fix(deps): update dependency org.springframework.security:spring-security-test to v6.5.0

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
org.springframework.security:spring-security-test (source)	6.4.4 -> 6.5.0

---

Release Notes

spring-projects/spring-security (org.springframework.security:spring-security-test)

v6.5.0

Compare Source

⭐ New Features

• Add documentation for DPoP support #​17072
• Add logging to CsrfTokenRequestHandler implementations #​16994
• Add mapping for DPoP in DefaultMapOAuth2AccessTokenResponseConverter #​16806
• Bump Gradle Wrapper from 8.13 to 8.14 #​17018
• ClientRegistrations.fromIssuerLocation does not include failure information #​17015
• Fix Typo In SubjectDnX509PrincipalExtractorTests #​16997
• Implement internal cache in JtiClaimValidator #​17107
• Polish javadoc #​16924
• Remove unused classes #​16935
• Replace NimbusOpaqueTokenIntrospector with SpringOpaqueTokenIntrospector in Documentation #​16962
• RequestHeaderAuthenticationFilter creates a session even if not configured to do so #​17147

🪲 Bug Fixes

• Add FunctionalInterface To X509PrincipalExtractor #​16952
• Change NonNull import from reactor to spring #​16571
• Fix DPoP jkt claim to be JWK SHA-256 thumbprint #​17080
• Minor error in the Handling Logouts documentation #​17049
• SecurityAnnotationScanner's method comparison should use .equals #​17145
• Use proper configuration key in Opaque Token documentation #​17014

🔨 Dependency Upgrades

• Bump com.fasterxml.jackson:jackson-bom from 2.18.3 to 2.18.4 #​17069
• Bump com.fasterxml.jackson:jackson-bom from 2.18.3 to 2.19.0 #​16995
• Bump com.google.code.gson:gson from 2.13.0 to 2.13.1 #​16990
• Bump com.webauthn4j:webauthn4j-core from 0.29.0.RELEASE to 0.29.1.RELEASE #​17024
• Bump com.webauthn4j:webauthn4j-core from 0.29.1.RELEASE to 0.29.2.RELEASE #​17095
• Bump io.micrometer:micrometer-observation from 1.14.6 to 1.14.7 #​17096
• Bump io.mockk:mockk from 1.14.0 to 1.14.2 #​17019
• Bump io.projectreactor:reactor-bom from 2023.0.17 to 2023.0.18 #​17111
• Bump io.spring.gradle:spring-security-release-plugin from 1.0.5 to 1.0.6 #​17040
• Bump org-apache-maven-resolver from 1.9.22 to 1.9.23 #​17088
• Bump org-eclipse-jetty from 11.0.24 to 11.0.25 #​16761
• Bump org.hibernate.orm:hibernate-core from 6.6.13.Final to 6.6.14.Final #​17089
• Bump org.hibernate.orm:hibernate-core from 6.6.14.Final to 6.6.15.Final #​17105
• Bump org.seleniumhq.selenium:selenium-java from 4.31.0 to 4.32.0 #​17037
• Bump org.springframework.data:spring-data-bom from 2024.1.4 to 2024.1.5 #​16981
• Bump org.springframework.data:spring-data-bom from 2024.1.5 to 2024.1.6 #​17137
• Bump org.springframework:spring-framework-bom from 6.2.6 to 6.2.7 #​17124

🔩 Build Updates

• Release 6.5.0 #​17138

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​dkowis, @​franticticktick, @​hammadirshad, @​jearton, @​ngocnhan-tran1996, @​quaff, and @​yybmion

v6.4.6

Compare Source

⭐ New Features

• Bump Gradle Wrapper from 8.13 to 8.14 #​17017
• ClientRegistrations.fromIssuerLocation does not include failure information #​17016
• RequestHeaderAuthenticationFilter creates a session even if not configured to do so #​17146

🪲 Bug Fixes

• Clear Site Data references non-existent constructor #​17034
• Ensure Serializable Components Have Serialization Sample #​17038
• Minor error in the Handling Logouts documentation #​17048
• NPE in BaseOpenSamlAuthenticationProvider #​17008
• SecurityAnnotationScanner's method comparison should use .equals #​17143
• StrictFirewallServerWebExchange should still protect when request is mutated #​17032
• Use proper configuration key in Opaque Token documentation #​17013

🔨 Dependency Upgrades

• Bump com.fasterxml.jackson:jackson-bom from 2.18.3 to 2.18.4 #​17065
• Bump io.micrometer:micrometer-observation from 1.14.6 to 1.14.7 #​17094
• Bump io.projectreactor:reactor-bom from 2023.0.17 to 2023.0.18 #​17110
• Bump io.spring.gradle:spring-security-release-plugin from 1.0.5 to 1.0.6 #​17042
• Bump org-apache-maven-resolver from 1.9.22 to 1.9.23 #​17086
• Bump org.hibernate.orm:hibernate-core from 6.6.13.Final to 6.6.14.Final #​17087
• Bump org.hibernate.orm:hibernate-core from 6.6.14.Final to 6.6.15.Final #​17103
• Bump org.springframework.data:spring-data-bom from 2024.1.4 to 2024.1.5 #​16983
• Bump org.springframework:spring-framework-bom from 6.2.6 to 6.2.7 #​17121

🔩 Build Updates

• Release Security 6.4.6 #​17139

v6.4.5

Compare Source

⭐ New Features

• Add link to docs zip file to the reference #​16799
• Fix attribute name in http.adoc #​16784
• Update ServerOAuth2AuthorizedClientExchangeFilterFunction javadoc #​16783

🪲 Bug Fixes

• [Docs] Broken link on Spring MVC Test Integration page #​16785
• ServerBearerTokenAuthenticationConverter validates parameters when not enabled #​16901
• Clarify WebInvocationPrivilegeEvaluator JavaDoc #​16782
• CookieServerCsrfTokenRepository.withHttpOnlyFalse() ineffective if setCookieCustomizer() is used #​16862
• Correct closing tag in default PassKey HTML form #​16601
• Fix WebAuthn saves Anonymous PublicKeyCredentialUserEntity #​16606
• OpenSaml support should preserve encrypted elements for further analysis #​16367
• Sorting in AuthorizationAdvisorProxyFactory should be thread-safe #​16837
• WebFlux reference links to Servlet docs #​16786
• XML config does not apply request-handler-ref to CsrfAuthenticationStrategy #​16844

🔨 Dependency Upgrades

• Bump ch.qos.logback:logback-classic from 1.5.17 to 1.5.18 #​16767
• Bump io.micrometer:micrometer-observation from 1.14.5 to 1.14.6 #​16938
• Bump io.projectreactor:reactor-bom from 2023.0.16 to 2023.0.17 #​16944
• Bump io.spring.gradle:spring-security-release-plugin from 1.0.3 to 1.0.4 #​16919
• Bump org-aspectj from 1.9.22.1 to 1.9.24 #​16928
• Bump org-eclipse-jetty from 11.0.24 to 11.0.25 #​16758
• Bump org.hibernate.orm:hibernate-core from 6.6.12.Final to 6.6.13.Final #​16895
• Bump org.springframework.ldap:spring-ldap-core from 3.2.11 to 3.2.12 #​16960
• Bump org.springframework:spring-framework-bom from 6.2.5 to 6.2.6 #​16959

🔩 Build Updates

• Bump spring-io/spring-doc-actions from 0.0.19 to 0.0.20 #​16894
• Release 6.4.5 #​16972

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​AB-xdev, @​Borghii, and @​dependabot[bot]

---

Configuration

📅 Schedule: Branch creation - "after 7am and before 11am every weekday" in timezone Europe/London, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.