Skip to content

[pull] main from spring-projects:main#68

Open
pull[bot] wants to merge 756 commits intoClarence404:mainfrom
spring-projects:main
Open

[pull] main from spring-projects:main#68
pull[bot] wants to merge 756 commits intoClarence404:mainfrom
spring-projects:main

Conversation

@pull
Copy link
Copy Markdown

@pull pull Bot commented Feb 2, 2026
edited
Loading

See Commits and Changes for more details.

Created by pull[bot] (v2.0.0-alpha.4)

Can you help keep this open source service alive? 💖 Please sponsor : )

@pull pull Bot locked and limited conversation to collaborators Feb 2, 2026
@pull pull Bot added ⤵️ pull merge-conflict Resolve conflicts manually labels Feb 2, 2026
jzheaux and others added 27 commits March 20, 2026 15:28
@jzheaux
Merge branch '7.0.x'
78015d2
@gbaso @jzheaux
Relax client_id validation in AtJwtBuilder
7b282c3 
RFC 9068 requires that access token JWTs include the `client_id`
claim, but it does not require resource servers to validate it against
a specific value.

Relates to gh-18381

Signed-off-by: Giacomo Baso <gbaso@users.noreply.github.com>
@jzheaux
Polish Formatting
ea05089 
Closes gh-18381

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
@wonderfulrosemari @jzheaux
Clarify @WithSecurityContext thread scope
2a013ff 
Signed-off-by: wonderfulrosemari <whwlsgur1419@naver.com>
@jzheaux
Polish Clarify @WithSecurityContext thread scope
c000477
@wonderfulrosemari @jzheaux
Prefer dispatcher context for authorize tag beans
846794d 
Signed-off-by: wonderfulrosemari <whwlsgur1419@naver.com>
@jzheaux
Polish WebAttributes ApplicationContext Support
d76fb7f 
Closes gh-8843

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
@jzheaux
Add @SuppressWarnings(deprecation) on tests
9b108df 
- add on tests for deprecated class
- add on tests for specific deprecated function

Closes gh-18412

Signed-off-by: Bae Jihong <dasog@naver.com>
@jzheaux
Add @SuppressWarnings(unchecked, rawtypes) on functions in deprecated…
ee06bad 
… class

Closes gh-18412

Signed-off-by: Bae Jihong <dasog@naver.com>
@jzheaux
Add @SupressWarnings(deprecation) for existing functions
5a69486 
- add @SupressWarnings(deprecation) because of deprecated part in logic

Closes gh-18412

Signed-off-by: Bae Jihong <dasog@naver.com>
@jzheaux
Refactor code to remove compiler warnings
bc4cc43 
- replace setTrustResolver with setAuthorizationManagerFactory in MethodSecurityExpressionRootTests
- resolve raw type warning in ExpressionBasedMessageSecurityMetadataSourceFactoryTests

Closes gh-18412

Signed-off-by: Bae Jihong <dasog@naver.com>
@jzheaux
Add test code for setAuthorizationManagerFactory
e9f331c 
- add test for setAuthorizationManagerFactory that is a alternative to setTrustResolver and setDefaultRolePrefix

Closes gh-18412

Signed-off-by: Bae Jihong <dasog@naver.com>
@ngocnhan-tran1996 @jzheaux
Add equals and hashCode to HttpMethodRequestMatcher
62f33d3 
Closes gh-18911

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
@jzheaux
Merge branch '6.5.x' into 7.0.x
4542f58
@jzheaux
Merge branch '7.0.x'
f35b4aa
@dependabot @github-actions
Bump com.fasterxml.jackson:jackson-bom from 2.21.1 to 2.21.2
e6df831 
Bumps [com.fasterxml.jackson:jackson-bom](https://github.com/FasterXML/jackson-bom) from 2.21.1 to 2.21.2.
- [Commits](FasterXML/jackson-bom@jackson-bom-2.21.1...jackson-bom-2.21.2)

