search

kyberorg / axe

Axe - Short Links
https://axe.pm
The Unlicense
6 stars 1 forks source link

[Maven Deps]: Bump spring-security-core from 5.7.5 to 5.8.1 #1130

Closed dependabot[bot] closed 1 year ago

dependabot[bot] commented 1 year ago

Bumps spring-security-core from 5.7.5 to 5.8.1.

Release notes

Sourced from spring-security-core's releases.

5.8.1

:star: New Features

  • Add EnableWebSecurity migration steps to 5.8 guide #12334
  • Replace deprecated set-state set-output GitHub Action's commands #12298

:beetle: Bug Fixes

  • codes in spring security docs fail to work #11396
  • DefaultLdapAuthoritiesPopulator throws NullPointerException #12408
  • Fix AuthorizationFilter diagram in docs #12286
  • Fix password encoder migration guide #12318
  • Fix typo #12316
  • Incorrect Javadoc for class ExpressionAuthorizationDecision #12411
  • Incorrect sample code in securityMatcher migration docs #12296
  • SecurityContextHolderFilter does not apply to async dispatch #11962

:hammer: Dependency Upgrades

  • Update httpclient to 4.5.14 #12403
  • Update io.projectreactor to 2020.0.26 #12401
  • Update mockk to 1.13.3 #12400
  • Update org.eclipse.jetty to 9.4.50.v20221201 #12404
  • Update org.jetbrains.kotlin to 1.7.22 #12405
  • Update reactor-netty to 1.0.26 #12402

:heart: Contributors

We'd like to thank all the contributors who worked on this release!

5.8.0

:star: New Features

  • Add Kotlin example showing integration with WebTestClient #11611
  • Add MethodExpressionAuthorizationManager #11502
  • Add Polish localization to error messages from ExceptionTranslationFi… #12201
  • Add support AuthorizationManager + #11503
  • AnonymousAuthenticationFilter should cache its Supplier #11900
  • CookieServerCsrfTokenRepository doesn't support setting MaxAge #11441
  • DefaultFilterChainValidator should check AuthorizationFilter #11473
  • Deprecate Resource Owner Password Credentials grant #11591
  • Document Configure Default CsrfToken BREACH Protection #12107
  • Document Defer load CsrfToken #12105
  • Document DelegatingSecurityContextRepository #12069
  • Document deprecations in oauth2-client #12193
  • Document how to opt-in for SHA256 in RememberMe #12097
  • Document how to use the new requestMatchers and securityMatchers #12100

... (truncated)

Commits
  • 314ae69 Release 5.8.1
  • 36d83f8 Fix Javadoc since tag for class ExpressionAuthorizationDecision
  • 5818201 Merge branch '5.7.x' into 5.8.x
  • 2461d00 Merge branch '5.6.x' into 5.7.x
  • eec6729 Fix DefaultLdapAuthoritiesPopulator NPE
  • ae22b75 Merge branch '5.7.x' into 5.8.x
  • fc9c251 Merge branch '5.6.x' into 5.7.x
  • f75d35f Update org.jetbrains.kotlin to 1.7.22
  • 195695f Update org.eclipse.jetty to 9.4.50.v20221201
  • 1439446 Update httpclient to 4.5.14
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 1 year ago

Looks like org.springframework.security:spring-security-core is no longer a dependency, so this is no longer needed.