Bump org.springframework.security:spring-security-bom from 6.5.0-RC1 to 6.5.1-SNAPSHOT

[dependabot]

Bumps org.springframework.security:spring-security-bom from 6.5.0-RC1 to 6.5.1-SNAPSHOT.

Release notes

Sourced from org.springframework.security:spring-security-bom's releases.

6.5.0

⭐ New Features

• Add documentation for DPoP support #17072
• Add logging to CsrfTokenRequestHandler implementations #16994
• Add mapping for DPoP in DefaultMapOAuth2AccessTokenResponseConverter #16806
• Bump Gradle Wrapper from 8.13 to 8.14 #17018
• ClientRegistrations.fromIssuerLocation does not include failure information #17015
• Fix Typo In SubjectDnX509PrincipalExtractorTests #16997
• Implement internal cache in JtiClaimValidator #17107
• Polish javadoc #16924
• Remove unused classes #16935
• Replace NimbusOpaqueTokenIntrospector with SpringOpaqueTokenIntrospector in Documentation #16962
• RequestHeaderAuthenticationFilter creates a session even if not configured to do so #17147

🪲 Bug Fixes

• Add FunctionalInterface To X509PrincipalExtractor #16952
• Change NonNull import from reactor to spring #16571
• Fix DPoP jkt claim to be JWK SHA-256 thumbprint #17080
• Minor error in the Handling Logouts documentation #17049
• SecurityAnnotationScanner's method comparison should use .equals #17145
• Use proper configuration key in Opaque Token documentation #17014

🔨 Dependency Upgrades

• Bump com.fasterxml.jackson:jackson-bom from 2.18.3 to 2.18.4 #17069
• Bump com.fasterxml.jackson:jackson-bom from 2.18.3 to 2.19.0 #16995
• Bump com.google.code.gson:gson from 2.13.0 to 2.13.1 #16990
• Bump com.webauthn4j:webauthn4j-core from 0.29.0.RELEASE to 0.29.1.RELEASE #17024
• Bump com.webauthn4j:webauthn4j-core from 0.29.1.RELEASE to 0.29.2.RELEASE #17095
• Bump io.micrometer:micrometer-observation from 1.14.6 to 1.14.7 #17096
• Bump io.mockk:mockk from 1.14.0 to 1.14.2 #17019
• Bump io.projectreactor:reactor-bom from 2023.0.17 to 2023.0.18 #17111
• Bump io.spring.gradle:spring-security-release-plugin from 1.0.5 to 1.0.6 #17040
• Bump org-apache-maven-resolver from 1.9.22 to 1.9.23 #17088
• Bump org-eclipse-jetty from 11.0.24 to 11.0.25 #16761
• Bump org.hibernate.orm:hibernate-core from 6.6.13.Final to 6.6.14.Final #17089
• Bump org.hibernate.orm:hibernate-core from 6.6.14.Final to 6.6.15.Final #17105
• Bump org.seleniumhq.selenium:selenium-java from 4.31.0 to 4.32.0 #17037
• Bump org.springframework.data:spring-data-bom from 2024.1.4 to 2024.1.5 #16981
• Bump org.springframework.data:spring-data-bom from 2024.1.5 to 2024.1.6 #17137
• Bump org.springframework:spring-framework-bom from 6.2.6 to 6.2.7 #17124

🔩 Build Updates

• Release 6.5.0 #17138

❤️ Contributors

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)