chore(deps): update spring security

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
org.springframework.security:spring-security-test (source)	7.0.4 → 7.1.0

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

spring-projects/spring-security (org.springframework.security:spring-security-test)

v7.1.0

Compare Source

🪲 Bug Fixes

• Opaque token introspectors should not allow empty credentials #​19201

🔨 Dependency Upgrades

• Bump @springio/antora-extensions from 1.14.11 to 1.14.12 in /docs #​19235
• Bump actions/checkout from 6.0.2 to 6.0.3 #​19271
• Bump antora from 3.2.0-alpha.11 to 3.2.0-alpha.12 in /docs #​19181
• Bump ch.qos.logback:logback-classic from 1.5.32 to 1.5.33 #​19228
• Bump ch.qos.logback:logback-classic from 1.5.33 to 1.5.34 #​19268
• Bump com.fasterxml.jackson:jackson-bom from 2.21.2 to 2.21.3 #​19133
• Bump com.fasterxml.jackson:jackson-bom from 2.21.3 to 2.22.0 #​19246
• Bump com.google.code.gson:gson from 2.13.2 to 2.14.0 #​19125
• Bump com.nimbusds:oauth2-oidc-sdk from 11.37 to 11.37.1 #​19157
• Bump com.nimbusds:oauth2-oidc-sdk from 11.37 to 11.37.2 #​19195
• Bump com.webauthn4j:webauthn4j-core from 0.31.3.RELEASE to 0.31.5.RELEASE #​19148
• Bump com.webauthn4j:webauthn4j-core from 0.31.5.RELEASE to 0.31.6.RELEASE #​19263
• Bump gradle-wrapper from 9.4.1 to 9.5.0 #​19135
• Bump gradle-wrapper from 9.5.0 to 9.5.1 #​19171
• Bump io-micrometer from 1.16.5 to 1.17.0 #​19287
• Bump io.mockk:mockk from 1.14.9 to 1.14.11 #​19244
• Bump io.projectreactor:reactor-bom from 2025.0.5 to 2025.0.6 #​19296
• Bump org-jetbrains-kotlin from 2.3.20 to 2.3.21 #​19126
• Bump org-jetbrains-kotlin from 2.3.21 to 2.4.0 #​19264
• Bump org-opensaml5 from 5.2.1 to 5.2.2 #​19176
• Bump org.apache.maven:maven-resolver-provider from 3.9.15 to 3.9.16 #​19190
• Bump org.apereo.cas.client:cas-client-core from 4.1.0 to 4.1.1 #​19200
• Bump org.hibernate.orm:hibernate-core from 7.3.1.Final to 7.3.2.Final #​19119
• Bump org.hibernate.orm:hibernate-core from 7.3.2.Final to 7.3.3.Final #​19149
• Bump org.hibernate.orm:hibernate-core from 7.3.3.Final to 7.3.4.Final #​19165
• Bump org.hibernate.orm:hibernate-core from 7.3.4.Final to 7.3.5.Final #​19191
• Bump org.hibernate.orm:hibernate-core from 7.3.5.Final to 7.3.6.Final #​19211
• Bump org.hibernate.orm:hibernate-core from 7.3.6.Final to 7.4.0.Final #​19226
• Bump org.jetbrains.kotlinx:kotlinx-coroutines-bom from 1.10.2 to 1.11.0 #​19166
• Bump org.junit:junit-bom from 6.0.3 to 6.1.0 #​19197
• Bump org.slf4j:slf4j-api from 2.0.17 to 2.0.18 #​19169
• Bump org.springframework.data:spring-data-bom from 2025.1.5 to 2025.1.6 #​19290
• Bump org.springframework.ldap:spring-ldap-core from 4.0.3 to 4.1.0 #​19291
• Bump org.springframework:spring-framework-bom from 7.0.7 to 7.0.8 #​19285
• Bump spring-io/spring-release-actions from 0.0.4 to 0.0.5 #​19179
• Bump tools.jackson:jackson-bom from 3.1.2 to 3.1.3 #​19147
• Bump tools.jackson:jackson-bom from 3.1.3 to 3.1.4 #​19245
• Bump tools.jackson:jackson-bom from 3.1.4 to 3.2.0 #​19286
• Update to spring-data-bom 2026.0.0 #​19303

