chore(deps-dev): bump spring-security.version from 6.4.5 to 6.5.0 in /aws-serverless-java-container-spring #1449

dependabot · 2025-05-26T04:36:33Z

Bumps spring-security.version from 6.4.5 to 6.5.0.
Updates org.springframework.security:spring-security-config from 6.4.5 to 6.5.0

Release notes

Sourced from org.springframework.security:spring-security-config's releases.

6.5.0

⭐ New Features

Add documentation for DPoP support #17072

Add logging to CsrfTokenRequestHandler implementations #16994

Add mapping for DPoP in DefaultMapOAuth2AccessTokenResponseConverter #16806

Bump Gradle Wrapper from 8.13 to 8.14 #17018

ClientRegistrations.fromIssuerLocation does not include failure information #17015

Fix Typo In SubjectDnX509PrincipalExtractorTests #16997

Implement internal cache in JtiClaimValidator #17107

Polish javadoc #16924

Remove unused classes #16935

Replace NimbusOpaqueTokenIntrospector with SpringOpaqueTokenIntrospector in Documentation #16962

RequestHeaderAuthenticationFilter creates a session even if not configured to do so #17147

🪲 Bug Fixes

Add FunctionalInterface To X509PrincipalExtractor #16952

Change NonNull import from reactor to spring #16571

Fix DPoP jkt claim to be JWK SHA-256 thumbprint #17080

Minor error in the Handling Logouts documentation #17049

SecurityAnnotationScanner's method comparison should use .equals #17145

Use proper configuration key in Opaque Token documentation #17014

🔨 Dependency Upgrades

Bump com.fasterxml.jackson:jackson-bom from 2.18.3 to 2.18.4 #17069

Bump com.fasterxml.jackson:jackson-bom from 2.18.3 to 2.19.0 #16995

Bump com.google.code.gson:gson from 2.13.0 to 2.13.1 #16990

Bump com.webauthn4j:webauthn4j-core from 0.29.0.RELEASE to 0.29.1.RELEASE #17024

Bump com.webauthn4j:webauthn4j-core from 0.29.1.RELEASE to 0.29.2.RELEASE #17095

Bump io.micrometer:micrometer-observation from 1.14.6 to 1.14.7 #17096

Bump io.mockk:mockk from 1.14.0 to 1.14.2 #17019

Bump io.projectreactor:reactor-bom from 2023.0.17 to 2023.0.18 #17111

Bump io.spring.gradle:spring-security-release-plugin from 1.0.5 to 1.0.6 #17040

Bump org-apache-maven-resolver from 1.9.22 to 1.9.23 #17088

Bump org-eclipse-jetty from 11.0.24 to 11.0.25 #16761

Bump org.hibernate.orm:hibernate-core from 6.6.13.Final to 6.6.14.Final #17089

Bump org.hibernate.orm:hibernate-core from 6.6.14.Final to 6.6.15.Final #17105

Bump org.seleniumhq.selenium:selenium-java from 4.31.0 to 4.32.0 #17037

Bump org.springframework.data:spring-data-bom from 2024.1.4 to 2024.1.5 #16981

Bump org.springframework.data:spring-data-bom from 2024.1.5 to 2024.1.6 #17137

Bump org.springframework:spring-framework-bom from 6.2.6 to 6.2.7 #17124

🔩 Build Updates

Release 6.5.0 #17138

❤️ Contributors

... (truncated)

Commits

0fd0e93 Release 6.5.0
78dd02a Merge branch '6.4.x' into 6.5.x
edc8735 Merge branch '6.3.x' into 6.4.x
cae3467 Improve AbstractPreAuthenticatedProcessingFilter docs
9a8f9a9 Merge branch '6.4.x' into 6.5.x
c972de5 Use .equals to Compare Methods
bf2aaa1 Use .equals to Compare Methods
6fb0591 Merge branch 'gradle/6.5.x/org.springframework.data-spring-data-bom-2024.1.6'...
390972c Merge branch '6.4.x' into 6.5.x
3690517 Merge branch 'gradle/6.4.x/org.springframework.data-spring-data-bom-2024.1.6'...
Additional commits viewable in compare view

Updates org.springframework.security:spring-security-web from 6.4.5 to 6.5.0

Release notes

Sourced from org.springframework.security:spring-security-web's releases.

6.5.0

⭐ New Features

Add documentation for DPoP support #17072

Add logging to CsrfTokenRequestHandler implementations #16994

Add mapping for DPoP in DefaultMapOAuth2AccessTokenResponseConverter #16806

Bump Gradle Wrapper from 8.13 to 8.14 #17018

ClientRegistrations.fromIssuerLocation does not include failure information #17015

Fix Typo In SubjectDnX509PrincipalExtractorTests #16997

Implement internal cache in JtiClaimValidator #17107

Polish javadoc #16924

Remove unused classes #16935

Replace NimbusOpaqueTokenIntrospector with SpringOpaqueTokenIntrospector in Documentation #16962

RequestHeaderAuthenticationFilter creates a session even if not configured to do so #17147

