Bump the development-dependencies group with 3 updates

[dependabot]

Bumps the development-dependencies group with 3 updates: org.springframework.security:spring-security-bom, org.hibernate.orm:hibernate-core and io.spring.develocity.conventions.

Updates org.springframework.security:spring-security-bom from 6.4.7 to 6.4.8

Release notes

Sourced from org.springframework.security:spring-security-bom's releases.

6.4.8

🪲 Bug Fixes

• <websocket-message-broker> should pick up a bean named csrfChannelInterceptor #17494
• Fix securityContextRepository() initialization in oauth2Login() DSL #17502
• Support add nested security configurers during builder initialization #17020

🔨 Dependency Upgrades

• Bump io-spring-javaformat from 0.0.46 to 0.0.47 #17464
• Bump io.micrometer:micrometer-observation from 1.14.8 to 1.14.9 #17576
• Bump org-apache-maven-resolver from 1.9.23 to 1.9.24 #17463
• Bump org.apache.maven:maven-resolver-provider from 3.9.10 to 3.9.11 #17574
• Bump org.hibernate.orm:hibernate-core from 6.6.17.Final to 6.6.19.Final #17465
• Bump org.hibernate.orm:hibernate-core from 6.6.19.Final to 6.6.20.Final #17490
• Bump org.hibernate.orm:hibernate-core from 6.6.20.Final to 6.6.22.Final #17575
• Bump org.springframework.data:spring-data-bom from 2024.1.6 to 2024.1.7 #17480
• Bump org.springframework.data:spring-data-bom from 2024.1.7 to 2024.1.8 #17577
• Bump org.springframework.ldap:spring-ldap-core from 3.2.12 to 3.2.13 #17462
• Bump org.springframework:spring-framework-bom from 6.2.7 to 6.2.8 #17461
• Bump org.springframework:spring-framework-bom from 6.2.8 to 6.2.9 #17578

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​kse-music and @​marcusdacoregio

Commits

• 4fe9d91 Release 6.4.8
• e38c059 Fix samples branch
• 829af96 Use Meaningful Configurer Names in Test
• fca704e Fix getConfigurersInInitializing Semantics
• ea9dd27 Support add nested security configurers during builder initialization
• 258aa66 Merge branch '6.3.x' into 6.4.x
• d5d31a0 Bump org.apache.maven:maven-resolver-provider from 3.9.10 to 3.9.11
• 1b3f843 Bump org.hibernate.orm:hibernate-core from 6.6.20.Final to 6.6.22.Final
• 22fbbb9 Bump io.micrometer:micrometer-observation from 1.14.8 to 1.14.9
• f162235 Bump org.springframework.data:spring-data-bom from 2024.1.7 to 2024.1.8
• Additional commits viewable in compare view

Updates org.hibernate.orm:hibernate-core from 6.6.21.Final to 6.6.22.Final

Release notes

Sourced from org.hibernate.orm:hibernate-core's releases.

Hibernate ORM 6.6.22.Final released

Today, we published a new release of Hibernate ORM 6.6: 6.6.22.Final.

You can find the full list of 6.6.22.Final changes here.

What's new

This release introduces a few minor improvements as well as bug fixes.

Conclusion

For additional details, see:

• the release page
• the Migration Guide
• the Introduction Guide
• the User Guide

See also the following resources related to supported APIs:

• the compatibility policy
• the incubating API report (@Incubating)
• the deprecated API report (@Deprecated + @Remove)
• the internal API report (internal packages, @Internal)

Visit the website for details on getting in touch with us.

Changelog

Sourced from org.hibernate.orm:hibernate-core's changelog.

Changes in 6.6.22.Final (July 20, 2025)

https://hibernate.atlassian.net/projects/HHH/versions/34297

** Bug * [HHH-19621] - SUBSTRING function for DB2i Series is broken * [HHH-19579] - Criteria update join - Column 'code' in SET is ambiguous * [HHH-19550] - Attribute join on correlated from node receives wrong root * [HHH-19524] - @​OneToOne relationship unnecessary joins in nativeQuery * [HHH-19457] - Inheritance with type JOINED not working in a related entity * [HHH-19368] - Group by and single-table inheritance sub-select query error * [HHH-19031] - Loading an Entity a second time when it contains an embedded object causes IllegalArgumentException

** Task * [HHH-19624] - Test EDB with the EDB drivers

Commits

• 8e83f21 Pre-steps for release : 6.6.22.Final
• 75b4872 HHH-19261 - query hints in Oracle are not concatenated with comma's, but with...
• ce0ff93 HHH-19624 Test EDB with EDB drivers
• 76ac820 Add support for testing with custom EDB image
• a82fe2d HHH-19457 Ignore joined discriminator when selecting all subtypes
• 64fd538 HHH-19457 Add test for issue
• c0be0f6 HHH-19621 Don't render code units for DB2 for i
• 94acfa3 HHH-19368 Account for single-table inheritance subqueries in EVPs
• 2e6b568 HHH-19368 Add test for issue
• 369c4ec HHH-19550 Attribute join on correlated from node receives wrong root
• Additional commits viewable in compare view

Updates io.spring.develocity.conventions from 0.0.23 to 0.0.24

Release notes

Sourced from io.spring.develocity.conventions's releases.

v0.0.24

⭐ New Features

• Detect toolchainVersion when it is set in gradle.properties #100

🔨 Dependency Upgrades

• Upgrade to Develocity Maven Extension 2.0.1 #102
• Upgrade to Develocity Gradle Plugin 4.0.2 #101

Commits

• 8e06544 Release v0.0.24
• 0cdd91d Use new portal to publish to Maven Central
• 93d9b34 Upgrade to Develocity Maven Extension 2.0.1
• c127242 Upgrade to Develocity Plugin 4.0.2
• f00d365 Detect toolchainVersion when it is set in gradle.properties
• d81ba93 Enable CodeQL Analysis of GitHub Actions workflows
• f2681c3 Next development version (v0.0.24-SNAPSHOT)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions