fix(deps): update maven all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
org.springframework.security:spring-security-core (source)	6.3.4 -> 6.4.0
org.springframework:spring-web	6.1.14 -> 6.2.0
com.nimbusds:nimbus-jose-jwt	9.46 -> 9.47
io.netty:netty-resolver-dns-native-macos (source)	4.1.114.Final -> 4.1.115.Final
io.netty:netty-codec-http (source)	4.1.114.Final -> 4.1.115.Final

---

Release Notes

spring-projects/spring-security (org.springframework.security:spring-security-core)

v6.4.0

Compare Source

⭐ New Features

• Add @FunctionalInterface to AuthorizationEventPublisher #​15934
• Add DefaultResourcesFilter.webauthn() #​15970
• Add deprecation notice for missing leading slashes #​16020
• Code Cleanup #​15996
• Document passkeys dependencies #​16107
• Factor out some common object mocking in tests #​15396
• Fix saml2 authentication guide docs #​16017
• Improve documentation about CredentialsContainer #​15554
• Improve Documentation on Adding a Custom Security Filter #​15893
• Improve Error Message for Conflicting Filter Chains #​15992
• Make it easier to determine where a filter chain has been defined #​15874
• OIDC logout not working for JPA/JDBC OAuth2AuthorizationService because DefaultSaml2AuthenticatedPrincipal does not implement equality #​15346
• Polish JdbcOneTimeTokenService #​15997
• relying-party-registration doesn't allow placeholders in xml #​14645
• Support ServerExchangeRejectedHandler @Bean #​16063

🪲 Bug Fixes

• An empty-string bearer token should result in an appropriate HTTP status code #​16037
• AuthorizeReturnObject AOT support should register proxied class as well #​16106
• Correct class name reference in WebFilterChainProxy JavaDoc #​16004
• Fix typo javadoc some classes #​16022
• Initialize OpenSAML in OpenSamlAssertingPartyMetadataRepository #​16055
• IpAddressMatcher null pointer exception #​16104
• OpenSamlAssertingPartyMetadataRepository should initialize OpenSAML #​16042
• Support ServerWebExchangeFirewall @Bean #​15999
• UniqueSecurityAnnotationScanner throws ConcurrentModificationException #​15906

🔨 Dependency Upgrades

• Bump ch.qos.logback:logback-classic from 1.5.11 to 1.5.12 #​16005
• Bump com.fasterxml.jackson:jackson-bom from 2.18.0 to 2.18.1 #​16007
• Bump com.webauthn4j:webauthn4j-core from 0.28.1.RELEASE to 0.28.2.RELEASE #​16122
• Bump io.freefair.gradle:aspectj-plugin from 8.10.2 to 8.11 #​16123
• Bump io.micrometer:micrometer-observation from 1.14.0 to 1.14.1 #​16121
• Bump io.projectreactor:reactor-bom from 2023.0.11 to 2023.0.12 #​16079
• Bump org-bouncycastle from 1.78.1 to 1.79 #​16010
• Bump org.hibernate.orm:hibernate-core from 6.6.1.Final to 6.6.2.Final #​16048
• Bump org.hsqldb:hsqldb from 2.7.3 to 2.7.4 #​16028
• Bump org.htmlunit:htmlunit from 4.5.0 to 4.6.0 #​16044
• Bump org.junit:junit-bom from 5.11.2 to 5.11.3 #​15968
• Bump org.seleniumhq.selenium:htmlunit3-driver from 4.25.0 to 4.26.0 #​16043
• Bump org.seleniumhq.selenium:selenium-java from 4.25.0 to 4.26.0 #​16018
• Bump org.springframework.data:spring-data-bom from 2024.0.5 to 2024.1.0 #​16124
• Bump org.springframework.ldap:spring-ldap-core from 3.2.7 to 3.2.8 #​16097
• Bump org.springframework:spring-framework-bom from 6.2.0-RC3 to 6.2.0 #​16096

🔩 Build Updates

• Bump @antora/collector-extension from 1.0.0-beta.4 to 1.0.0-beta.5 in /docs #​16115
• fix assertions #​15937
• Remove unnecessary parentheses and add static final field MockPortResolver#getServerPort #​15875
• Update Antora UI Spring to v0.4.17 #​15929

