fix(deps): update all dependencies (major)

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Type	Update	Change	Age	Confidence
actions/cache	action	major	v4 → v5
actions/checkout	action	major	v4 → v6
actions/setup-java	action	major	v4 → v5
org.springframework.security:spring-security-web (source)	compile	major	5.7.13 → 7.0.2
org.springframework.security:spring-security-core (source)	compile	major	5.7.14 → 7.0.2
org.springframework.security:spring-security-config (source)	compile	major	5.4.10 → 7.0.2
org.springframework.boot:spring-boot-test-autoconfigure (source)	test	major	2.3.12.RELEASE → 4.0.2
org.springframework.boot:spring-boot-test (source)	test	major	2.3.12.RELEASE → 4.0.2
org.springframework.boot:spring-boot-actuator (source)	compile	major	2.7.18 → 4.0.2
org.springframework.boot:spring-boot (source)	compile	major	2.3.12.RELEASE → 4.0.2
org.springframework:spring-webmvc	test	major	5.2.22.RELEASE → 7.0.3
org.springframework:spring-test	test	major	5.2.22.RELEASE → 7.0.3
org.springframework:spring-context	compile	major	5.2.22.RELEASE → 7.0.3
org.springframework:spring-test	compile	major	5.2.22.RELEASE → 7.0.3
org.springframework:spring-beans	compile	major	5.2.22.RELEASE → 7.0.3
org.slf4j:slf4j-api (source, changelog)	compile	major	1.7.36 → 2.0.17
org.springframework.boot:spring-boot-configuration-processor (source)	optional	major	2.3.12.RELEASE → 4.0.2
org.slf4j:slf4j-simple (source, changelog)	test	major	1.7.36 → 2.0.17
org.springframework:spring-webmvc	compile	major	5.2.22.RELEASE → 7.0.3
org.junit.jupiter:junit-jupiter (source)	test	major	5.10.1 → 6.0.2
com.maxmind.geoip2:geoip2 (source)	compile	major	2.14.0 → 5.0.2
org.springframework.data:spring-data-commons (source)	compile	major	2.7.2 → 4.0.2
com.ibm.icu:icu4j (source)	compile	major	72.1 → 78.2

---

Release Notes

actions/cache (actions/cache)

v5

Compare Source

actions/checkout (actions/checkout)

v6

Compare Source

v5

Compare Source

actions/setup-java (actions/setup-java)

v5

Compare Source

spring-projects/spring-security (org.springframework.security:spring-security-web)

v7.0.2

Compare Source

🪲 Bug Fixes

• AuthorizationWebProxyConfiguration should only be active when both spring-security-web and spring-webmvc are on the classpath #​18315

v7.0.1

Compare Source

⭐ New Features

• Stop deploying JavaDoc outside of Antora #​18200

🪲 Bug Fixes

• An unexpected dependency appeared for spring-security-config of spring-security-web #​18307
• Fix "typ" header value in NimbusJwtEncoder-encoded JWT #​18270
• Fix broken link to Spring Boot docs #​18236
• Fix documentation resource server sample title #​18231
• Fix MyCustomDsl to use csrf(Customizer) instead of removed csrf().disabled() #​18223
• Fix typo in AnnotationTemplateExpressionDefaults documentation #​18255
• Fix typos in documentation depenendencies->dependencies #​18209
• NimbusJwtEncoder produces JWT with wrong "typ" header value #​18269
• OAuth2AuthorizationEndpointFilter should be applied after AuthorizationFilter #​18251
• Remove requireProofKey warning for non-auth-code flows #​18221
• Remove throws from MyCustomDsl in docs #​18224

