From d2d1275b39b4adea988ad58b35ef57f3644c3817 Mon Sep 17 00:00:00 2001
From: Roman Trapickin <8594293+rntrp@users.noreply.github.com>
Date: Mon, 21 Apr 2025 10:44:17 +0200
Subject: [PATCH 1/3] Fix IllegalArgumentException message for unknown Argon2
 types

Array index 0 points to an empty string. Use index 1 instead.

Signed-off-by: Roman Trapickin <8594293+rntrp@users.noreply.github.com>
---
 .../security/crypto/argon2/Argon2EncodingUtils.java            | 2 +-
 .../security/crypto/argon2/Argon2EncodingUtilsTests.java       | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/crypto/src/main/java/org/springframework/security/crypto/argon2/Argon2EncodingUtils.java b/crypto/src/main/java/org/springframework/security/crypto/argon2/Argon2EncodingUtils.java
index 4b27d90318..9f06c8bb24 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/argon2/Argon2EncodingUtils.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/argon2/Argon2EncodingUtils.java
@@ -111,7 +111,7 @@ final class Argon2EncodingUtils {
 			case "argon2d" -> new Argon2Parameters.Builder(Argon2Parameters.ARGON2_d);
 			case "argon2i" -> new Argon2Parameters.Builder(Argon2Parameters.ARGON2_i);
 			case "argon2id" -> new Argon2Parameters.Builder(Argon2Parameters.ARGON2_id);
-			default -> throw new IllegalArgumentException("Invalid algorithm type: " + parts[0]);
+			default -> throw new IllegalArgumentException("Invalid algorithm type: " + parts[1]);
 		};
 		if (parts[currentPart].startsWith("v=")) {
 			paramsBuilder.withVersion(Integer.parseInt(parts[currentPart].substring(2)));
diff --git a/crypto/src/test/java/org/springframework/security/crypto/argon2/Argon2EncodingUtilsTests.java b/crypto/src/test/java/org/springframework/security/crypto/argon2/Argon2EncodingUtilsTests.java
index abae39532f..b4c0b9a3d0 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/argon2/Argon2EncodingUtilsTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/argon2/Argon2EncodingUtilsTests.java
@@ -95,7 +95,8 @@ public class Argon2EncodingUtilsTests {
 	@Test
 	public void decodeWhenNonexistingAlgorithmThenThrowException() {
 		assertThatIllegalArgumentException().isThrownBy(() -> Argon2EncodingUtils
-			.decode("$argon2x$v=19$m=1024,t=3,p=2$Y1JkRmJDdzIzZ3oyTWx4aw$cGE5Cbd/cx7micVhXVBdH5qTr66JI1iUyuNNVAnErXs"));
+			.decode("$argon2x$v=19$m=1024,t=3,p=2$Y1JkRmJDdzIzZ3oyTWx4aw$cGE5Cbd/cx7micVhXVBdH5qTr66JI1iUyuNNVAnErXs"))
+			.withMessageContaining("argon2x");
 	}
 
 	@Test

From 547d174f3edda42d001dfaf4e693247a3fb080a4 Mon Sep 17 00:00:00 2001
From: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
Date: Wed, 23 Apr 2025 12:21:59 -0600
Subject: [PATCH 2/3] Fix Formatting

---
 .../security/crypto/argon2/Argon2EncodingUtilsTests.java     | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/crypto/src/test/java/org/springframework/security/crypto/argon2/Argon2EncodingUtilsTests.java b/crypto/src/test/java/org/springframework/security/crypto/argon2/Argon2EncodingUtilsTests.java
index b4c0b9a3d0..265527e71e 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/argon2/Argon2EncodingUtilsTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/argon2/Argon2EncodingUtilsTests.java
@@ -94,8 +94,9 @@ public class Argon2EncodingUtilsTests {
 
 	@Test
 	public void decodeWhenNonexistingAlgorithmThenThrowException() {
-		assertThatIllegalArgumentException().isThrownBy(() -> Argon2EncodingUtils
-			.decode("$argon2x$v=19$m=1024,t=3,p=2$Y1JkRmJDdzIzZ3oyTWx4aw$cGE5Cbd/cx7micVhXVBdH5qTr66JI1iUyuNNVAnErXs"))
+		assertThatIllegalArgumentException()
+			.isThrownBy(() -> Argon2EncodingUtils.decode(
+					"$argon2x$v=19$m=1024,t=3,p=2$Y1JkRmJDdzIzZ3oyTWx4aw$cGE5Cbd/cx7micVhXVBdH5qTr66JI1iUyuNNVAnErXs"))
 			.withMessageContaining("argon2x");
 	}
 

From db48d4ca50e8c8afd2475ce2a6d737943822acca Mon Sep 17 00:00:00 2001
From: Rob Winch <362503+rwinch@users.noreply.github.com>
Date: Fri, 25 Apr 2025 13:17:14 -0500
Subject: [PATCH 3/3] rm merge-dependabot-pr.yml from Unsupported Branch

---
 .github/workflows/merge-dependabot-pr.yml | 63 -----------------------
 1 file changed, 63 deletions(-)
 delete mode 100644 .github/workflows/merge-dependabot-pr.yml

diff --git a/.github/workflows/merge-dependabot-pr.yml b/.github/workflows/merge-dependabot-pr.yml
deleted file mode 100644
index 4f2168eb3b..0000000000
--- a/.github/workflows/merge-dependabot-pr.yml
+++ /dev/null
@@ -1,63 +0,0 @@
-name: Merge Dependabot PR
-
-on: pull_request_target
-
-run-name: Merge Dependabot PR ${{ github.ref_name }}
-
-permissions: write-all
-
-jobs:
-  merge-dependabot-pr:
-    name: Merge Dependabot PR
-    runs-on: ubuntu-latest
-    if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == 'spring-projects/spring-security' }}
-    steps:
-
-      - uses: actions/checkout@v4
-        with:
-          show-progress: false
-          ref: ${{ github.event.pull_request.head.sha }}
-
-      - uses: actions/setup-java@v4
-        with:
-          distribution: temurin
-          java-version: 17
-
-      - name: Set Milestone to Dependabot Pull Request
-        id: set-milestone
-        run: |
-          if test -f pom.xml
-          then
-            CURRENT_VERSION=$(mvn help:evaluate -Dexpression="project.version" -q -DforceStdout)
-          else
-            CURRENT_VERSION=$(cat gradle.properties | sed -n '/^version=/ { s/^version=//;p }')
-          fi
-          export CANDIDATE_VERSION=${CURRENT_VERSION/-SNAPSHOT}
-          MILESTONE=$(gh api repos/$GITHUB_REPOSITORY/milestones --jq 'map(select(.due_on != null and (.title | startswith(env.CANDIDATE_VERSION)))) | .[0] | .title')
-          
-          if [ -z $MILESTONE ]
-          then
-            gh run cancel ${{ github.run_id }}
-            echo "::warning title=Cannot merge::No scheduled milestone for $CURRENT_VERSION version"
-          else
-            gh pr edit ${{ github.event.pull_request.number }} --milestone $MILESTONE
-            echo mergeEnabled=true >> $GITHUB_OUTPUT
-          fi
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Merge Dependabot pull request
-        if: steps.set-milestone.outputs.mergeEnabled
-        run: gh pr merge ${{ github.event.pull_request.number }} --auto --rebase
-        env:
-          GH_TOKEN: ${{ secrets.GH_ACTIONS_REPO_TOKEN }}
-  send-notification:
-    name: Send Notification
-    needs: [ merge-dependabot-pr ]
-    if: ${{ failure() || cancelled() }}
-    runs-on: ubuntu-latest
-    steps:
-      - name: Send Notification
-        uses: spring-io/spring-security-release-tools/.github/actions/send-notification@v1
-        with:
-          webhook-url: ${{ secrets.SPRING_SECURITY_CI_GCHAT_WEBHOOK_URL }}