fix(deps): update dependency org.springframework.security:spring-security-crypto to v6.5.10

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
org.springframework.security:spring-security-crypto (source)	6.5.3 → 6.5.10

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

spring-projects/spring-security (org.springframework.security:spring-security-crypto)

v6.5.10

Compare Source

⭐ New Features

• Add CredentialRecordOwnerAuthorizationManager #​19004
• Add XML Based shouldWriteHeadersEagerly tests #​19017
• Clarify Session Management Persistence Documentation #​18345
• Update FilterChainProxy#getFilters(String) javadoc #​18258

🪲 Bug Fixes

• Add equals and hashcode to HttpMethodRequestMatcher #​18914
• auth_time validation fails when SSO session is renewed #​18839
• Fallback defaultTargetUrl if refererHeader is empty #​18806
• Fix HttpSessionRequestCache#getMatchingRequest query string parsing #​16914
• Fix documentation for Custom Authorization Manager #​18362
• Improve serialVersionUID check in tests #​18474
• Merge Handle null value in OnCommittedResponseWrapper header methods #​18989
• OAuth2 client sessionManagement ineffective with DefaultOidcUser #​18622

🔨 Dependency Upgrades

• Bump @springio/antora-extensions from 1.14.10 to 1.14.11 in /docs #​19055
• Bump @springio/antora-extensions from 1.14.7 to 1.14.9 in /docs #​18956
• Bump @springio/antora-extensions from 1.14.9 to 1.14.10 in /docs #​19031
• Bump @springio/asciidoctor-extensions from 1.0.0-alpha.17 to 1.0.0-alpha.18 in /docs #​18952
• Bump actions/upload-artifact from 7.0.0 to 7.0.1 #​19094
• Bump io.projectreactor:reactor-bom from 2024.0.16 to 2024.0.17 #​19078
• Bump io.spring.gradle:spring-security-release-plugin from 1.0.14 to 1.0.15 #​18916
• Bump org.apache.maven:maven-resolver-provider from 3.9.14 to 3.9.15 #​19108
• Bump org.hibernate.orm:hibernate-core from 6.6.44.Final to 6.6.45.Final #​18966
• Bump org.hibernate.orm:hibernate-core from 6.6.45.Final to 6.6.47.Final #​19046
• Bump org.hibernate.orm:hibernate-core from 6.6.47.Final to 6.6.48.Final #​19064
• Bump org.hibernate.orm:hibernate-core from 6.6.48.Final to 6.6.49.Final #​19110
• Bump org.springframework:spring-framework-bom from 6.2.17 to 6.2.18 #​19109
• Bump spring-io/spring-release-actions from 0.0.3 to 0.0.4 #​19093
• Bump spring-io/spring-security-release-tools from 1.0.14 to 1.0.15 #​18954
• Bump spring-io/spring-security-release-tools/.github/workflows/build.yml from 1.0.14 to 1.0.15 #​18955
• Bump spring-io/spring-security-release-tools/.github/workflows/deploy-artifacts.yml from 1.0.14 to 1.0.15 #​18949
• Bump spring-io/spring-security-release-tools/.github/workflows/deploy-schema.yml from 1.0.14 to 1.0.15 #​18950
• Bump spring-io/spring-security-release-tools/.github/workflows/perform-release.yml from 1.0.14 to 1.0.15 #​18995
• Bump spring-io/spring-security-release-tools/.github/workflows/test.yml from 1.0.14 to 1.0.15 #​18951
• Bump spring-io/spring-security-release-tools/.github/workflows/update-scheduled-release-version.yml from 1.0.14 to 1.0.15 #​18994
• Update to spring-security-release-tools 1.0.15 #​18910

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Kehrlann, @​as1605, @​johnycho, @​ngocnhan-tran1996, @​rwinch, and @​sankranty

v6.5.9

Compare Source

⭐ New Features

• Update Link to CSRF Docs in FAQ #​18616

🪲 Bug Fixes

• Fix GrantedAuthority.authority null in AuthoritiesAuthorizationManager #​18544
• saveAuthenticationRequest should read relayState from authenticationRequest #​18872
• Add Missing OnCommitedResponseWrapper Header Overrides #​18798
• Clarify Resource Server startup expectations #​18518
• Correct Reference to Clear-Site-Data Directive enum #​18273
• Fix CookieRequestCache parameters #​18857
• Fix Flaky Crypto Tests #​18841
• Fix Jackson Deserializer for AuthenticationExtensionsClientOutputs #​18896

🔨 Dependency Upgrades

• Bump @antora/collector-extension from 1.0.2 to 1.0.3 in /docs #​18854
• Bump actions/upload-artifact from 6.0.0 to 7.0.0 #​18809
• Bump ch.qos.logback:logback-classic from 1.5.29 to 1.5.32 #​18749
• Bump com.fasterxml.jackson:jackson-bom from 2.18.5 to 2.18.6 #​18779
• Bump io.projectreactor:reactor-bom from 2024.0.15 to 2024.0.16 #​18876
• Bump org-apache-maven-resolver from 1.9.25 to 1.9.26 #​18750
• Bump org-apache-maven-resolver from 1.9.26 to 1.9.27 #​18791
• Bump org.apache.maven:maven-resolver-provider from 3.9.12 to 3.9.13 #​18860
• Bump org.apache.maven:maven-resolver-provider from 3.9.13 to 3.9.14 #​18886
• Bump org.hibernate.orm:hibernate-core from 6.6.42.Final to 6.6.43.Final #​18780
• Bump org.hibernate.orm:hibernate-core from 6.6.43.Final to 6.6.44.Final #​18829
• Bump org.springframework:spring-framework-bom from 6.2.16 to 6.2.17 #​18903

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Hann244, @​Khyojae, @​ghusta, @​itsmevichu, @​qihaiyan, @​rwinch, @​therepanic, and @​ziqin

v6.5.8

Compare Source

⭐ New Features

• Add @FunctionalInterface to RequestMatcher #​18337
• Spring Security 7 should provide migration path from request-matcher="ant" #​18211
• Stop deploying JavaDoc outside of Antora #​18199

🪲 Bug Fixes

• Add Missing Migration Pages to Navigation #​18313
• Create SHA-1 MessageDigest for every new check request in Compromised Password Checker #​18235
• Fix typo in "Preparing for 7.0" in reference to PathPatternRequestMatcher #​18336
• Fix typo in AnnotationTemplateExpressionDefaults documentation #​18176
• Fix typos in documentation depenendencies->dependencies #​18208

