search

alibaba / fastjson2

🚄 FASTJSON2 is a Java JSON library with excellent performance.
Apache License 2.0
3.8k stars 497 forks source link

Bump org.springframework.security:spring-security-bom from 5.8.8 to 6.4.1 #3169

Open dependabot[bot] opened 4 days ago

dependabot[bot] commented 4 days ago

Bumps org.springframework.security:spring-security-bom from 5.8.8 to 6.4.1.

Release notes

Sourced from org.springframework.security:spring-security-bom's releases.

6.4.1

:beetle: Bug Fixes

  • Documentation images should render clearly in both light and dark mode #16132
  • Fix conflicting bean names between @EnableWebSecurity and @EnableWebSocketSecurity #16113

:nut_and_bolt: Build Updates

  • Update Antora UI Spring to v0.4.18 #16112

:heart: Contributors

Thank you to all the contributors who worked on this release:

@​github-actions[bot] and @​ngocnhan-tran1996

6.4.0

:star: New Features

  • Add @FunctionalInterface to AuthorizationEventPublisher #15934
  • Add DefaultResourcesFilter.webauthn() #15970
  • Add deprecation notice for missing leading slashes #16020
  • Code Cleanup #15996
  • Document passkeys dependencies #16107
  • Factor out some common object mocking in tests #15396
  • Fix saml2 authentication guide docs #16017
  • Improve documentation about CredentialsContainer #15554
  • Improve Documentation on Adding a Custom Security Filter #15893
  • Improve Error Message for Conflicting Filter Chains #15992
  • Make it easier to determine where a filter chain has been defined #15874
  • OIDC logout not working for JPA/JDBC OAuth2AuthorizationService because DefaultSaml2AuthenticatedPrincipal does not implement equality #15346
  • Polish JdbcOneTimeTokenService #15997
  • relying-party-registration doesn't allow placeholders in xml #14645
  • Remove unnecessary parentheses and add static final field MockPortResolver#getServerPort #15875
  • Support ServerExchangeRejectedHandler @Bean #16063

:beetle: Bug Fixes

  • An empty-string bearer token should result in an appropriate HTTP status code #16037
  • AuthorizeReturnObject AOT support should register proxied class as well #16106
  • Correct class name reference in WebFilterChainProxy JavaDoc #16004
  • Fix typo javadoc some classes #16022
  • Initialize OpenSAML in OpenSamlAssertingPartyMetadataRepository #16055
  • IpAddressMatcher null pointer exception #16104
  • OpenSamlAssertingPartyMetadataRepository should initialize OpenSAML #16042
  • Support ServerWebExchangeFirewall @Bean #15999
  • UniqueSecurityAnnotationScanner throws ConcurrentModificationException #15906

:hammer: Dependency Upgrades

... (truncated)

Commits
  • 59b7b55 Release 6.4.1
  • b896a74 Resolve Observation Bean Name Collisions
  • 91832bf Add EnableWebSecurity + EnableWebSocketSecurity Test
  • 30c9860 Add What's New Link to Landing Pages
  • 4787efb Update What's New
  • b712c24 Merge branch '6.3.x'
  • 70a9501 Merge branch '6.2.x' into 6.3.x
  • b8e9f47 Merge branch '5.8.x' into 6.2.x
  • 04baead Update Antora Spring UI to v0.4.18
  • a0a9b48 Update Antora Spring UI to v0.4.18
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)