🔨 Dependency Upgrades

• Bump ch.qos.logback:logback-classic from 1.5.20 to 1.5.21 #​18214
• Bump ch.qos.logback:logback-classic from 1.5.21 to 1.5.22 #​18311
• Bump com.fasterxml.jackson:jackson-bom from 2.20.0 to 2.20.1 #​18245
• Bump com.unboundid:unboundid-ldapsdk from 7.0.3 to 7.0.4 #​18262
• Bump io.micrometer:micrometer-observation from 1.14.12 to 1.14.13 #​18189
• Bump io.micrometer:micrometer-observation from 1.14.13 to 1.14.14 #​18277
• Bump io.mockk:mockk from 1.14.6 to 1.14.7 #​18274
• Bump io.projectreactor:reactor-bom from 2025.0.0 to 2025.0.1 #​18289
• Bump io.spring.gradle:spring-security-release-plugin from 1.0.10 to 1.0.13 #​18187
• Bump org-aspectj from 1.9.24 to 1.9.25 #​18186
• Bump org.apache.kerby:kerb-simplekdc from 2.1.0 to 2.1.1 #​18215
• Bump org.junit:junit-bom from 6.0.0 to 6.0.1 #​18188
• Bump org.springframework.data:spring-data-bom from 2025.1.0 to 2025.1.1 #​18312
• Bump org.springframework:spring-framework-bom from 7.0.0 to 7.0.1 #​18213
• Bump org.springframework:spring-framework-bom from 7.0.1 to 7.0.2 #​18310
• Bump tools.jackson:jackson-bom from 3.0.1 to 3.0.2 #​18212
• Bump tools.jackson:jackson-bom from 3.0.2 to 3.0.3 #​18244

🔩 Build Updates

• Add Test for ServletRequestPathUtils.parseAndCache(method=null) #​18166
• Bump antora from 3.2.0-alpha.10 to 3.2.0-alpha.11 in /docs #​18238

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​L33gn21, @​ghusta, @​ronodhirSoumik, @​rwinch, @​sach429, and @​ziqin

v7.0.0

Compare Source

⭐ New Features

• Add a minimal authorization server configuration #​18153
• Mark GrantedAuthority#getAuthority as @Nullable #​18014
• Polish SimpleGrantedAuthority #​18062

🪲 Bug Fixes

• Correct the org.springframework.security.config.annotation.web.LogoutDsl's property description #​18026
• Fix webauthn multifactor authentication #​18163

🔨 Dependency Upgrades

• Bump org.jetbrains.kotlin:kotlin-bom from 2.2.20 to 2.2.21 #​18099
• Bump org.jetbrains.kotlin:kotlin-gradle-plugin from 2.2.20 to 2.2.21 #​18100
• Bump tools.jackson:jackson-bom from 3.0.0 to 3.0.1 #​18097
• Update to Reactor 2025.0.0 #​18173
• Update to Spring Data 2025.1.0 #​18174
• Update to Spring Framework 7.0.0 #​18172
• Update to Spring LDAP 4.0.0 #​18175

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Kehrlann, @​SimonVonXCVII, @​quaff, and @​therepanic

v6.5.7

Compare Source

⭐ New Features

• Add Include-Code for the Password Storage page #​18054
• Default WebAuthnConfigurer#rpName to rpId #​18131
• Document effects of disabling CORS #​18129

🪲 Bug Fixes

• typ values should not be case-sensitive in JwtTypeValidator #​18101
• BCryptPasswordEncoderTests should password limit of 72 bytes #​18136
• Fix GenerateOneTimeTokenRequestResolver ignored if username param not present #​18074
• GenerateOneTimeTokenFilter should not attempt to generate a token with a null token request #​18088

🔨 Dependency Upgrades

• Bump com.fasterxml.jackson:jackson-bom from 2.18.4.1 to 2.18.5 #​18110
• Bump io.micrometer:micrometer-observation from 1.14.12 to 1.14.13 #​18149
• Bump io.spring.gradle:spring-security-release-plugin from 1.0.11 to 1.0.13 #​18141
• Bump org-aspectj from 1.9.24 to 1.9.25 #​18142
• Bump org.hibernate.orm:hibernate-core from 6.6.33.Final to 6.6.34.Final #​18111
• Update to Reactor 2024.0.12 #​18181
• Update to Spring Data 2024.1.12 #​18182
• Update to Spring Framework 6.2.13 #​18180

