134](https://github.com/spring-projects/spring-security/pull/15134) - Bump org.springframework:spring-framework-bom from 6.1.8 to 6.1.9 [#&#8203;15252](https://github.com/spring-projects/spring-security/pull/15252) #### :nut_and_bolt: Build Updates - Bump `@antora`/collector-extension from 1.0.0-alpha.3 to 1.0.0-alpha.4 in /docs [#&#8203;15159](https://github.com/spring-projects/spring-security/pull/15159) - Bump `@springio`/antora-extensions from 1.10.0 to 1.11.1 in /docs [#&#8203;15141](https://github.com/spring-projects/spring-security/pull/15141) - Bump com.gradle.develocity from 3.17.4 to 3.17.5 [#&#8203;15239](https://github.com/spring-projects/spring-security/pull/15239) - Bump gradle/gradle-build-action from 2 to 3 [#&#8203;15157](https://github.com/spring-projects/spring-security/pull/15157) - Bump io-spring-javaformat from 0.0.41 to 0.0.42 [#&#8203;15219](https://github.com/spring-projects/spring-security/pull/15219) - Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.15 to 4.33.16 [#&#8203;15176](https://github.com/spring-projects/spring-security/pull/15176) - Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.16 to 4.33.17 [#&#8203;15218](https://github.com/spring-projects/spring-security/pull/15218) - Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.17 to 4.33.19 [#&#8203;15261](https://github.com/spring-projects/spring-security/pull/15261) - Bump spring-io/spring-doc-actions from [`17ed79e`](https://github.com/spring-projects/spring-security/commit/17ed79ea5fbd65813c69ef1062a024d4a37ff0ca) to [`5a57bcc`](https://github.com/spring-projects/spring-security/commit/5a57bcc6a0da2a1474136cf29571b277850432bc) [#&#8203;15139](https://github.com/spring-projects/spring-security/pull/15139) #### :heart: Contributors Thank you to all the contributors who worked on this release: [@&#8203;dependabot](https://github.com/dependabot)\[bot] and [@&#8203;theHacker](https://github.com/theHacker) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MTMuMiIsInVwZGF0ZWRJblZlciI6IjM3LjQxMy4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
Renovate Bot (Automatisiert) added 1 commit 2024-06-20 00:03:35 +02:00
Denys Konovalov merged commit 1222bb7fc1 into main 2024-06-20 00:07:42 +02:00
Denys Konovalov deleted branch renovate/version.springsec 2024-06-20 00:07:43 +02:00
Sign in to join this conversation.
No description provided.