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Chu3laMan, @​Kehrlann, @​Limm-jk, @​dcolazin, @​dependabot[bot], @​franticticktick, @​github-actions[bot], @​gzhao9, @​ig-jinwoo, @​jzheaux, @​kse-music, @​ngocnhan-tran1996, and @​nomoreFt

v6.3.5

Compare Source

⭐ New Features

• Support ServerExchangeRejectedHandler @Bean #​16062
• Supporting logout+jwt for back-channel logout with spring-webflux #​15702

🪲 Bug Fixes

• Align DelegatingAuthenticationConverter Constructors #​15949
• An empty-string bearer token should result in an appropriate HTTP status code #​16036
• IpAddressMatcher null pointer exception #​15527
• RequestMatcherDelegatingAuthorizationManager should be post-processable #​15981
• Support ServerWebExchangeFirewall @Bean #​15991
• Unhandled exception in CookieRequestCache results in 500 Internal Server Error #​15986
• Update logout.adoc: Fix Customizing Logout Success Example #​15956

🔨 Dependency Upgrades

• Bump ch.qos.logback:logback-classic from 1.5.11 to 1.5.12 #​16006
• Bump com.fasterxml.jackson:jackson-bom from 2.17.2 to 2.17.3 #​16032
• Bump io.micrometer:micrometer-observation from 1.12.12 to 1.12.13 #​16126
• Bump io.projectreactor:reactor-bom from 2023.0.11 to 2023.0.12 #​16082
• Bump org.hsqldb:hsqldb from 2.7.3 to 2.7.4 #​16033
• Bump org.springframework.data:spring-data-bom from 2024.0.5 to 2024.0.6 #​16125
• Bump org.springframework.ldap:spring-ldap-core from 3.2.7 to 3.2.8 #​16102
• Bump org.springframework:spring-framework-bom from 6.1.14 to 6.1.15 #​16101

🔩 Build Updates

• Bump @antora/collector-extension from 1.0.0-beta.4 to 1.0.0-beta.5 in /docs #​16117
• Update Antora UI Spring to v0.4.17 #​15930

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​asimuleo, @​dependabot[bot], @​github-actions[bot], and @​kse-music

spring-projects/spring-framework (org.springframework:spring-web)

v6.2.0

Compare Source

⭐ New Features

• Update UndertowHttpHandlerAdapter to dispatch #​33885
• Refine @Contract Javadoc to mention this and new return values #​33849
• AOT processing for bean validation does not consider cascaded and container element constraints #​33842
• Avoid repeated resolving of singleton beans through @Lazy proxy #​33841
• Regiser runtime hints for @TestBean fully-qualified method names #​33836
• Introduce support for custom reason in @DisabledInAotMode #​33833
• Use optimistic locking where possible in ResponseBodyEmitter #​33831
• Revise cookies support with Apache HTTP Components in WebClient and WebTestClient #​33822
• Remove the pure attribute from @Contract #​33820
• Introduce @CheckReturnValue annotation #​33818
• ResourceHttpRequestHandler throwing IllegalArgumentException if resource doesn't end with slash breaks some third-party libraris #​33815
• Provide first-class virtual thread option on ThreadPoolTaskExecutor/ThreadPoolTaskScheduler #​33807
• HttpServiceProxyFactory should omit optional @RequestParam if converted from null to empty string #​33794
• Reactor Netty response should not buffer the full response #​33781
• Relax the visibility of MockMVC DSL constructors #​33778
• Support Publisher to InputStream conversion #​31677

🐞 Bug Fixes

• MockReset should be honored without @Mockito[Spy]Bean fields #​33829
• Test Bean Overrides do not honor @Primary semantics #​33819
• Bean Overrides cannot reliably override beans created by a FactoryBean with generics #​33811
• Bean Overrides for certain FactoryBean use cases no longer work #​33800
• @MockitoBean, @MockitoSpyBean, & @TestBean do not work with @DirtiesContext "before method" modes #​33783
• Deprecate exchangeTimeout and refactor readTimeout in ReactorClientHttpRequestFactory #​33782

