search

RWS / dxa-web-application-java

SDL Digital Experience Accelerator Java Spring MVC web application
25 stars 37 forks source link

Bump spring-security.version from 4.2.12.RELEASE to 5.4.2 #135

Closed dependabot[bot] closed 3 years ago

dependabot[bot] commented 3 years ago

Bumps spring-security.version from 4.2.12.RELEASE to 5.4.2. Updates spring-security-core from 4.2.12.RELEASE to 5.4.2

Release notes

Sourced from spring-security-core's releases.

5.4.2

:star: New Features

  • Update snapshot build dependencies #9254
  • Update to Gradle 6.6.1 #9232

:beetle: Bug Fixes

  • Tests should not combine Authentication and @AuthenticationPrincipal #9255
  • Remove empty Appendix Section from docs #9253
  • CookieRequestCache handles URL encoded query parameters incorrectly #9252
  • Improve Metadata URL Documentation #9251

:hammer: Dependency Upgrades

  • Update to Google App Engine 1.9.83 #9250
  • Update to Kotlin 1.4.20 #9249
  • Update to Spring Boot 2.4.0 #9248
  • 5.4.x Snapshot Build Should Point to Other Maintenance Branches #9162

5.4.1

:star: New Features

  • Replace expired msdn link with latest web archive copy #9050
  • Add documentation for StrictHttpFirewall enhancements #9038
  • Replace Tomcat6 URL for SSL Guide to Tomcat 10 #9034
  • Use AssertJ for exception testing #9013

:beetle: Bug Fixes

  • Add try-with-resources to close stream #9053
  • RelyingPartyRegistrations Fails to Read Keycloak Metadata #9051
  • fix miswritten comment of FormLoginDsl.kt #9042
  • Adapt to WebClient's new exception wrapping #9031
  • StandardInterceptUrlRegistry should not refer to ExpressionUrlAuthorizationConfigurer #9026
  • Fix broken Mono chain #9022
  • Use Schedulers.boundedElastic for UUID.randomUUID #9021
  • CookieServerCsrfTokenRepository#createNewToken should use Schedulers.boundedElastic #9018
  • WebSessionServerCsrfTokenRepository#generateToken() don't use Schedulers.boundedElastic() #9017
  • NullPointerException SessionRegistryImpl.onApplicationEvent(SessionRegistryImpl.java:111) #9011
  • Quick javadoc fix for DelegatingPasswordEncoder #8890

:heart: Contributors

We'd like to thank all the contributors who worked on this release!

... (truncated)

Commits
  • 9effebe Release 5.4.2
  • 046bc97 Lock Dependencies for 5.4.2
  • 423d368 Update to Google App Engine 1.9.83
  • 1f55911 Update to Kotlin 1.4.20
  • 0a95d3c Update to Spring Boot 2.4.0
  • 28bede8 Update SAML 2.0 Metadata URL Docs
  • 1d96579 Fix CookieRequestCache for URL encoded query parameters
  • 8b71d21 Use artifactoryUsername/Password for plugin repositories
  • 27f2391 Provide artifactoryUsername/Password
  • 9b29edd Update to spring-build-conventions:0.0.35.RELEASE
  • Additional commits viewable in compare view


Updates spring-security-config from 4.2.12.RELEASE to 5.4.2

Release notes

Sourced from spring-security-config's releases.

5.4.2

:star: New Features

  • Update snapshot build dependencies #9254
  • Update to Gradle 6.6.1 #9232

:beetle: Bug Fixes

  • Tests should not combine Authentication and @AuthenticationPrincipal #9255
  • Remove empty Appendix Section from docs #9253
  • CookieRequestCache handles URL encoded query parameters incorrectly #9252
  • Improve Metadata URL Documentation #9251

:hammer: Dependency Upgrades

  • Update to Google App Engine 1.9.83 #9250
  • Update to Kotlin 1.4.20 #9249
  • Update to Spring Boot 2.4.0 #9248
  • 5.4.x Snapshot Build Should Point to Other Maintenance Branches #9162

5.4.1

:star: New Features

  • Replace expired msdn link with latest web archive copy #9050
  • Add documentation for StrictHttpFirewall enhancements #9038
  • Replace Tomcat6 URL for SSL Guide to Tomcat 10 #9034
  • Use AssertJ for exception testing #9013

:beetle: Bug Fixes

  • Add try-with-resources to close stream #9053
  • RelyingPartyRegistrations Fails to Read Keycloak Metadata #9051
  • fix miswritten comment of FormLoginDsl.kt #9042
  • Adapt to WebClient's new exception wrapping #9031
  • StandardInterceptUrlRegistry should not refer to ExpressionUrlAuthorizationConfigurer #9026
  • Fix broken Mono chain #9022
  • Use Schedulers.boundedElastic for UUID.randomUUID #9021
  • CookieServerCsrfTokenRepository#createNewToken should use Schedulers.boundedElastic #9018
  • WebSessionServerCsrfTokenRepository#generateToken() don't use Schedulers.boundedElastic() #9017
  • NullPointerException SessionRegistryImpl.onApplicationEvent(SessionRegistryImpl.java:111) #9011
  • Quick javadoc fix for DelegatingPasswordEncoder #8890

:heart: Contributors

We'd like to thank all the contributors who worked on this release!

... (truncated)

Commits
  • 9effebe Release 5.4.2
  • 046bc97 Lock Dependencies for 5.4.2
  • 423d368 Update to Google App Engine 1.9.83
  • 1f55911 Update to Kotlin 1.4.20
  • 0a95d3c Update to Spring Boot 2.4.0
  • 28bede8 Update SAML 2.0 Metadata URL Docs
  • 1d96579 Fix CookieRequestCache for URL encoded query parameters
  • 8b71d21 Use artifactoryUsername/Password for plugin repositories
  • 27f2391 Provide artifactoryUsername/Password
  • 9b29edd Update to spring-build-conventions:0.0.35.RELEASE
  • Additional commits viewable in compare view


Updates spring-security-web from 4.2.12.RELEASE to 5.4.2

Release notes

Sourced from spring-security-web's releases.

5.4.2

:star: New Features

  • Update snapshot build dependencies #9254
  • Update to Gradle 6.6.1 #9232

:beetle: Bug Fixes

  • Tests should not combine Authentication and @AuthenticationPrincipal #9255
  • Remove empty Appendix Section from docs #9253
  • CookieRequestCache handles URL encoded query parameters incorrectly #9252
  • Improve Metadata URL Documentation #9251

:hammer: Dependency Upgrades

  • Update to Google App Engine 1.9.83 #9250
  • Update to Kotlin 1.4.20 #9249
  • Update to Spring Boot 2.4.0 #9248
  • 5.4.x Snapshot Build Should Point to Other Maintenance Branches #9162

5.4.1

:star: New Features

  • Replace expired msdn link with latest web archive copy #9050
  • Add documentation for StrictHttpFirewall enhancements #9038
  • Replace Tomcat6 URL for SSL Guide to Tomcat 10 #9034
  • Use AssertJ for exception testing #9013

:beetle: Bug Fixes

  • Add try-with-resources to close stream #9053
  • RelyingPartyRegistrations Fails to Read Keycloak Metadata #9051
  • fix miswritten comment of FormLoginDsl.kt #9042
  • Adapt to WebClient's new exception wrapping #9031
  • StandardInterceptUrlRegistry should not refer to ExpressionUrlAuthorizationConfigurer #9026
  • Fix broken Mono chain #9022
  • Use Schedulers.boundedElastic for UUID.randomUUID #9021
  • CookieServerCsrfTokenRepository#createNewToken should use Schedulers.boundedElastic #9018
  • WebSessionServerCsrfTokenRepository#generateToken() don't use Schedulers.boundedElastic() #9017
  • NullPointerException SessionRegistryImpl.onApplicationEvent(SessionRegistryImpl.java:111) #9011
  • Quick javadoc fix for DelegatingPasswordEncoder #8890

:heart: Contributors

We'd like to thank all the contributors who worked on this release!

... (truncated)

Commits
  • 9effebe Release 5.4.2
  • 046bc97 Lock Dependencies for 5.4.2
  • 423d368 Update to Google App Engine 1.9.83
  • 1f55911 Update to Kotlin 1.4.20
  • 0a95d3c Update to Spring Boot 2.4.0
  • 28bede8 Update SAML 2.0 Metadata URL Docs
  • 1d96579 Fix CookieRequestCache for URL encoded query parameters
  • 8b71d21 Use artifactoryUsername/Password for plugin repositories
  • 27f2391 Provide artifactoryUsername/Password
  • 9b29edd Update to spring-build-conventions:0.0.35.RELEASE
  • Additional commits viewable in compare view


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/sdl/dxa-web-application-java/network/alerts).
dependabot[bot] commented 3 years ago

Looks like these dependencies are up-to-date now, so this is no longer needed.