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​himanshu-pareek, @​marcusdacoregio, and @​namest504

v6.5.6

Compare Source

🔨 Dependency Upgrades

• Bump ch.qos.logback:logback-classic from 1.5.19 to 1.5.20 #​18082
• Bump com.google.code.gson:gson from 2.13.1 to 2.13.2 #​17930
• Bump com.webauthn4j:webauthn4j-core from 0.29.5.RELEASE to 0.29.6.RELEASE #​17929
• Bump io.micrometer:micrometer-observation from 1.14.11 to 1.14.12 #​18045
• Bump org.assertj:assertj-core from 3.27.5 to 3.27.6 #​17950
• Bump org.gretty:gretty from 4.1.7 to 4.1.10 #​17945
• Bump org.hibernate.orm:hibernate-core from 6.6.31.Final to 6.6.33.Final #​18039
• Bump org.springframework.data:spring-data-bom from 2024.1.10 to 2024.1.11 #​18083
• Bump org.springframework.ldap:spring-ldap-core from 3.2.14 to 3.2.15 #​18067
• Bump org.springframework:spring-framework-bom from 6.2.11 to 6.2.12 #​18068

v6.5.5

Compare Source

🔨 Dependency Upgrades

• Bump io.micrometer:micrometer-observation from 1.14.10 to 1.14.11 #​17922
• Bump io.micrometer:micrometer-observation from 1.14.10 to 1.14.11 #​17911
• Bump jakarta.xml.bind:jakarta.xml.bind-api from 4.0.2 to 4.0.4 #​17923
• Bump jakarta.xml.bind:jakarta.xml.bind-api from 4.0.2 to 4.0.4 #​17910
• Bump org.hibernate.orm:hibernate-core from 6.6.26.Final to 6.6.29.Final #​17924
• Bump org.hibernate.orm:hibernate-core from 6.6.26.Final to 6.6.29.Final #​17913
• Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.10 #​17925
• Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.10 #​17912
• Bump org.springframework:spring-framework-bom from 6.2.10 to 6.2.11 #​17926
• Bump org.springframework:spring-framework-bom from 6.2.10 to 6.2.11 #​17914

v6.5.4

Compare Source

⭐ New Features

• Update servlet test method docs to use include-code #​17749

🪲 Bug Fixes

• Annonation Scanning Should Fallback to Object when Parameter Matching #​17899
• Fix double-slash when basePath is root #​17841
• Fix traceId discrepancy in case error in servlet web #​17796
• Reference should advise avoiding post-authorization on writes #​17798

🔨 Dependency Upgrades

• Bump com.google.code.gson:gson from 2.13.1 to 2.13.2 #​17893
• Bump com.google.code.gson:gson from 2.13.1 to 2.13.2 #​17874
• Bump com.webauthn4j:webauthn4j-core from 0.29.5.RELEASE to 0.29.6.RELEASE #​17895
• Bump com.webauthn4j:webauthn4j-core from 0.29.5.RELEASE to 0.29.6.RELEASE #​17854
• Bump com.webauthn4j:webauthn4j-core from 0.29.5.RELEASE to 0.29.6.RELEASE #​17836
• Bump io.micrometer:micrometer-observation from 1.14.10 to 1.14.11 #​17894
• Bump io.micrometer:micrometer-observation from 1.14.10 to 1.14.11 #​17858
• Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 #​17767
• Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.26.Final #​17766
• Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.26.Final #​17759
• Bump org.hibernate.orm:hibernate-core from 6.6.26.Final to 6.6.28.Final #​17853
• Bump org.hibernate.orm:hibernate-core from 6.6.26.Final to 6.6.28.Final #​17837
• Bump org.hibernate.orm:hibernate-core from 6.6.26.Final to 6.6.29.Final #​17896
• Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.10 #​17897
• Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.9 #​17855
• Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.9 #​17791
• Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.9 #​17771
• Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.9 #​17758
• Bump org.springframework.ldap:spring-ldap-core from 3.2.13 to 3.2.14 #​17773

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​jkuhel and @​therepanic

v6.5.3

Compare Source

⭐ New Features

• Add META-INF/LICENSE.txt to published jars #​17639
• Update Angular documentation links in csrf.adoc #​17653
• Update Shibboleth Repository URL #​17637
• Use 2004-present Copyright #​17634

🪲 Bug Fixes

• Add Missing Navigation in Preparing for 7.0 Guide #​17731
• DPoP authentication throws JwtDecoderFactory ClassNotFoundException #​17249
• OpenSamlAssertingPartyDetails Should Be Serializable #​17727
• Use final values in equals and hashCode #​17621