🔩 Build Updates

• Release 7.1.0 #​19218

v7.0.6

Compare Source

🪲 Bug Fixes

• FormPostRedirectStrategy should not emit percent-encoded values into hidden form inputs #​19137
• AbstractAuthenticationFilterConfigurer should not automatically pick up servlet path #​19128
• Principal Extractor should select the left-most RDN attribute value #​19254

🔨 Dependency Upgrades

• Bump antora from 3.2.0-alpha.11 to 3.2.0-alpha.12 in /docs #​19184
• Bump ch.qos.logback:logback-classic from 1.5.32 to 1.5.34 #​19266
• Bump com.webauthn4j:webauthn4j-core from 0.31.3.RELEASE to 0.31.5.RELEASE #​19151
• Bump com.webauthn4j:webauthn4j-core from 0.31.5.RELEASE to 0.31.6.RELEASE #​19265
• Bump gradle-wrapper from 8.14.4 to 8.14.5 #​19160
• Bump io-micrometer from 1.16.5 to 1.16.6 #​19292
• Bump io.mockk:mockk from 1.14.9 to 1.14.11 #​19247
• Bump io.projectreactor:reactor-bom from 2025.0.5 to 2025.0.6 #​19298
• Bump org-bouncycastle from 1.80 to 1.80.2 #​19193
• Bump org.apache.maven:maven-resolver-provider from 3.9.15 to 3.9.16 #​19192
• Bump org.slf4j:slf4j-api from 2.0.17 to 2.0.18 #​19174
• Bump org.springframework.data:spring-data-bom from 2025.1.5 to 2025.1.6 #​19294
• Bump org.springframework.ldap:spring-ldap-core from 4.0.3 to 4.0.4 #​19289
• Bump org.springframework:spring-framework-bom from 7.0.7 to 7.0.8 #​19288
• Bump spring-io/spring-release-actions from 0.0.4 to 0.0.5 #​19182
• Update to Micrometer 1.16.5 #​19225

🔩 Build Updates

• Release 7.0.6 #​19239

v7.0.5

Compare Source

⭐ New Features

• Add XML Based shouldWriteHeadersEagerly tests #​19018
• Merge Add CredentialRecordOwnerAuthorizationManager #​19005

🪲 Bug Fixes

• Add equals and hashcode to HttpMethodRequestMatcher #​18963
• auth_time claim doesn't show the time of the original authentication #​18282
• auth_time validation fails when SSO session is renewed #​18978
• Fallback defaultTargetUrl if refererHeader is empty #​18981
• Fix HttpSessionRequestCache#getMatchingRequest query string parsing #​18972
• Merge Handle null value in OnCommittedResponseWrapper header methods #​18990
• OAuth2 client sessionManagement ineffective with DefaultOidcUser #​19022

🔨 Dependency Upgrades

• Bump @springio/antora-extensions from 1.14.10 to 1.14.11 in /docs #​19054
• Bump @springio/antora-extensions from 1.14.7 to 1.14.9 in /docs #​18953
• Bump @springio/antora-extensions from 1.14.9 to 1.14.10 in /docs #​19029
• Bump @springio/asciidoctor-extensions from 1.0.0-alpha.17 to 1.0.0-alpha.18 in /docs #​18957
• Bump actions/upload-artifact from 7.0.0 to 7.0.1 #​19096
• Bump com.webauthn4j:webauthn4j-core from 0.31.1.RELEASE to 0.31.2.RELEASE #​19021
• Bump com.webauthn4j:webauthn4j-core from 0.31.2.RELEASE to 0.31.3.RELEASE #​19114
• Bump io.projectreactor:reactor-bom from 2025.0.4 to 2025.0.5 #​19080
• Bump org.apache.maven:maven-resolver-provider from 3.9.14 to 3.9.15 #​19111
• Bump org.springframework.data:spring-data-bom from 2025.1.4 to 2025.1.5 #​19113
• Bump org.springframework.ldap:spring-ldap-core from 4.0.2 to 4.0.3 #​19098
• Bump org.springframework:spring-framework-bom from 7.0.6 to 7.0.7 #​19112
• Bump spring-io/spring-gradle-build-action from 2.0.5 to 2.0.6 #​18996
• Bump spring-io/spring-release-actions from 0.0.3 to 0.0.4 #​19095
• Bump spring-io/spring-security-release-tools/.github/workflows/update-scheduled-release-version.yml from 1.0.14 to 1.0.15 #​18948

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​rwinch

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.