🔨 Dependency Upgrades

• Bump @antora/atlas-extension from 1.0.0-alpha.2 to 1.0.0-alpha.5 in /docs #​18675
• Bump @antora/collector-extension from 1.0.1 to 1.0.2 in /docs #​18677
• Bump @springio/antora-extensions from 1.14.4 to 1.14.7 in /docs #​18676
• Bump antora from 3.2.0-alpha.8 to 3.2.0-alpha.11 in /docs #​18679
• Bump ch.qos.logback:logback-classic from 1.5.20 to 1.5.21 #​18192
• Bump ch.qos.logback:logback-classic from 1.5.21 to 1.5.22 #​18321
• Bump ch.qos.logback:logback-classic from 1.5.22 to 1.5.24 #​18387
• Bump ch.qos.logback:logback-classic from 1.5.24 to 1.5.25 #​18525
• Bump ch.qos.logback:logback-classic from 1.5.25 to 1.5.26 #​18591
• Bump ch.qos.logback:logback-classic from 1.5.26 to 1.5.27 #​18631
• Bump ch.qos.logback:logback-classic from 1.5.27 to 1.5.28 #​18678
• Bump ch.qos.logback:logback-classic from 1.5.28 to 1.5.29 #​18710
• Bump gradle-wrapper from 8.14 to 8.14.4 #​18704
• Bump io.micrometer:context-propagation from 1.1.3 to 1.1.4 #​18703
• Bump io.micrometer:micrometer-observation from 1.14.13 to 1.14.14 #​18279
• Bump io.mockk:mockk from 1.14.6 to 1.14.7 #​18275
• Bump io.projectreactor:reactor-bom from 2024.0.12 to 2024.0.13 #​18293
• Bump io.projectreactor:reactor-bom from 2024.0.13 to 2024.0.14 #​18495
• Bump io.projectreactor:reactor-bom from 2024.0.14 to 2024.0.15 #​18716
• Bump io.spring.develocity.conventions from 0.0.24 to 0.0.25 #​18535
• Bump io.spring.gradle:spring-security-release-plugin from 1.0.13 to 1.0.14 #​18724
• Bump jakarta.xml.bind:jakarta.xml.bind-api from 4.0.4 to 4.0.5 #​18670
• Bump org-apache-maven-resolver from 1.9.24 to 1.9.25 #​18292
• Bump org-aspectj from 1.9.25 to 1.9.25.1 #​18329
• Bump org.apache.maven:maven-resolver-provider from 3.9.11 to 3.9.12 #​18352
• Bump org.assertj:assertj-core from 3.27.6 to 3.27.7 #​18590
• Bump org.hibernate.orm:hibernate-core from 6.6.34.Final to 6.6.36.Final #​18193
• Bump org.hibernate.orm:hibernate-core from 6.6.36.Final to 6.6.38.Final #​18241
• Bump org.hibernate.orm:hibernate-core from 6.6.38.Final to 6.6.39.Final #​18308
• Bump org.hibernate.orm:hibernate-core from 6.6.39.Final to 6.6.40.Final #​18351
• Bump org.hibernate.orm:hibernate-core from 6.6.40.Final to 6.6.41.Final #​18524
• Bump org.hibernate.orm:hibernate-core from 6.6.41.Final to 6.6.42.Final #​18632
• Bump org.springframework.data:spring-data-bom from 2024.1.12 to 2024.1.13 #​18320
• Bump org.springframework.ldap:spring-ldap-core from 3.2.15 to 3.2.16 #​18322
• Bump org.springframework:spring-framework-bom from 6.2.13 to 6.2.14 #​18206
• Bump org.springframework:spring-framework-bom from 6.2.14 to 6.2.15 #​18323
• Bump org.springframework:spring-framework-bom from 6.2.15 to 6.2.16 #​18731
• Bump spring-io/spring-doc-actions from 0.0.20 to 0.0.22 #​18649
• Update Antora UI Spring to v0.4.25 #​18402

🔩 Build Updates

• Remove unnecessary Gradle wrapper from buildSrc #​18692

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​garvit-joshi, @​ghusta, @​kucoll, and @​rwinch

v6.5.7

Compare Source

⭐ New Features

• Add Include-Code for the Password Storage page #​18054
• Default WebAuthnConfigurer#rpName to rpId #​18131
• Document effects of disabling CORS #​18129

🪲 Bug Fixes

• typ values should not be case-sensitive in JwtTypeValidator #​18101
• BCryptPasswordEncoderTests should password limit of 72 bytes #​18136
• Fix GenerateOneTimeTokenRequestResolver ignored if username param not present #​18074
• GenerateOneTimeTokenFilter should not attempt to generate a token with a null token request #​18088

🔨 Dependency Upgrades

• Bump com.fasterxml.jackson:jackson-bom from 2.18.4.1 to 2.18.5 #​18110
• Bump io.micrometer:micrometer-observation from 1.14.12 to 1.14.13 #​18149
• Bump io.spring.gradle:spring-security-release-plugin from 1.0.11 to 1.0.13 #​18141
• Bump org-aspectj from 1.9.24 to 1.9.25 #​18142
• Bump org.hibernate.orm:hibernate-core from 6.6.33.Final to 6.6.34.Final #​18111
• Update to Reactor 2024.0.12 #​18181
• Update to Spring Data 2024.1.12 #​18182
• Update to Spring Framework 6.2.13 #​18180