🔨 Dependency Upgrades

• Bump com.webauthn4j:webauthn4j-core from 0.29.4.RELEASE to 0.29.5.RELEASE #​17739
• Bump com.webauthn4j:webauthn4j-core from 0.29.4.RELEASE to 0.29.5.RELEASE #​17690
• Bump com.webauthn4j:webauthn4j-core from 0.29.4.RELEASE to 0.29.5.RELEASE #​17684
• Bump com.webauthn4j:webauthn4j-core from 0.29.4.RELEASE to 0.29.5.RELEASE #​17661
• Bump io.micrometer:micrometer-observation from 1.14.8 to 1.14.9 #​17615
• Bump io.micrometer:micrometer-observation from 1.14.8 to 1.14.9 #​17599
• Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.10 #​17737
• Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.10 #​17701
• Bump io.mockk:mockk from 1.14.4 to 1.14.5 #​17614
• Bump io.spring.develocity.conventions from 0.0.23 to 0.0.24 #​17647
• Bump io.spring.gradle:spring-security-release-plugin from 1.0.10 to 1.0.11 #​17733
• Bump io.spring.gradle:spring-security-release-plugin from 1.0.10 to 1.0.11 #​17711
• Bump io.spring.gradle:spring-security-release-plugin from 1.0.6 to 1.0.10 #​17612
• Bump io.spring.gradle:spring-security-release-plugin from 1.0.6 to 1.0.10 #​17598
• Bump org-eclipse-jetty from 11.0.25 to 11.0.26 #​17742
• Bump org.apache.maven:maven-resolver-provider from 3.9.10 to 3.9.11 #​17613
• Bump org.apache.maven:maven-resolver-provider from 3.9.10 to 3.9.11 #​17595
• Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 #​17760
• Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 #​17692
• Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 #​17683
• Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 #​17671
• Bump org.gretty:gretty from 4.1.6 to 4.1.7 #​17616
• Bump org.gretty:gretty from 4.1.6 to 4.1.7 #​17597
• Bump org.hibernate.orm:hibernate-core from 6.6.20.Final to 6.6.23.Final #​17646
• Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.24.Final #​17660
• Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.25.Final #​17694
• Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.25.Final #​17685
• Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.34.1 to 4.34.2 #​17650
• Bump org.springframework.data:spring-data-bom from 2024.1.7 to 2024.1.8 #​17645
• Bump org.springframework.ldap:spring-ldap-core from 3.2.13 to 3.2.14 #​17757
• Bump org.springframework:spring-framework-bom from 6.2.8 to 6.2.9 #​17651
• Bump org.springframework:spring-framework-bom from 6.2.8 to 6.2.9 #​17596
• Bump org.springframework:spring-framework-bom from 6.2.9 to 6.2.10 #​17735

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​codingtim

v6.5.2

Compare Source

🪲 Bug Fixes

• <websocket-message-broker> should pick up a bean named csrfChannelInterceptor #​17495
• Add 7.0 Migration Steps for Messaging PathPattern Usage #​17509
• EnableReactiveMethodSecurity should not import Servlet configuration #​17545
• Fix equals and hashCode in PathPatternRequestMatcher to include HTTP method #​17337
• Fix securityContextRepository() initialization in oauth2Login() DSL #​17557
• OAuth2Login DSL should support post-processing AuthenticationProvider implementations #​17176
• Websocket XML config should pick up PathPatternMessageMatcher.Builder #​17508

🔨 Dependency Upgrades

• Bump com.webauthn4j:webauthn4j-core from 0.29.3.RELEASE to 0.29.4.RELEASE #​17444
• Bump io-spring-javaformat from 0.0.46 to 0.0.47 [#​17470](#​17470
• Bump io.micrometer:micrometer-observation from 1.14.8 to 1.14.9 [#​17570](#​17570
• Bump io.mockk:mockk from 1.14.2 to 1.14.4 #​17467
• Bump io.mockk:mockk from 1.14.4 to 1.14.5 #​17572
• Bump org-apache-maven-resolver from 1.9.23 to 1.9.24 #​17469
• Bump org.apache.maven:maven-resolver-provider from 3.9.10 to 3.9.11 #​17555
• Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.20.Final #​17491
• Bump org.hibernate.orm:hibernate-core from 6.6.20.Final to 6.6.22.Final #​17571
• Bump org.springframework.data:spring-data-bom from 2024.1.6 to 2024.1.7 #​17466
• Bump org.springframework.data:spring-data-bom from 2024.1.7 to 2024.1.8 #​17569
• Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13 #​17468
• Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8 #​17481
• Bump org.springframework:spring-framework-bom from 6.2.8 to 6.2.9 #​17568

