Skip to content

[backend] Update dependency org.springframework.security:spring-security-crypto to v6.5.0 (release/current) #3204

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: release/current
Choose a base branch
from
Open

[backend] Update dependency org.springframework.security:spring-security-crypto to v6.5.0 (release/current) #3204

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented May 20, 2025

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
org.springframework.security:spring-security-crypto (source) 6.4.5 -> 6.5.0 age adoption passing confidence

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

spring-projects/spring-security (org.springframework.security:spring-security-crypto)

v6.5.0

Compare Source

⭐ New Features

  • Add documentation for DPoP support #​17072
  • Add logging to CsrfTokenRequestHandler implementations #​16994
  • Add mapping for DPoP in DefaultMapOAuth2AccessTokenResponseConverter #​16806
  • Bump Gradle Wrapper from 8.13 to 8.14 #​17018
  • ClientRegistrations.fromIssuerLocation does not include failure information #​17015
  • Fix Typo In SubjectDnX509PrincipalExtractorTests #​16997
  • Implement internal cache in JtiClaimValidator #​17107
  • Polish javadoc #​16924
  • Remove unused classes #​16935
  • Replace NimbusOpaqueTokenIntrospector with SpringOpaqueTokenIntrospector in Documentation #​16962
  • RequestHeaderAuthenticationFilter creates a session even if not configured to do so #​17147

🪲 Bug Fixes

  • Add FunctionalInterface To X509PrincipalExtractor #​16952
  • Change NonNull import from reactor to spring #​16571
  • Fix DPoP jkt claim to be JWK SHA-256 thumbprint #​17080
  • Minor error in the Handling Logouts documentation #​17049
  • SecurityAnnotationScanner's method comparison should use .equals #​17145
  • Use proper configuration key in Opaque Token documentation #​17014

🔨 Dependency Upgrades

  • Bump com.fasterxml.jackson:jackson-bom from 2.18.3 to 2.18.4 #​17069
  • Bump com.fasterxml.jackson:jackson-bom from 2.18.3 to 2.19.0 #​16995
  • Bump com.google.code.gson:gson from 2.13.0 to 2.13.1 #​16990
  • Bump com.webauthn4j:webauthn4j-core from 0.29.0.RELEASE to 0.29.1.RELEASE #​17024
  • Bump com.webauthn4j:webauthn4j-core from 0.29.1.RELEASE to 0.29.2.RELEASE #​17095
  • Bump io.micrometer:micrometer-observation from 1.14.6 to 1.14.7 #​17096
  • Bump io.mockk:mockk from 1.14.0 to 1.14.2 #​17019
  • Bump io.projectreactor:reactor-bom from 2023.0.17 to 2023.0.18 #​17111
  • Bump io.spring.gradle:spring-security-release-plugin from 1.0.5 to 1.0.6 #​17040
  • Bump org-apache-maven-resolver from 1.9.22 to 1.9.23 #​17088
  • Bump org-eclipse-jetty from 11.0.24 to 11.0.25 #​16761
  • Bump org.hibernate.orm:hibernate-core from 6.6.13.Final to 6.6.14.Final #​17089
  • Bump org.hibernate.orm:hibernate-core from 6.6.14.Final to 6.6.15.Final #​17105
  • Bump org.seleniumhq.selenium:selenium-java from 4.31.0 to 4.32.0 #​17037
  • Bump org.springframework.data:spring-data-bom from 2024.1.4 to 2024.1.5 #​16981
  • Bump org.springframework.data:spring-data-bom from 2024.1.5 to 2024.1.6 #​17137
  • Bump org.springframework:spring-framework-bom from 6.2.6 to 6.2.7 #​17124

🔩 Build Updates

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​dkowis, @​franticticktick, @​hammadirshad, @​jearton, @​ngocnhan-tran1996, @​quaff, and @​yybmion

v6.4.6

Compare Source

⭐ New Features

  • Bump Gradle Wrapper from 8.13 to 8.14 #​17017
  • ClientRegistrations.fromIssuerLocation does not include failure information #​17016
  • RequestHeaderAuthenticationFilter creates a session even if not configured to do so #​17146

🪲 Bug Fixes

  • Clear Site Data references non-existent constructor #​17034
  • Ensure Serializable Components Have Serialization Sample #​17038
  • Minor error in the Handling Logouts documentation #​17048
  • NPE in BaseOpenSamlAuthenticationProvider #​17008
  • SecurityAnnotationScanner's method comparison should use .equals #​17143
  • StrictFirewallServerWebExchange should still protect when request is mutated #​17032
  • Use proper configuration key in Opaque Token documentation #​17013

🔨 Dependency Upgrades

  • Bump com.fasterxml.jackson:jackson-bom from 2.18.3 to 2.18.4 #​17065
  • Bump io.micrometer:micrometer-observation from 1.14.6 to 1.14.7 #​17094
  • Bump io.projectreactor:reactor-bom from 2023.0.17 to 2023.0.18 #​17110
  • Bump io.spring.gradle:spring-security-release-plugin from 1.0.5 to 1.0.6 #​17042
  • Bump org-apache-maven-resolver from 1.9.22 to 1.9.23 #​17086
  • Bump org.hibernate.orm:hibernate-core from 6.6.13.Final to 6.6.14.Final #​17087
  • Bump org.hibernate.orm:hibernate-core from 6.6.14.Final to 6.6.15.Final #​17103
  • Bump org.springframework.data:spring-data-bom from 2024.1.4 to 2024.1.5 #​16983
  • Bump org.springframework:spring-framework-bom from 6.2.6 to 6.2.7 #​17121

🔩 Build Updates

Configuration

📅 Schedule: Branch creation - "after 10pm every weekday,every weekend,before 5am every weekday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added dependencies use for pull requests that update a dependency file filigran team use to identify PR from the Filigran team labels May 20, 2025
@codecov Codecov
Copy link

codecov bot commented May 20, 2025

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 42.03%. Comparing base (8e87385) to head (389693f).

Additional details and impacted files 
@@                Coverage Diff                 @@
##             release/current    #3204   +/-   ##
==================================================
  Coverage              42.03%   42.03%           
  Complexity              2462     2462           
==================================================
  Files                    702      702           
  Lines                  21761    21761           
  Branches                1480     1480           
==================================================
  Hits                    9148     9148           
  Misses                 12110    12110           
  Partials                 503      503

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies use for pull requests that update a dependency file filigran team use to identify PR from the Filigran team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants