search

International-Data-Spaces-Association / IDS-ConfigurationManager

-- End-Of-Support: 21.07.2021 -- Archived Repo! -- Has been integrated directly into the Dataspace Connector.
https://www.youtube.com/watch?v=zk0N6u5ewOA
Apache License 2.0
2 stars 2 forks source link

build(deps-dev): bump spring-security-test from 5.5.0 to 5.5.1 #178

Closed dependabot[bot] closed 3 years ago

dependabot[bot] commented 3 years ago

Bumps spring-security-test from 5.5.0 to 5.5.1.

Release notes

Sourced from spring-security-test's releases.

5.5.1

:star: New Features

  • Consider adding a link checker to build #9972
  • Use Job Outputs to Transmit Error #9928
  • Store one request by default in WebSessionOAuth2ServerAuthorizationRequestRepository #9917
  • Combine different OS Build in one CI Job #9798
  • Use GPG_PRIVATE_KEY directly #9778

:beetle: Bug Fixes

  • Update links to point to migrated samples #9971
  • Add messaging to documentation about sample migration #9970
  • Fix broken links in docs #9969
  • CORS section is missing in Reactive reference documentation #9952
  • RSocket documentation mentions non-existent class #9950
  • Disabling logout keeps LogoutPageGeneratingWebFilter registered at /logout #9941
  • Missing log of "caused by" exception when OP document metadata cannot be reached #9939
  • Missing support for private_key_jwt in ClientRegistrations #9936
  • Allow client registration from issuer uri with no authorize_endpoint #9935
  • Missing support for urn:ietf:params:oauth:grant-type:jwt-bearer in ClientRegistrations #9934
  • Using the SecurityMockServerConfigurers.java requires the com.nimbusds oauth2-oidc-sdk on the classpath #9929
  • Jwt client authentication converter should detect new key #9927
  • Adding filters relative to custom ones is broken #9906
  • SEC-3139: Anonymous authentication token not passed to Controller #9890
  • Clarify quick start section in README #9885
  • RSocket and WebClient with Security refCount: 0 #9870
  • spring-security-config kotlin-stdlib-jdk8 dependency isn't optional #9864
  • Client credentials not correctly encoded in Basic Auth #9858
  • Docs should state default value for Resource Server validation clock skew is 60 seconds #9849
  • OidcClientInitiatedLogoutSuccessHandler url-encodes PostLogoutRedirectUri twice #9819
  • DefaultSpringSecurityContextSource can't handle spaces in baseDn #9806
  • OAuth2ErrorResponseErrorHandler throws IllegalArgumentException for a nonstandard HTTP status code response #9805
  • NPE in HttpSessionSecurityContextRepository.isTransientAuthentication #9801
  • Fix Build Scan in Build Windows CI Job #9797
  • GitHub Actions only Activated for main #9777
  • Artifactory missing mavenJava publication #9774
  • spring-security-core depends on spring-security-crypto #9773

:hammer: Dependency Upgrades

  • Update org.springframework to 5.3.8 #9984
  • Update org.slf4j to 1.7.31 #9983
  • Update org.jetbrains.kotlin to 1.5.10 #9982
  • Update hibernate-entitymanager to 5.4.32.Final #9981
  • Update org.eclipse.jetty to 9.4.42.v20210604 #9980
  • Update io.rsocket to 1.1.1 #9979
  • Remove commons-codec constraint #9977
  • Update to OpenSAML 4.1.1 #9976
  • Update to nimbus-jose-jwt 9.10 #9975

... (truncated)

Changelog

Sourced from spring-security-test's changelog.

= Update Dependencies

Ensure you have no changes in your local repository. Change to a new branch. For example:

[source,bash]

$ git checkout -b 5.5.0-RC1-dependencies

Review the rules in build.gradle to ensure the rules make sense. For example, we should not allow major version updates in a patch release. Also ensure that all of the exclusions still make sense.

The following Gradle command will update your dependencies creating a commit for each dependency update. The first invocation of the command will take quite a while (~20 minutes depending on internet speed) to run because it is indexing all the versions of all the dependencies.

[source,bash]

$ ./gradlew updateDependencies

Review the commits to ensure that the updated dependency versions make sense for this release. For example, we should not perform a major version update for a patch release.

[source,bash]

$ git log

If any of the versions don’t make sense, update build.gradle to ensure that the version is excluded.

Run all the checks:

[source,bash]

$ ./gradlew check

If they don’t work, you can run a git bisect to discover what broke the build. Fix any commits that broke the build.

Check out the original brach:

[source,bash]

$ git checkout -

The following command will update the dependencies again but this time creating a ticket for each update and placing Closes gh-<number> in the commit. Replacing the following values:

... (truncated)

Commits
  • e41360b Release 5.5.1
  • e2e0653 Remove commons-codec constraint
  • 93f59a2 Update to OpenSAML 4.1.1
  • b2bb014 Update to nimbus-jose-jwt 9.10
  • 062910c Update to oauth2-oidc-sdk 9.9
  • 40fdb5a Update org.springframework to 5.3.8
  • 2fa0da5 Update org.slf4j to 1.7.31
  • c5f4ae5 Update org.jetbrains.kotlin to 1.5.10
  • c68c1c5 Update hibernate-entitymanager to 5.4.32.Final
  • be2595b Update org.eclipse.jetty to 9.4.42.v20210604
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)