Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(deps): update dependency org.springframework.security:spring-security-crypto to v6.2.0 #723

Merged
merged 1 commit into from
Nov 30, 2023

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Oct 16, 2023

Mend Renovate logo banner

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
org.springframework.security:spring-security-crypto (source) 6.1.4 -> 6.2.0 age adoption passing confidence

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.


Release Notes

spring-projects/spring-security (org.springframework.security:spring-security-crypto)

v6.2.0

Compare Source

⭐ New Features

  • AuthorizationManager[Before/After]ReactiveMethodInterceptor doesn't support Kotlin coroutines #​12080
  • Simplify configuration of OAuth2 Client component model #​11783

🪲 Bug Fixes

  • On Cancel, ObservationWebFilterDecorator Starts After-Filter Span without Stopping It #​14064
  • Authentication not propagated correctly after migrating to SB3 #​14112
  • Authorization does not show up on Features section #​14105
  • Fix obsolete comment and typos #​14060
  • Fix typo in documentation #​14130
  • improve render in headers.adoc #​14102
  • ReactiveRemoteJWKSource caches invalid response status into jwkSetURL #​14042
  • References to WebFlux docs do not link to them #​14108
  • relay_state should not be included in signing calculation when it is null #​14039
  • samesite set by Tomcat CookieProcessor ignored when creating XSRF-TOKEN cookie in CsrfTokenRepository #​14138
  • Security configuration is failed to be initialized in a Servlet 6.0 container #​14166
  • Spring Security documentation confuses "idempotent" with "read-only" in CSRF section #​14115
  • Spring Security metric names should not contain dashes #​14067
  • spring.security counters inaccurate due onComplete and cancel() #​14147
  • The latest "OAuth2AuthorizedClientManager" class is not AOT ready #​14094
  • UnboundIdContainer should be marked as not running at shutdown #​14095

🔨 Dependency Upgrades

  • Bump io-spring-javaformat from 0.0.39 to 0.0.40 #​14156
  • Bump io.micrometer:micrometer-observation from 1.12.0-RC1 to 1.12.0 #​14135
  • Bump io.projectreactor:reactor-bom from 2023.0.0-RC1 to 2023.0.0 #​14145
  • Bump org.junit:junit-bom from 5.10.0 to 5.10.1 #​14097
  • Bump org.springframework.data:spring-data-bom from 2023.1.0-RC1 to 2023.1.0 #​14172
  • Bump org.springframework.ldap:spring-ldap-core from 3.2.0-RC1 to 3.2.0 #​14155
  • Bump org.springframework:spring-framework-bom from 6.1.0-RC1 to 6.1.0-RC2 #​14055
  • Bump org.springframework:spring-framework-bom from 6.1.0-RC2 to 6.1.0 #​14157

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

v6.1.5

Compare Source

⭐ New Features
  • Document how to publish an AuthenticationManager @Bean without WebSecurityConfigurerAdapter #​14015
  • Replace deprecated method #​13649
  • Use Gradle's Version Catalog #​13871
🪲 Bug Fixes
  • Dependency convergence failed: nimbus-jose-jwt #​13843
  • Docs custom AuthorizationManager fix #​13991
  • Fix snapshot_tests on CI workflow #​13878
  • Fix parsing of GET SAML logout requests #​13970
  • Saml-Metadata with special characters is corrupted #​13861
  • Saml2LogoutRequestMixin relayState property should be binding #​13942
🔨 Dependency Upgrades
  • Bump com.github.spullara.mustache.java:compiler from 0.9.10 to 0.9.11 #​13984
  • Bump com.github.spullara.mustache.java:compiler from 0.9.4 to 0.9.10 #​13891
  • Bump com.google.code.gson:gson from 2.8.6 to 2.8.9 #​13950
  • Bump com.gradle.enterprise from 3.12.3 to 3.12.6 #​13934
  • Bump com.unboundid:unboundid-ldapsdk from 6.0.9 to 6.0.10 #​13903
  • Bump Gradle Wrapper from 8.3 to 8.4 #​13974
  • Bump io.freefair.gradle:aspectj-plugin from 6.6-rc1 to 6.6.3 #​13935
  • Bump io.micrometer:micrometer-observation from 1.10.10 to 1.10.11 #​13945
  • Bump io.micrometer:micrometer-observation from 1.10.11 to 1.10.12 #​14001
  • Bump io.mockk:mockk from 1.13.7 to 1.13.8 #​13952
  • Bump io.projectreactor:reactor-bom from 2022.0.10 to 2022.0.11 #​13937
  • Bump io.projectreactor:reactor-bom from 2022.0.11 to 2022.0.12 #​14000
  • Bump io.spring.ge.conventions from 0.0.7 to 0.0.14 #​13985
  • Bump jakarta.xml.bind:jakarta.xml.bind-api from 4.0.0 to 4.0.1 #​13949
  • Bump org-aspectj from 1.9.20 to 1.9.20.1 #​13896
  • Bump org-eclipse-jetty from 11.0.15 to 11.0.16 #​13901
  • Bump org-eclipse-jetty from 11.0.16 to 11.0.17 #​13999
  • Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.29.0 to 4.29.4 #​13953
  • Bump org.slf4j:slf4j-api from 2.0.7 to 2.0.9 #​13938
  • Bump org.springframework.data:spring-data-bom from 2022.0.10 to 2022.0.11 #​14019
  • Bump org.springframework.data:spring-data-bom from 2022.0.9 to 2022.0.10 #​13951
  • Bump org.springframework.ldap:spring-ldap-core from 3.0.5 to 3.0.6 #​14007
  • Bump org.springframework:spring-framework-bom from 6.0.11 to 6.0.12 #​13904
  • Bump org.springframework:spring-framework-bom from 6.0.12 to 6.0.13 #​14006
  • Update to org.apereo.cas.client:cas-client-core 4.0.3 #​13947
❤️ Contributors

We'd like to thank all the contributors who worked on this release!


Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@sweep-ai
Copy link

sweep-ai bot commented Oct 16, 2023

Apply Sweep Rules to your PR?

  • Apply: Leftover TODOs in the code should be handled.
  • Apply: All new business logic should have corresponding unit tests in the tests/ directory.
  • Apply: Any clearly inefficient or repeated code should be optimized or refactored.

@renovate renovate bot changed the title fix(deps): update dependency org.springframework.security:spring-security-crypto to v6.1.5 fix(deps): update dependency org.springframework.security:spring-security-crypto to v6.2.0 Nov 20, 2023
@renovate renovate bot force-pushed the renovate/spring-security branch from 3ac3115 to 3674d86 Compare November 20, 2023 16:19
@FireMasterK FireMasterK merged commit 60d1e4d into master Nov 30, 2023
11 checks passed
@FireMasterK FireMasterK deleted the renovate/spring-security branch November 30, 2023 03:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant