search

aws / serverless-java-container

A Java wrapper to run Spring, Spring Boot, Jersey, and other apps inside AWS Lambda.
https://aws.amazon.com/serverless/
Apache License 2.0
1.5k stars 560 forks source link

chore(deps): bump spring-security.version from 6.3.4 to 6.4.1 #1187

Closed dependabot[bot] closed 2 days ago

dependabot[bot] commented 4 days ago

Bumps spring-security.version from 6.3.4 to 6.4.1. Updates org.springframework.security:spring-security-web from 6.3.4 to 6.4.1

Release notes

Sourced from org.springframework.security:spring-security-web's releases.

6.4.1

:beetle: Bug Fixes

  • Documentation images should render clearly in both light and dark mode #16132
  • Fix conflicting bean names between @EnableWebSecurity and @EnableWebSocketSecurity #16113

:nut_and_bolt: Build Updates

  • Update Antora UI Spring to v0.4.18 #16112

:heart: Contributors

Thank you to all the contributors who worked on this release:

@​github-actions[bot] and @​ngocnhan-tran1996

6.4.0

:star: New Features

  • Add @FunctionalInterface to AuthorizationEventPublisher #15934
  • Add DefaultResourcesFilter.webauthn() #15970
  • Add deprecation notice for missing leading slashes #16020
  • Code Cleanup #15996
  • Document passkeys dependencies #16107
  • Factor out some common object mocking in tests #15396
  • Fix saml2 authentication guide docs #16017
  • Improve documentation about CredentialsContainer #15554
  • Improve Documentation on Adding a Custom Security Filter #15893
  • Improve Error Message for Conflicting Filter Chains #15992
  • Make it easier to determine where a filter chain has been defined #15874
  • OIDC logout not working for JPA/JDBC OAuth2AuthorizationService because DefaultSaml2AuthenticatedPrincipal does not implement equality #15346
  • Polish JdbcOneTimeTokenService #15997
  • relying-party-registration doesn't allow placeholders in xml #14645
  • Remove unnecessary parentheses and add static final field MockPortResolver#getServerPort #15875
  • Support ServerExchangeRejectedHandler @Bean #16063

:beetle: Bug Fixes

  • An empty-string bearer token should result in an appropriate HTTP status code #16037
  • AuthorizeReturnObject AOT support should register proxied class as well #16106
  • Correct class name reference in WebFilterChainProxy JavaDoc #16004
  • Fix typo javadoc some classes #16022
  • Initialize OpenSAML in OpenSamlAssertingPartyMetadataRepository #16055
  • IpAddressMatcher null pointer exception #16104
  • OpenSamlAssertingPartyMetadataRepository should initialize OpenSAML #16042
  • Support ServerWebExchangeFirewall @Bean #15999
  • UniqueSecurityAnnotationScanner throws ConcurrentModificationException #15906

:hammer: Dependency Upgrades

... (truncated)

Commits
  • 59b7b55 Release 6.4.1
  • b896a74 Resolve Observation Bean Name Collisions
  • 91832bf Add EnableWebSecurity + EnableWebSocketSecurity Test
  • 30c9860 Add What's New Link to Landing Pages
  • 4787efb Update What's New
  • b712c24 Merge branch '6.3.x'
  • 70a9501 Merge branch '6.2.x' into 6.3.x
  • b8e9f47 Merge branch '5.8.x' into 6.2.x
  • 04baead Update Antora Spring UI to v0.4.18
  • a0a9b48 Update Antora Spring UI to v0.4.18
  • Additional commits viewable in compare view


Updates org.springframework.security:spring-security-config from 6.3.4 to 6.4.1

Release notes

Sourced from org.springframework.security:spring-security-config's releases.

6.4.1

:beetle: Bug Fixes

  • Documentation images should render clearly in both light and dark mode #16132
  • Fix conflicting bean names between @EnableWebSecurity and @EnableWebSocketSecurity #16113

:nut_and_bolt: Build Updates

  • Update Antora UI Spring to v0.4.18 #16112

:heart: Contributors

Thank you to all the contributors who worked on this release:

@​github-actions[bot] and @​ngocnhan-tran1996

6.4.0

:star: New Features

  • Add @FunctionalInterface to AuthorizationEventPublisher #15934
  • Add DefaultResourcesFilter.webauthn() #15970
  • Add deprecation notice for missing leading slashes #16020
  • Code Cleanup #15996
  • Document passkeys dependencies #16107
  • Factor out some common object mocking in tests #15396
  • Fix saml2 authentication guide docs #16017
  • Improve documentation about CredentialsContainer #15554
  • Improve Documentation on Adding a Custom Security Filter #15893
  • Improve Error Message for Conflicting Filter Chains #15992
  • Make it easier to determine where a filter chain has been defined #15874
  • OIDC logout not working for JPA/JDBC OAuth2AuthorizationService because DefaultSaml2AuthenticatedPrincipal does not implement equality #15346
  • Polish JdbcOneTimeTokenService #15997
  • relying-party-registration doesn't allow placeholders in xml #14645
  • Remove unnecessary parentheses and add static final field MockPortResolver#getServerPort #15875
  • Support ServerExchangeRejectedHandler @Bean #16063

:beetle: Bug Fixes

  • An empty-string bearer token should result in an appropriate HTTP status code #16037
  • AuthorizeReturnObject AOT support should register proxied class as well #16106
  • Correct class name reference in WebFilterChainProxy JavaDoc #16004
  • Fix typo javadoc some classes #16022
  • Initialize OpenSAML in OpenSamlAssertingPartyMetadataRepository #16055
  • IpAddressMatcher null pointer exception #16104
  • OpenSamlAssertingPartyMetadataRepository should initialize OpenSAML #16042
  • Support ServerWebExchangeFirewall @Bean #15999
  • UniqueSecurityAnnotationScanner throws ConcurrentModificationException #15906

:hammer: Dependency Upgrades

... (truncated)

Commits
  • 59b7b55 Release 6.4.1
  • b896a74 Resolve Observation Bean Name Collisions
  • 91832bf Add EnableWebSecurity + EnableWebSocketSecurity Test
  • 30c9860 Add What's New Link to Landing Pages
  • 4787efb Update What's New
  • b712c24 Merge branch '6.3.x'
  • 70a9501 Merge branch '6.2.x' into 6.3.x
  • b8e9f47 Merge branch '5.8.x' into 6.2.x
  • 04baead Update Antora Spring UI to v0.4.18
  • a0a9b48 Update Antora Spring UI to v0.4.18
  • Additional commits viewable in compare view


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
deki commented 2 days ago

@dependabot rebase

dependabot[bot] commented 2 days ago

Looks like these dependencies are up-to-date now, so this is no longer needed.