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​fkowal and @​therepanic

v6.5.1

Compare Source

⭐ New Features

• Create demonstration of include-code usage #​17161
• Setup include-code extension for docs #​17160

🪲 Bug Fixes

• ClearSiteDataHeaderWriter log is misleading #​17166
• Fix to allow multiple AuthenticationFilter instances to process each request #​17216
• Inconsistent constructor declaration on bean with name '_reactiveMethodSecurityConfiguration' #​17210
• OAuth2ResourceServer using authenticationManagerResolver results in tokenAuthenticationManager cannot be null while startup #​17172
• Publishing a default TargetVisitor should not override Spring MVC support #​17189
• Use HttpStatus in back-channel logout filters #​17157

🔨 Dependency Upgrades

• Bump com.fasterxml.jackson:jackson-bom from 2.18.4 to 2.18.4.1 #​17233
• Bump com.webauthn4j:webauthn4j-core from 0.29.2.RELEASE to 0.29.3.RELEASE #​17192
• Bump io-spring-javaformat from 0.0.43 to 0.0.45 #​17152
• Bump io.micrometer:micrometer-observation from 1.14.7 to 1.14.8 #​17220
• Bump io.projectreactor:reactor-bom from 2023.0.18 to 2023.0.19 #​17232
• Bump io.spring.develocity.conventions from 0.0.22 to 0.0.23 #​17204
• Bump org.apache.maven:maven-resolver-provider from 3.9.9 to 3.9.10 #​17214
• Bump org.hibernate.orm:hibernate-core from 6.6.15.Final to 6.6.17.Final #​17184
• Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.18.Final #​17256
• Bump org.springframework.data:spring-data-bom from 2024.1.6 to 2024.1.7 #​17257
• Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13 #​17239
• Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8 #​17238

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​evgeniycheban

v6.5.0

Compare Source

⭐ New Features

• Add documentation for DPoP support #​17072
• Add logging to CsrfTokenRequestHandler implementations #​16994
• Add mapping for DPoP in DefaultMapOAuth2AccessTokenResponseConverter #​16806
• Bump Gradle Wrapper from 8.13 to 8.14 #​17018
• ClientRegistrations.fromIssuerLocation does not include failure information #​17015
• Fix Typo In SubjectDnX509PrincipalExtractorTests #​16997
• Implement internal cache in JtiClaimValidator #​17107
• Polish javadoc #​16924
• Remove unused classes #​16935
• Replace NimbusOpaqueTokenIntrospector with SpringOpaqueTokenIntrospector in Documentation #​16962
• RequestHeaderAuthenticationFilter creates a session even if not configured to do so #​17147

🪲 Bug Fixes

• Add FunctionalInterface To X509PrincipalExtractor #​16952
• Change NonNull import from reactor to spring #​16571
• Fix DPoP jkt claim to be JWK SHA-256 thumbprint #​17080
• Minor error in the Handling Logouts documentation #​17049
• SecurityAnnotationScanner's method comparison should use .equals #​17145
• Use proper configuration key in Opaque Token documentation #​17014

🔨 Dependency Upgrades

• Bump com.fasterxml.jackson:jackson-bom from 2.18.3 to 2.18.4 #​17069
• Bump com.fasterxml.jackson:jackson-bom from 2.18.3 to 2.19.0 #​16995
• Bump com.google.code.gson:gson from 2.13.0 to 2.13.1 #​16990
• Bump com.webauthn4j:webauthn4j-core from 0.29.0.RELEASE to 0.29.1.RELEASE #​17024
• Bump com.webauthn4j:webauthn4j-core from 0.29.1.RELEASE to 0.29.2.RELEASE #​17095
• Bump io.micrometer:micrometer-observation from 1.14.6 to 1.14.7 #​17096
• Bump io.mockk:mockk from 1.14.0 to 1.14.2 #​17019
• Bump io.projectreactor:reactor-bom from 2023.0.17 to 2023.0.18 #​17111
• Bump io.spring.gradle:spring-security-release-plugin from 1.0.5 to 1.0.6 #​17040
• Bump org-apache-maven-resolver from 1.9.22 to 1.9.23 #​17088
• Bump org-eclipse-jetty from 11.0.24 to 11.0.25 #​16761
• Bump org.hibernate.orm:hibernate-core from 6.6.13.Final to 6.6.14.Final #​17089
• Bump org.hibernate.orm:hibernate-core from 6.6.14.Final to 6.6.15.Final #​17105
• Bump org.seleniumhq.selenium:selenium-java from 4.31.0 to 4.32.0 #​17037
• Bump org.springframework.data:spring-data-bom from 2024.1.4 to 2024.1.5 #​16981
• Bump org.springframework.data:spring-data-bom from 2024.1.5 to 2024.1.6 #​17137
• Bump org.springframework:spring-framework-bom from 6.2.6 to 6.2.7 #​17124

