Bump org.springframework.security:spring-security-config from 4.2.20.RELEASE to 6.3.0

[dependabot]

Bumps org.springframework.security:spring-security-config from 4.2.20.RELEASE to 6.3.0.

Release notes

Sourced from org.springframework.security:spring-security-config's releases.

6.3.0

⭐ New Features

• Add getters to OAuth2AuthorizedClientId #13648
• Add timeout defaults to JwtDecoders #14890
• doc: added hint to declare GrantedAuthorityDefaults as infrastructure bean #15065
• Improve logging for Global Authentication #14711
• Minor docs fix #15043
• Minor Documentation update on import needed for using Kotlin DSL #14969
• OAuth2 Client Authentication docs are incomplete #14982
• Proofread CasAuthenticationFilter documentation #14883
• Replace "Spring Boot 2.x" with "Spring Boot" #14919
• Simplify Disabling application/x-www-form-urlencoded Encoding Client ID and Secret #14859
• Support Specifying Identifier for relying-party-registrations Element #14487
• Update What's New in 6.3 #14918

🪲 Bug Fixes

• Do Not Invalidate Current Session When Its Registered #15066
• Fix MethodAuthorizationDeniedPostProcessor does not exist in java doc #14955
• fix docs error in AuthenticatedReactiveAuthorizationManager #14979
• OIDC Logout section is not shown in the navbar #15113
• Wrong information for RequestCacheAwareFilter in the Spring Security documentation. #14996

🔨 Dependency Upgrades

• Bump ch.qos.logback:logback-classic from 1.5.5 to 1.5.6 #14926
• Bump com.fasterxml.jackson:jackson-bom from 2.17.0 to 2.17.1 #15010
• Bump com.gradle.develocity from 3.17.2 to 3.17.3 #15051
• Bump com.gradle.develocity from 3.17.3 to 3.17.4 #15104
• Bump io.micrometer:micrometer-observation from 1.12.5 to 1.12.6 #15068
• Bump io.mockk:mockk from 1.13.10 to 1.13.11 #15086
• Bump io.projectreactor:reactor-bom from 2023.0.5 to 2023.0.6 #15076
• Bump org-apache-maven-resolver from 1.9.18 to 1.9.19 #14940
• Bump org-apache-maven-resolver from 1.9.19 to 1.9.20 #14987
• Bump org-aspectj from 1.9.22 to 1.9.22.1 #15052
• Bump org-bouncycastle from 1.78 to 1.78.1 #14929
• Bump org-eclipse-jetty from 11.0.20 to 11.0.21 #15087
• Bump org.hibernate.orm:hibernate-core from 6.4.4.Final to 6.4.5.Final #14948
• Bump org.hibernate.orm:hibernate-core from 6.4.5.Final to 6.4.6.Final #14952
• Bump org.hibernate.orm:hibernate-core from 6.4.6.Final to 6.4.7.Final #14962
• Bump org.hibernate.orm:hibernate-core from 6.4.7.Final to 6.4.8.Final #14980
• Bump org.jetbrains.kotlin:kotlin-bom from 1.9.23 to 1.9.24 #15025
• Bump org.jetbrains.kotlin:kotlin-gradle-plugin from 1.9.23 to 1.9.24 #15026
• Bump org.jetbrains.kotlinx:kotlinx-coroutines-bom from 1.8.0 to 1.8.1 #15053
• Bump org.jfrog.buildinfo:build-info-extractor-gradle from 4.33.13 to 4.33.15 #14945
• Bump org.springframework.data:spring-data-bom from 2024.0.0-RC1 to 2024.0.0 #15103
• Bump org.springframework:spring-framework-bom from 6.1.6 to 6.1.7 #15088

🔩 Build Updates

... (truncated)

Changelog

Sourced from org.springframework.security:spring-security-config's changelog.

= Release Process

The release process for Spring Security is entirely automated via the https://github.com/spring-io/spring-security-release-tools/blob/main/release-plugin/README.adoc[Spring Security Release Plugin] and https://github.com/spring-io/spring-security-release-tools/tree/main/.github/workflows[reusable workflows]. The following table outlines the steps that are taken by the automation.

WARNING: The 5.8.x branch does not have all of the improvements from the 6.x.x branches. See "Status (5.8.x)" for which steps are still manual.

In case of a failure, you can follow the links below to read about each step, which includes instructions for performing the step manually if applicable. See for troubleshooting tips.

[cols="1,1,1"] |=== | Step | Status (5.8.x) | Status (6.0.x+)

| | ✅ automated | ✅ automated

| | ✅ automated | ✅ automated

| | ✅ automated | ✅ automated

| | ✅ automated | ✅ automated

| | ✅ automated | ✅ automated

| | ✅ automated | ✅ automated

| | ✅ automated | ✅ automated

| | ❌ manual | ✅ automated

| | ❌ manual | ✅ automated

... (truncated)

Commits

• 5d3c062 Release 6.3.0
• a5976b1 Use new version of update-antora-ui-spring action
• 5d6ba30 Merge branch '6.2.x'
• 364f5b9 Add OIDC Logout section to navbar
• f39de00 Polish workflow
• 9d831fe Fix action repository name
• 4541e2f Use update-antora-ui-spring action from spring-doc-actions
• a2a87a1 Bump com.gradle.develocity from 3.17.3 to 3.17.4
• 40a0e8d Merge branch '6.2.x'
• 7b895bf Bump com.gradle.develocity from 3.17.3 to 3.17.4
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #3823.