📔 Documentation

• Revise documentation for SpEL PropertyAccessor and IndexAccessor APIs regarding ordering #​33862
• Document UrlHandler Servlet and reactive filters #​33784
• Improve documentation for SpelCompilerMode #​33223

🔨 Dependency Upgrades

• Upgrade to ASM 9.7.1 (for early Java 24 support) #​33821
• Upgrade to Micrometer 1.14.0 #​33876
• Upgrade to Reactor 2024.0.0 #​33878

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Hejow, @​OlegDokuka, and @​lucky8987

v6.1.15

Compare Source

⭐ New Features

• Use UriUtils to process static resource paths #​33859
• Prefer modified resources over the originals in TestCompiler #​33850
• Improve iteration methods in native headers to MultiValueMap adapters #​33823
• Deregister empty Cache from CacheManager #​33813
• Rename aopAvailable constants in TransactionSynchronizationUtils for better GraalVM native image support #​33796
• Load-time weaving support for WildFly 24+ #​33728

🐞 Bug Fixes

• DefaultClientRequestObservationConvention generates wrong uri tag when missing path #​33867
• HttpComponentsClientHttpRequestFactory setReadTimeout not working with httpclient 5.4 #​33806
• HttpHeaders.writeableHttpHeaders(new HttpHeaders(readOnlyHttpHeaders)) is not writeable #​33789
• RestClient exchange methods are not nullable #​33779
• Throw SpelParseException for unsupported character in SpelExpressionParser #​33767
• DefaultMessageListenerContainer reports incorrect jms.process.message count #​33758
• Autowiring fails if multiple non-highest @Priority beans exist with same priority #​33733
• Jackson2Decoder leaks on WebClient timeout #​33731
• DefaultServerRequestObservationConvention throws when response status is zero #​33725
• Aspect executed twice - @AfterThrowing #​33704
• parts w/o filename in Content-Disposition header are not cleaned from temp folder (skipped by StandardServletMultipartResolver) #​33511

📔 Documentation

• Resources link points to wrong section of reference guide #​33882
• Remove mentions of Joda-Time support #​33881
• SimpleAsyncTaskExecutor blocks calling thread when concurrencyLimit set #​33873
• Fix formatting issue in validation section of reference guide #​33871
• Fix typo in reference documentation #​33865
• Fix XML bean reference example in reference manual #​33855
• Fix a typo in documentation #​33846
• Numerous warnings when injecting dependencies into configuration that implements CachingConfigurer #​33834
• @Async documentation should not suggest deprecated classes #​33805
• Document that circular dependencies should be avoided in AOT mode #​33786
• Inconsistent Lifecycle Management with Virtual Threads in Spring Boot Async Configuration #​33780
• Fix incorrect regex rendering in MVC controller documentation #​33766
• Improve documentation for allowEagerInit parameter in getBeanNamesForType() #​33740
• Fix Javadoc in ReactorNetty2ResourceFactory #​33735
• Document options for handling Date/Time parsing and formatting issues with JDK 20+ #​33151

🔨 Dependency Upgrades

• Upgrade to Micrometer 1.12.12 #​33877
• Upgrade to Reactor 2023.0.12 #​33879

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Torres-09, @​ZLATAN628, @​hosamaly, @​izeye, @​kunaljani1100, @​ngocnhan-tran1996, and @​wilkinsona

connect2id/nimbus-jose-jwt (com.nimbusds:nimbus-jose-jwt)

v9.47

Compare Source

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

---

Thanks for the PR!

Deployments, as required, will be available below:
Any successful deployments (not always required) will be available here

Please create PRs in draft mode. Mark as ready to enable:

• Analysis Workflow

After merge, new images are deployed in:

• Merge Workflow

[github-actions]

Current changelog

Bug Fixes

• deps: update maven all non-major dependencies (4803669)

[github-actions]

Overall Project	NaN% NaN%	🍏

There is no coverage information present for the Files changed

[sonarcloud]

Quality Gate passed for 'nr-forest-client-processor'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[github-actions]

Current changelog

Bug Fixes

• deps: update maven all non-major dependencies (4803669)

[github-actions]

Current changelog

Bug Fixes

• deps: update maven all non-major dependencies (4803669)

[github-actions]

Current changelog

Bug Fixes

• deps: update maven all non-major dependencies (4803669)