🔩 Build Updates

• Release 6.5.0 #​17138

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​dkowis, @​franticticktick, @​hammadirshad, @​jearton, @​ngocnhan-tran1996, @​quaff, and @​yybmion

v6.4.13

Compare Source

⭐ New Features

• Default WebAuthnConfigurer#rpName to rpId #​18115
• Document effects of disabling CORS #​18117

🪲 Bug Fixes

• BCryptPasswordEncoderTests should password limit of 72 bytes #​18133

🔨 Dependency Upgrades

• Bump com.fasterxml.jackson:jackson-bom from 2.18.4.1 to 2.18.5 #​18108
• Bump io.micrometer:micrometer-observation from 1.14.12 to 1.14.13 #​18148
• Bump io.spring.gradle:spring-security-release-plugin from 1.0.11 to 1.0.13 #​18140
• Bump org-aspectj from 1.9.24 to 1.9.25 #​18139
• Bump org.hibernate.orm:hibernate-core from 6.6.33.Final to 6.6.34.Final #​18109
• Update Spring Data 2024.1.12 #​18179
• Update to Reactor 2024.0.12 #​18178
• Update to Spring Framework 6.2.13 #​18177

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Kehrlann

v6.4.12

Compare Source

🔨 Dependency Upgrades

• Bump ch.qos.logback:logback-classic from 1.5.19 to 1.5.20 #​18080
• Bump com.webauthn4j:webauthn4j-core from 0.29.6.RELEASE to 0.29.7.RELEASE #​17985
• Bump io.micrometer:micrometer-observation from 1.14.11 to 1.14.12 #​18044
• Bump io.mockk:mockk from 1.14.5 to 1.14.6 #​17984
• Bump org.gretty:gretty from 4.1.7 to 4.1.10 #​17944
• Bump org.hibernate.orm:hibernate-core from 6.6.31.Final to 6.6.33.Final #​18038
• Bump org.springframework.data:spring-data-bom from 2024.1.10 to 2024.1.11 #​18081
• Bump org.springframework.ldap:spring-ldap-core from 3.2.14 to 3.2.15 #​18065
• Bump org.springframework:spring-framework-bom from 6.2.11 to 6.2.12 #​18066

v6.4.11

Compare Source

🔨 Dependency Upgrades

• Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.11 #​17921
• Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.11 #​17909
• Bump jakarta.xml.bind:jakarta.xml.bind-api from 4.0.2 to 4.0.4 #​17918
• Bump jakarta.xml.bind:jakarta.xml.bind-api from 4.0.2 to 4.0.4 #​17905
• Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.29.Final #​17917
• Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.29.Final #​17907
• Bump org.springframework.data:spring-data-bom from 2024.1.9 to 2024.1.10 #​17919
• Bump org.springframework.data:spring-data-bom from 2024.1.9 to 2024.1.10 #​17906
• Bump org.springframework:spring-framework-bom from 6.2.10 to 6.2.11 #​17920
• Bump org.springframework:spring-framework-bom from 6.2.10 to 6.2.11 #​17908

v6.4.10

Compare Source

🪲 Bug Fixes

• Annonation Scanning Should Fallback to Object when Parameter Matching #​17898
• Fix traceId discrepancy in case error in servlet web #​17134
• Reference should advise avoiding post-authorization on writes #​17797
• Remove MockWebServer from JwtIssuerAuthenticationManagerResolverTests #​17869

🔨 Dependency Upgrades

• Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.10 #​17792
• Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.10 #​17778
• Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.10 #​17769
• Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.11 #​17892
• Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.11 #​17857
• Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.26.Final #​17777
• Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.26.Final [#​17768](https://redirect.github.com/spring-pro

---

Configuration

📅 Schedule: Branch creation - "every weekend" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.