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​himanshu-pareek, @​marcusdacoregio, and @​namest504

v6.5.6

Compare Source

🔨 Dependency Upgrades

• Bump ch.qos.logback:logback-classic from 1.5.19 to 1.5.20 #​18082
• Bump com.google.code.gson:gson from 2.13.1 to 2.13.2 #​17930
• Bump com.webauthn4j:webauthn4j-core from 0.29.5.RELEASE to 0.29.6.RELEASE #​17929
• Bump io.micrometer:micrometer-observation from 1.14.11 to 1.14.12 #​18045
• Bump org.assertj:assertj-core from 3.27.5 to 3.27.6 #​17950
• Bump org.gretty:gretty from 4.1.7 to 4.1.10 #​17945
• Bump org.hibernate.orm:hibernate-core from 6.6.31.Final to 6.6.33.Final #​18039
• Bump org.springframework.data:spring-data-bom from 2024.1.10 to 2024.1.11 #​18083
• Bump org.springframework.ldap:spring-ldap-core from 3.2.14 to 3.2.15 #​18067
• Bump org.springframework:spring-framework-bom from 6.2.11 to 6.2.12 #​18068

v6.5.5

Compare Source

🔨 Dependency Upgrades

• Bump io.micrometer:micrometer-observation from 1.14.10 to 1.14.11 #​17922
• Bump io.micrometer:micrometer-observation from 1.14.10 to 1.14.11 #​17911
• Bump jakarta.xml.bind:jakarta.xml.bind-api from 4.0.2 to 4.0.4 #​17923
• Bump jakarta.xml.bind:jakarta.xml.bind-api from 4.0.2 to 4.0.4 #​17910
• Bump org.hibernate.orm:hibernate-core from 6.6.26.Final to 6.6.29.Final #​17924
• Bump org.hibernate.orm:hibernate-core from 6.6.26.Final to 6.6.29.Final #​17913
• Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.10 #​17925
• Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.10 #​17912
• Bump org.springframework:spring-framework-bom from 6.2.10 to 6.2.11 #​17926
• Bump org.springframework:spring-framework-bom from 6.2.10 to 6.2.11 #​17914

v6.5.4

Compare Source

⭐ New Features

• Update servlet test method docs to use include-code #​17749

🪲 Bug Fixes

• Annonation Scanning Should Fallback to Object when Parameter Matching #​17899
• Fix double-slash when basePath is root #​17841
• Fix traceId discrepancy in case error in servlet web #​17796
• Reference should advise avoiding post-authorization on writes #​17798

🔨 Dependency Upgrades

• Bump com.google.code.gson:gson from 2.13.1 to 2.13.2 #​17893
• Bump com.google.code.gson:gson from 2.13.1 to 2.13.2 #​17874
• Bump com.webauthn4j:webauthn4j-core from 0.29.5.RELEASE to 0.29.6.RELEASE #​17895
• Bump com.webauthn4j:webauthn4j-core from 0.29.5.RELEASE to 0.29.6.RELEASE #​17854
• Bump com.webauthn4j:webauthn4j-core from 0.29.5.RELEASE to 0.29.6.RELEASE #​17836
• Bump io.micrometer:micrometer-observation from 1.14.10 to 1.14.11 #​17894
• Bump io.micrometer:micrometer-observation from 1.14.10 to 1.14.11 #​17858
• Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 #​17767
• Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.26.Final #​17766
• Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.26.Final #​17759
• Bump org.hibernate.orm:hibernate-core from 6.6.26.Final to 6.6.28.Final #​17853
• Bump org.hibernate.orm:hibernate-core from 6.6.26.Final to 6.6.28.Final #​17837
• Bump org.hibernate.orm:hibernate-core from 6.6.26.Final to 6.6.29.Final #​17896
• Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.10 #​17897
• Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.9 #​17855
• Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.9 #​17791
• Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.9 #​17771
• Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.9 #​17758
• Bump org.springframework.ldap:spring-ldap-core from 3.2.13 to 3.2.14 #​17773

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​jkuhel and @​therepanic

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 00ea014a-3865-435b-9d73-bcbd8a6adc5b

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch renovate/spring-security

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}