Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2026-02-24 22:25:18 +00:00
Code Issues Packages Projects Releases Wiki Activity
20,286 Commits 51 Branches 373 Tags
Commit Graph

20286 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Josh Cummings
7fdff6a907
Use spring-github-workflows Auto-Merge 2026-02-12 10:21:32 -07:00
github-actions[bot]
117af3bc2b
Merge pull request #18723 from spring-projects/dependabot/gradle/main/io.spring.gradle-spring-security-release-plugin-1.0.14 
Bump io.spring.gradle:spring-security-release-plugin from 1.0.13 to 1.0.14
 2026-02-12 03:17:42 +00:00
dependabot[bot]
c7f781423f
Bump io.spring.gradle:spring-security-release-plugin 
Bumps [io.spring.gradle:spring-security-release-plugin](https://github.com/spring-io/spring-security-release-tools) from 1.0.13 to 1.0.14.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases)
- [Changelog](https://github.com/spring-io/spring-security-release-tools/blob/main/RELEASE.adoc)
- [Commits](https://github.com/spring-io/spring-security-release-tools/compare/v1.0.13...v1.0.14)

---
updated-dependencies:
- dependency-name: io.spring.gradle:spring-security-release-plugin
  dependency-version: 1.0.14
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-12 03:06:08 +00:00
github-actions[bot]
fb2f0d5c38
Merge pull request #18715 from spring-projects/dependabot/gradle/main/io.projectreactor-reactor-bom-2025.0.3 
Bump io.projectreactor:reactor-bom from 2025.0.2 to 2025.0.3
 2026-02-11 03:18:39 +00:00
github-actions[bot]
10b9cc8c2b
Merge pull request #18713 from spring-projects/dependabot/gradle/main/io.micrometer-micrometer-observation-1.16.3 
Bump io.micrometer:micrometer-observation from 1.16.2 to 1.16.3
 2026-02-11 03:18:24 +00:00
github-actions[bot]
5240878272
Merge pull request #18714 from spring-projects/dependabot/gradle/main/ch.qos.logback-logback-classic-1.5.29 
Bump ch.qos.logback:logback-classic from 1.5.28 to 1.5.29
 2026-02-11 03:18:04 +00:00
dependabot[bot]
ba4bd61c5b
Bump io.projectreactor:reactor-bom from 2025.0.2 to 2025.0.3 
Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2025.0.2 to 2025.0.3.
- [Release notes](https://github.com/reactor/reactor/releases)
- [Commits](https://github.com/reactor/reactor/compare/2025.0.2...2025.0.3)

---
updated-dependencies:
- dependency-name: io.projectreactor:reactor-bom
  dependency-version: 2025.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-11 03:06:26 +00:00
dependabot[bot]
c25ec70374
Bump ch.qos.logback:logback-classic from 1.5.28 to 1.5.29 
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.28 to 1.5.29.
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](https://github.com/qos-ch/logback/compare/v_1.5.28...v_1.5.29)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.29
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-11 03:06:19 +00:00
dependabot[bot]
8e1e0ca9d2
Bump io.micrometer:micrometer-observation from 1.16.2 to 1.16.3 
Bumps [io.micrometer:micrometer-observation](https://github.com/micrometer-metrics/micrometer) from 1.16.2 to 1.16.3.
- [Release notes](https://github.com/micrometer-metrics/micrometer/releases)
- [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.16.2...v1.16.3)

---
updated-dependencies:
- dependency-name: io.micrometer:micrometer-observation
  dependency-version: 1.16.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-11 03:05:06 +00:00
Josh Cummings
705fa60a01 Document Method Security hasScope Support 
Issue gh-18013

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-10 15:23:32 -07:00
Tran Ngoc Nhan
f2b7cb2de5 Support hasScope in Method Security 
Closes gh-18013

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-02-10 15:23:32 -07:00
coehgns
8652950fb2 Fix typos in contributing guide Tidy up wording in CONTRIBUTING.adoc to improve readability. 
Signed-off-by: coehgns <modooboiroo@gmail.com>
 2026-02-10 13:54:55 -07:00
Josh Cummings
07ba3e623f
Merge branch '7.0.x' 2026-02-10 13:41:47 -07:00
Josh Cummings
252c69460e
Merge remote-tracking branch 'origin/6.5.x' into 7.0.x 2026-02-10 13:41:29 -07:00
dependabot[bot]
3131642aae Bump io.micrometer:context-propagation from 1.1.3 to 1.1.4 
Bumps [io.micrometer:context-propagation](https://github.com/micrometer-metrics/context-propagation) from 1.1.3 to 1.1.4.
- [Release notes](https://github.com/micrometer-metrics/context-propagation/releases)
- [Commits](https://github.com/micrometer-metrics/context-propagation/compare/v1.1.3...v1.1.4)

---
updated-dependencies:
- dependency-name: io.micrometer:context-propagation
  dependency-version: 1.1.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-10 13:41:09 -07:00
dependabot[bot]
552d8d1d29 Bump ch.qos.logback:logback-classic from 1.5.28 to 1.5.29 
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.28 to 1.5.29.
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](https://github.com/qos-ch/logback/compare/v_1.5.28...v_1.5.29)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.29
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-10 13:39:59 -07:00
dependabot[bot]
f240f29433 Bump gradle-wrapper from 8.14 to 8.14.4 
Bumps gradle-wrapper from 8.14 to 8.14.4.

---
updated-dependencies:
- dependency-name: gradle-wrapper
  dependency-version: 8.14.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-10 13:39:38 -07:00
github-actions[bot]
f91b5f33fc
Merge pull request #18701 from spring-projects/dependabot/gradle/main/com.nimbusds-oauth2-oidc-sdk-11.33 
Bump com.nimbusds:oauth2-oidc-sdk from 11.26.1 to 11.33
 2026-02-10 17:51:23 +00:00
Josh Cummings
095cc3bf74 Merge remote-tracking branch 'origin/7.0.x' 2026-02-10 10:50:04 -07:00
dependabot[bot]
06caf327c1 Bump jakarta.xml.bind:jakarta.xml.bind-api from 4.0.4 to 4.0.5 
Bumps [jakarta.xml.bind:jakarta.xml.bind-api](https://github.com/jakartaee/jaxb-api) from 4.0.4 to 4.0.5.
- [Release notes](https://github.com/jakartaee/jaxb-api/releases)
- [Commits](https://github.com/jakartaee/jaxb-api/compare/4.0.4...4.0.5)

---
updated-dependencies:
- dependency-name: jakarta.xml.bind:jakarta.xml.bind-api
  dependency-version: 4.0.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-10 10:47:51 -07:00
dependabot[bot]
4cc6687916 Bump io.micrometer:context-propagation from 1.1.3 to 1.1.4 
Bumps [io.micrometer:context-propagation](https://github.com/micrometer-metrics/context-propagation) from 1.1.3 to 1.1.4.
- [Release notes](https://github.com/micrometer-metrics/context-propagation/releases)
- [Commits](https://github.com/micrometer-metrics/context-propagation/compare/v1.1.3...v1.1.4)

---
updated-dependencies:
- dependency-name: io.micrometer:context-propagation
  dependency-version: 1.1.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-10 10:47:18 -07:00
dependabot[bot]
108dc5996b Bump gradle-wrapper from 8.14 to 8.14.4 
Bumps gradle-wrapper from 8.14 to 8.14.4.

---
updated-dependencies:
- dependency-name: gradle-wrapper
  dependency-version: 8.14.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-10 10:40:49 -07:00
dependabot[bot]
8c3453dfd2 Bump ch.qos.logback:logback-classic from 1.5.28 to 1.5.29 
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.28 to 1.5.29.
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](https://github.com/qos-ch/logback/compare/v_1.5.28...v_1.5.29)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.29
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-10 10:40:25 -07:00
Josh Cummings
5418ab2081 Update nimbus-jose-jwt from 10.4 to 10.6 
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-10 10:37:44 -07:00
Josh Cummings
e8e4110334 Wrap RuntimeException in fromOidcConfiguration 
This commit makes so that fromOidcConfiguration throws the same exception
caused by chain as other configuration methods. Specifically, if parsing
throws a RuntimeException, this method will now wrap it in an
IllegalArgumentException as other configuration methods do.

This makes specific sense here since the RuntimeException is almost certainly
caused by a malformed configuration set handed in as a method parameter.

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-10 10:37:40 -07:00
dependabot[bot]
92fd945b02 Bump org.hibernate.orm:hibernate-core from 7.2.3.Final to 7.2.4.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 7.2.3.Final to 7.2.4.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/7.2.4/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/7.2.3...7.2.4)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 7.2.4.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-10 09:58:20 -07:00
dependabot[bot]
d0b0b5a252 Bump gradle-wrapper from 9.2.1 to 9.3.1 
Bumps gradle-wrapper from 9.2.1 to 9.3.1.

