Bump the development-dependencies group with 2 updates

[dependabot]

Bumps the development-dependencies group with 2 updates: org.springframework.security:spring-security-bom and org.hibernate.orm:hibernate-core.

Updates org.springframework.security:spring-security-bom from 6.4.0 to 6.4.1

Release notes

Sourced from org.springframework.security:spring-security-bom's releases.

6.4.1

🪲 Bug Fixes

• Documentation images should render clearly in both light and dark mode #16132
• Fix conflicting bean names between @EnableWebSecurity and @EnableWebSocketSecurity #16113

🔩 Build Updates

• Update Antora UI Spring to v0.4.18 #16112

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​github-actions[bot] and @​ngocnhan-tran1996

Commits

• 59b7b55 Release 6.4.1
• b896a74 Resolve Observation Bean Name Collisions
• 91832bf Add EnableWebSecurity + EnableWebSocketSecurity Test
• 30c9860 Add What's New Link to Landing Pages
• 4787efb Update What's New
• b712c24 Merge branch '6.3.x'
• 70a9501 Merge branch '6.2.x' into 6.3.x
• b8e9f47 Merge branch '5.8.x' into 6.2.x
• 04baead Update Antora Spring UI to v0.4.18
• a0a9b48 Update Antora Spring UI to v0.4.18
• Additional commits viewable in compare view

Updates org.hibernate.orm:hibernate-core from 6.6.2.Final to 6.6.3.Final

Release notes

Sourced from org.hibernate.orm:hibernate-core's releases.

Hibernate ORM 6.6.3.Final released

Today, we published a new maintenance release of Hibernate ORM 6.6: 6.6.3.Final.

What's new

This release introduces a few minor improvements as well as bug fixes.

You can find the full list of 6.6.3.Final changes here.

Conclusion

For additional details, see:

• the release page
• the Migration Guide
• the Introduction Guide
• the User Guide

See also the following resources related to supported APIs:

• the compatibility policy
• the incubating API report (@Incubating)
• the deprecated API report (@Deprecated + @Remove)
• the internal API report (internal packages, @Internal)

Visit the website for details on getting in touch with us.

Changelog

Sourced from org.hibernate.orm:hibernate-core's changelog.

Changes in 6.6.3.Final (November 21, 2024)

https://hibernate.atlassian.net/projects/HHH/versions/32365

** Bug * [HHH-18862] - Group by error due to subselect using foreign key reference instead of primary key in HQL query * [HHH-18851] - ArrayContainsArgumentTypeResolver wrongly infers array type for needle argument * [HHH-18842] - Regression: CollectionType.replace() breaks if target is PersistentCollection, but not instance of Collection (e.g. PersistentMap) * [HHH-18832] - Bytecode enhancement skipped for entities with "compute-only" @​Transient properties * [HHH-18816] - Error when rendering the fk-side of an association in an exists subquery * [HHH-18703] - JoinedSubclassEntityPersister#getTableNameForColumn KO * [HHH-18647] - SemanticException when using createCriteriaInsertValues to insert into foreign key column

** Improvement * [HHH-18841] - Make _identifierMapper property added for a IdClass synthetic * [HHH-18833] - Configuration to fail bytecode enhancement instead of skipping it on unsupported models

** Task * [HHH-18846] - Enable release automation for ORM 6.6

Commits

• 74f0839 Pre-steps for release : 6.6.3.Final
• 3dfb973 HHH-18842 CollectionType.replace() breaks if target is PersistentCollection, ...
• e094b3c HHH-18842 Add test for issue
• 2036ef1 Add a warning for future upgrades of bytebuddy
• ff64185 Don't use net.bytebuddy.experimental=true for Java 23 testing
• b91d9ec HHH-18846 Enable release automation for ORM 6.6
• b5178d0 HHH-18851 Fix parameter type inference issue when IN predicate is uses array_...
• a26e505 HHH-18841 Create _identifierMapper as a synthetic attribute
• 1ffde48 HHH-18832 Don't skip bytecode enhancement just because an entity has a `@Tran...
• abfe6b9 HHH-18833 Introduce EnhancementContext#getUnsupportedEnhancementStrategy
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions