Update spring security

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
org.springframework.security:spring-security-test (source)	6.5.0 -> 6.5.2
org.springframework.security:spring-security-oauth2-authorization-server (source)	1.5.0 -> 1.5.1

---

Release Notes

spring-projects/spring-security (org.springframework.security:spring-security-test)

v6.5.2

Compare Source

🪲 Bug Fixes

• <websocket-message-broker> should pick up a bean named csrfChannelInterceptor #​17495
• Add 7.0 Migration Steps for Messaging PathPattern Usage #​17509
• EnableReactiveMethodSecurity should not import Servlet configuration #​17545
• Fix equals and hashCode in PathPatternRequestMatcher to include HTTP method #​17337
• Fix securityContextRepository() initialization in oauth2Login() DSL #​17557
• OAuth2Login DSL should support post-processing AuthenticationProvider implementations #​17176
• Websocket XML config should pick up PathPatternMessageMatcher.Builder #​17508

🔨 Dependency Upgrades

• Bump com.webauthn4j:webauthn4j-core from 0.29.3.RELEASE to 0.29.4.RELEASE #​17444
• Bump io-spring-javaformat from 0.0.46 to 0.0.47 [#​17470][https://github.com/spring-projects/spring-security/pull/17470](https://redirect.github.com/spring-projects/spring-security/pull/17470)0
• Bump io.micrometer:micrometer-observation from 1.14.8 to 1.14.9 [#​17570][https://github.com/spring-projects/spring-security/pull/17570](https://redirect.github.com/spring-projects/spring-security/pull/17570)0
• Bump io.mockk:mockk from 1.14.2 to 1.14.4 #​17467
• Bump io.mockk:mockk from 1.14.4 to 1.14.5 #​17572
• Bump org-apache-maven-resolver from 1.9.23 to 1.9.24 #​17469
• Bump org.apache.maven:maven-resolver-provider from 3.9.10 to 3.9.11 #​17555
• Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.20.Final #​17491
• Bump org.hibernate.orm:hibernate-core from 6.6.20.Final to 6.6.22.Final #​17571
• Bump org.springframework.data:spring-data-bom from 2024.1.6 to 2024.1.7 #​17466
• Bump org.springframework.data:spring-data-bom from 2024.1.7 to 2024.1.8 #​17569
• Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13 #​17468
• Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8 #​17481
• Bump org.springframework:spring-framework-bom from 6.2.8 to 6.2.9 #​17568

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​fkowal and @​therepanic

v6.5.1

Compare Source

⭐ New Features

• Create demonstration of include-code usage #​17161
• Setup include-code extension for docs #​17160

🪲 Bug Fixes

• ClearSiteDataHeaderWriter log is misleading #​17166
• Fix to allow multiple AuthenticationFilter instances to process each request #​17216
• Inconsistent constructor declaration on bean with name '_reactiveMethodSecurityConfiguration' #​17210
• OAuth2ResourceServer using authenticationManagerResolver results in tokenAuthenticationManager cannot be null while startup #​17172
• Publishing a default TargetVisitor should not override Spring MVC support #​17189
• Use HttpStatus in back-channel logout filters #​17157

🔨 Dependency Upgrades

• Bump com.fasterxml.jackson:jackson-bom from 2.18.4 to 2.18.4.1 #​17233
• Bump com.webauthn4j:webauthn4j-core from 0.29.2.RELEASE to 0.29.3.RELEASE #​17192
• Bump io-spring-javaformat from 0.0.43 to 0.0.45 #​17152
• Bump io.micrometer:micrometer-observation from 1.14.7 to 1.14.8 #​17220
• Bump io.projectreactor:reactor-bom from 2023.0.18 to 2023.0.19 #​17232
• Bump io.spring.develocity.conventions from 0.0.22 to 0.0.23 #​17204
• Bump org.apache.maven:maven-resolver-provider from 3.9.9 to 3.9.10 #​17214
• Bump org.hibernate.orm:hibernate-core from 6.6.15.Final to 6.6.17.Final #​17184
• Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.18.Final #​17256
• Bump org.springframework.data:spring-data-bom from 2024.1.6 to 2024.1.7 #​17257
• Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13 #​17239
• Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8 #​17238

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​evgeniycheban

spring-projects/spring-authorization-server (org.springframework.security:spring-security-oauth2-authorization-server)

v1.5.1

Compare Source

⭐ New Features

• Polish logging in OAuth2ClientAuthenticationFilter #​2025

🪲 Bug Fixes

• OAuth2 Pushed Authorization Request request_uri expiry is too short #​2024

🔨 Dependency Upgrades

• Bump com.fasterxml.jackson:jackson-bom from 2.18.4 to 2.18.4.1 #​2040
• Bump io-spring-javaformat from 0.0.45 to 0.0.46 #​2030
• Bump io.spring.develocity.conventions from 0.0.22 to 0.0.23 #​2034
• Bump org.springframework.security:spring-security-bom from 6.5.0 to 6.5.1 #​2049
• Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8 #​2045

---

Configuration

📅 Schedule: Branch creation - "after 7am and before 9am every weekday,after 6pm and before 8pm every weekday" in timezone Europe/London, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.