---
updated-dependencies:
- dependency-name: gradle-wrapper
  dependency-version: 9.3.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-10 09:57:59 -07:00
dependabot[bot]
601dfb2764 Bump io.micrometer:context-propagation from 1.2.0 to 1.2.1 
Bumps [io.micrometer:context-propagation](https://github.com/micrometer-metrics/context-propagation) from 1.2.0 to 1.2.1.
- [Release notes](https://github.com/micrometer-metrics/context-propagation/releases)
- [Commits](https://github.com/micrometer-metrics/context-propagation/compare/v1.2.0...v1.2.1)

---
updated-dependencies:
- dependency-name: io.micrometer:context-propagation
  dependency-version: 1.2.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-10 09:57:12 -07:00
Josh Cummings
b88ddc8d0d Enable Dependabot Auto-Merge on Main 
Closes gh-18712

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-10 09:56:02 -07:00
Josh Cummings
688b6ca733 Add Documentation for ExpressionJwtGrantedAuthoritiesConverter 
Closes gh-18300
 2026-02-10 09:11:26 -07:00
dependabot[bot]
17e368435d
Bump com.nimbusds:oauth2-oidc-sdk from 11.26.1 to 11.33 
Bumps [com.nimbusds:oauth2-oidc-sdk](https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions) from 11.26.1 to 11.33.
- [Changelog](https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions/src/master/CHANGELOG.txt)
- [Commits](https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions/branches/compare/11.33..11.26.1)

---
updated-dependencies:
- dependency-name: com.nimbusds:oauth2-oidc-sdk
  dependency-version: '11.33'
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-09 03:07:15 +00:00
dependabot[bot]
6b028cfe8e Bump ch.qos.logback:logback-classic from 1.5.27 to 1.5.28 
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.27 to 1.5.28.
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](https://github.com/qos-ch/logback/compare/v_1.5.27...v_1.5.28)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.28
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-06 16:39:24 -06:00
dependabot[bot]
d912393280 Bump com.fasterxml.jackson:jackson-bom from 2.20.2 to 2.21.0 
Bumps [com.fasterxml.jackson:jackson-bom](https://github.com/FasterXML/jackson-bom) from 2.20.2 to 2.21.0.
- [Commits](https://github.com/FasterXML/jackson-bom/compare/jackson-bom-2.20.2...jackson-bom-2.21.0)

---
updated-dependencies:
- dependency-name: com.fasterxml.jackson:jackson-bom
  dependency-version: 2.21.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-06 16:25:51 -06:00
dependabot[bot]
ba8360671c Bump org.hibernate.orm:hibernate-core from 7.0.10.Final to 7.2.3.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 7.0.10.Final to 7.2.3.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/7.2.3/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/7.0.10...7.2.3)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 7.2.3.Final
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-06 16:25:36 -06:00
Robert Winch
bf7d86722f
Merge Remove unnecessary Gradle wrapper from buildSrc 2026-02-06 13:23:39 -06:00
Robert Winch
e37f83884b
Merge Remove unnecessary Gradle wrapper from buildSrc 
Closes gh-18694
 2026-02-06 13:13:10 -06:00
Robert Winch
ce963c744c
Merge Remove unnecessary Gradle wrapper from buildSrc 
Closes gh-18693
 2026-02-06 13:08:41 -06:00
Robert Winch
1efacf1ad8
Remove unnecessary Gradle wrapper from buildSrc 
buildSrc does not need its own Gradle wrapper and should use
the parent project's wrapper. Having a separate wrapper causes
Dependabot to detect and attempt to update it independently,
creating confusion and unnecessary PRs.

Closes gh-18692
 2026-02-06 13:06:17 -06:00
dependabot[bot]
3071459fe4 Bump io.micrometer:micrometer-observation from 1.14.14 to 1.16.2 
Bumps [io.micrometer:micrometer-observation](https://github.com/micrometer-metrics/micrometer) from 1.14.14 to 1.16.2.
- [Release notes](https://github.com/micrometer-metrics/micrometer/releases)
- [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.14.14...v1.16.2)

---
updated-dependencies:
- dependency-name: io.micrometer:micrometer-observation
  dependency-version: 1.16.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-06 13:03:14 -06:00
dependabot[bot]
03c081bb46 Bump com.jayway.jsonpath:json-path from 2.9.0 to 2.10.0 
Bumps [com.jayway.jsonpath:json-path](https://github.com/jayway/JsonPath) from 2.9.0 to 2.10.0.
- [Release notes](https://github.com/jayway/JsonPath/releases)
- [Changelog](https://github.com/json-path/JsonPath/blob/master/changelog.md)
- [Commits](https://github.com/jayway/JsonPath/compare/json-path-2.9.0...json-path-2.10.0)

---
updated-dependencies:
- dependency-name: com.jayway.jsonpath:json-path
  dependency-version: 2.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-06 13:02:51 -06:00
dependabot[bot]
540fbdb189 Bump jakarta.xml.bind:jakarta.xml.bind-api from 4.0.4 to 4.0.5 
Bumps [jakarta.xml.bind:jakarta.xml.bind-api](https://github.com/jakartaee/jaxb-api) from 4.0.4 to 4.0.5.
- [Release notes](https://github.com/jakartaee/jaxb-api/releases)
- [Commits](https://github.com/jakartaee/jaxb-api/compare/4.0.4...4.0.5)

---
updated-dependencies:
- dependency-name: jakarta.xml.bind:jakarta.xml.bind-api
  dependency-version: 4.0.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-06 13:02:15 -06:00
dependabot[bot]
cea004b555 Bump io.micrometer:context-propagation from 1.1.3 to 1.2.0 
Bumps [io.micrometer:context-propagation](https://github.com/micrometer-metrics/context-propagation) from 1.1.3 to 1.2.0.
- [Release notes](https://github.com/micrometer-metrics/context-propagation/releases)
- [Commits](https://github.com/micrometer-metrics/context-propagation/compare/v1.1.3...v1.2.0)

---
updated-dependencies:
- dependency-name: io.micrometer:context-propagation
  dependency-version: 1.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-06 12:22:44 -06:00
dependabot[bot]
4c011887bd Bump org.htmlunit:htmlunit from 4.11.1 to 4.21.0 
Bumps [org.htmlunit:htmlunit](https://github.com/HtmlUnit/htmlunit) from 4.11.1 to 4.21.0.
- [Release notes](https://github.com/HtmlUnit/htmlunit/releases)
- [Commits](https://github.com/HtmlUnit/htmlunit/compare/4.11.1...4.21.0)

---
updated-dependencies:
- dependency-name: org.htmlunit:htmlunit
  dependency-version: 4.21.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-06 12:21:08 -06:00
dependabot[bot]
938d1f38b9 Bump org-jetbrains-kotlin from 2.3.0 to 2.3.10 
Bumps `org-jetbrains-kotlin` from 2.3.0 to 2.3.10.

Updates `org.jetbrains.kotlin:kotlin-bom` from 2.3.0 to 2.3.10
- [Release notes](https://github.com/JetBrains/kotlin/releases)
- [Changelog](https://github.com/JetBrains/kotlin/blob/master/ChangeLog.md)
- [Commits](https://github.com/JetBrains/kotlin/compare/v2.3.0...v2.3.10)

Updates `org.jetbrains.kotlin:kotlin-gradle-plugin` from 2.3.0 to 2.3.10
- [Release notes](https://github.com/JetBrains/kotlin/releases)
- [Changelog](https://github.com/JetBrains/kotlin/blob/master/ChangeLog.md)
- [Commits](https://github.com/JetBrains/kotlin/compare/v2.3.0...v2.3.10)

---
updated-dependencies:
- dependency-name: org.jetbrains.kotlin:kotlin-bom
  dependency-version: 2.3.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.jetbrains.kotlin:kotlin-gradle-plugin
  dependency-version: 2.3.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-06 12:20:45 -06:00
Robert Winch
54f294fe6e
Merge branch '7.0.x' 2026-02-06 12:16:15 -06:00
Robert Winch
71a10cef0b
Bump spring-io/spring-doc-actions from 0.0.20 to 0.0.22 2026-02-06 12:14:22 -06:00
Robert Winch
784e6efcf5
Bump io.mockk:mockk from 1.14.7 to 1.14.9 2026-02-06 12:14:19 -06:00
Robert Winch
1caefd748b
Bump org.assertj:assertj-core from 3.27.6 to 3.27.7 2026-02-06 12:14:15 -06:00
Robert Winch
b427587d27
Bump io.spring.develocity.conventions from 0.0.24 to 0.0.25 2026-02-06 12:14:12 -06:00
Robert Winch
832635c9e8
Bump ch.qos.logback:logback-classic from 1.5.24 to 1.5.28 2026-02-06 12:14:09 -06:00