🪲 Bug Fixes

Add FunctionalInterface To X509PrincipalExtractor #16952

Change NonNull import from reactor to spring #16571

Fix DPoP jkt claim to be JWK SHA-256 thumbprint #17080

Minor error in the Handling Logouts documentation #17049

SecurityAnnotationScanner's method comparison should use .equals #17145

Use proper configuration key in Opaque Token documentation #17014

🔨 Dependency Upgrades

Bump com.fasterxml.jackson:jackson-bom from 2.18.3 to 2.18.4 #17069

Bump com.fasterxml.jackson:jackson-bom from 2.18.3 to 2.19.0 #16995

Bump com.google.code.gson:gson from 2.13.0 to 2.13.1 #16990

Bump com.webauthn4j:webauthn4j-core from 0.29.0.RELEASE to 0.29.1.RELEASE #17024

Bump com.webauthn4j:webauthn4j-core from 0.29.1.RELEASE to 0.29.2.RELEASE #17095

Bump io.micrometer:micrometer-observation from 1.14.6 to 1.14.7 #17096

Bump io.mockk:mockk from 1.14.0 to 1.14.2 #17019

Bump io.projectreactor:reactor-bom from 2023.0.17 to 2023.0.18 #17111

Bump io.spring.gradle:spring-security-release-plugin from 1.0.5 to 1.0.6 #17040

Bump org-apache-maven-resolver from 1.9.22 to 1.9.23 #17088

Bump org-eclipse-jetty from 11.0.24 to 11.0.25 #16761

Bump org.hibernate.orm:hibernate-core from 6.6.13.Final to 6.6.14.Final #17089

Bump org.hibernate.orm:hibernate-core from 6.6.14.Final to 6.6.15.Final #17105

Bump org.seleniumhq.selenium:selenium-java from 4.31.0 to 4.32.0 #17037

Bump org.springframework.data:spring-data-bom from 2024.1.4 to 2024.1.5 #16981

Bump org.springframework.data:spring-data-bom from 2024.1.5 to 2024.1.6 #17137

Bump org.springframework:spring-framework-bom from 6.2.6 to 6.2.7 #17124

🔩 Build Updates

Release 6.5.0 #17138

❤️ Contributors

... (truncated)

Commits

0fd0e93 Release 6.5.0
78dd02a Merge branch '6.4.x' into 6.5.x
edc8735 Merge branch '6.3.x' into 6.4.x
cae3467 Improve AbstractPreAuthenticatedProcessingFilter docs
9a8f9a9 Merge branch '6.4.x' into 6.5.x
c972de5 Use .equals to Compare Methods
bf2aaa1 Use .equals to Compare Methods
6fb0591 Merge branch 'gradle/6.5.x/org.springframework.data-spring-data-bom-2024.1.6'...
390972c Merge branch '6.4.x' into 6.5.x
3690517 Merge branch 'gradle/6.4.x/org.springframework.data-spring-data-bom-2024.1.6'...
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps `spring-security.version` from 6.4.5 to 6.5.0. Updates `org.springframework.security:spring-security-config` from 6.4.5 to 6.5.0 - [Release notes](https://github.com/spring-projects/spring-security/releases) - [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc) - [Commits](spring-projects/spring-security@6.4.5...6.5.0) Updates `org.springframework.security:spring-security-web` from 6.4.5 to 6.5.0 - [Release notes](https://github.com/spring-projects/spring-security/releases) - [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc) - [Commits](spring-projects/spring-security@6.4.5...6.5.0) --- updated-dependencies: - dependency-name: org.springframework.security:spring-security-config dependency-version: 6.5.0 dependency-type: direct:development update-type: version-update:semver-minor - dependency-name: org.springframework.security:spring-security-web dependency-version: 6.5.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

…er-spring/spring-security.version-6.5.0

dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels May 26, 2025

dependabot bot force-pushed the dependabot/maven/aws-serverless-java-container-spring/spring-security.version-6.5.0 branch from d35bf69 to f2869ee Compare June 17, 2025 23:28

dependabot bot force-pushed the dependabot/maven/aws-serverless-java-container-spring/spring-security.version-6.5.0 branch from f2869ee to 5f14b7d Compare June 17, 2025 23:29

Merge branch 'main' into dependabot/maven/aws-serverless-java-contain…

eaae0f1

…er-spring/spring-security.version-6.5.0

vicheey merged commit 533ba84 into main Jun 18, 2025
8 checks passed

dependabot bot deleted the dependabot/maven/aws-serverless-java-container-spring/spring-security.version-6.5.0 branch June 18, 2025 16:42

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps-dev): bump spring-security.version from 6.4.5 to 6.5.0 in /aws-serverless-java-container-spring #1449

chore(deps-dev): bump spring-security.version from 6.4.5 to 6.5.0 in /aws-serverless-java-container-spring #1449

Uh oh!

dependabot bot commented on behalf of github May 26, 2025 •

edited

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

chore(deps-dev): bump spring-security.version from 6.4.5 to 6.5.0 in /aws-serverless-java-container-spring #1449

chore(deps-dev): bump spring-security.version from 6.4.5 to 6.5.0 in /aws-serverless-java-container-spring #1449

Uh oh!

Conversation

dependabot bot commented on behalf of github May 26, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

6.5.0

⭐ New Features

🪲 Bug Fixes

🔨 Dependency Upgrades

🔩 Build Updates

❤️ Contributors

6.5.0

⭐ New Features

🪲 Bug Fixes

🔨 Dependency Upgrades

🔩 Build Updates

❤️ Contributors

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

dependabot bot commented on behalf of github May 26, 2025 •

edited

Loading