---
updated-dependencies:
- dependency-name: com.fasterxml.jackson:jackson-bom
  dependency-version: 2.21.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@jgrandja
Remove checkstyle suppressions for spring-security-oauth2-authorizati…
fe24bd3 
…on-server

Issue gh-18937
@jgrandja
Enable null-safety in spring-security-oauth2-authorization-server
1db0d4f 
Closes gh-18937
@aspan @jzheaux
Implement equals and hashCode closes gh-18882
330c565 
Signed-off-by: Andreas Asplund <andreas@asplund.biz>
@therepanic @jzheaux
Fix equals nullability annotations for jspecify compliance
2fda37d 
In this commit, we added `@Nullable` to equals methods of classes that
support `jspecify` for consistency with other Spring projects and to
avoid bugs that caused other Spring projects to do this natively.

Closes: gh-18929, gh-18927

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
@erichaagdev @rwinch
Gracefully handle detached HEAD in branch version check
91199e7 
Previously, the `CheckExpectedBranchVersionPlugin` would crash the Gradle
configuration phase if the project was in a detached HEAD state or not
in a Git repository, e.g., downloaded as a ZIP.

This commit refactors the plugin to be lazy and adopts several Gradle best
practices:

- Prevents build crashes on Git failures by gracefully catching non-zero
  exit codes, e.g., when checked out in a detached HEAD state.
- Moves the branch validation out of the task's main execution action
  and into an `onlyIf` predicate, allowing Gradle to skip the task
  entirely instead of executing an early return. This makes the skip
  outcome and reason visible in a Build Scan, rather than making it
  appear as if it executed.
- Defers the Git `exec` call to the execution phase using a lazy provider.
- Makes the task configuration cache compatible by avoiding illegal
  `Project` access inside the execution-time `onlyIf` closure.
- Improves user-facing logs and adds actionable bypass instructions when
  the project version doesn't match the branch version.

Signed-off-by: Eric Haag <ehaag@gradle.com>
@Kehrlann @jzheaux
Fix HttpSessionRequestCache#getMatchingRequest query string parsing
aeb5fc1 
- URL parsing changed in framework 6.2, and fails when path contains a % sign.
- The HttpSessionRequestCache only needs to inspect the query string, not the full URL.

Fixes gh-16656

Signed-off-by: Daniel Garnier-Moiroux <git@garnier.wf>
@jzheaux
Merge branch '6.5.x' into 7.0.x
7dea8b8
@jzheaux
Merge branch '7.0.x'
5100bf3
@jzheaux
Return Mono.empty on Empty POST
b6e24db 
Closes gh-18973

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
@jzheaux
Merge branch '6.5.x' into 7.0.x
a7c3e84
@jzheaux
Merge branch '7.0.x'
2a8976f
jzheaux and others added 30 commits April 20, 2026 11:31
@jzheaux
Merge remote-tracking branch 'oss/7.0.x' into 7.0.x
ff1e925
@jzheaux
Merge remote-tracking branch 'oss/6.5.x' into 7.0.x
4c40eeb
@jzheaux
Merge branch '7.0.x' into 7.1.x
a166a62
@jzheaux
Merge remote-tracking branch 'oss/6.5.x' into 6.5.x
3d4e205
@jzheaux
Merge branch '6.5.x' into 7.0.x
1104796
@jzheaux
Merge branch '7.0.x' into main
19d5137
@github-actions
Release 6.5.10
0a9d4dc
@github-actions
Release 7.1.0-RC1
c43c3ec
@github-actions
Release 7.0.5
7b57a4a
@jzheaux
Revert "Release 7.1.0-RC1"
3092278 
This reverts commit c43c3ec.
@jzheaux
Update to Framework 7.0.7
b556e27 
Closes gh-19117

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
@github-actions
Release 7.1.0-RC1
59e32fe
@github-actions
Next development version
6343002
@jzheaux
Fix Formatting
aed95aa 
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
@jzheaux
Fix Formatting
53bc6a7 
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
@github-actions
Next development version
fffc992
@github-actions
Next development version
8720a28
@dependabot @github-actions
Bump org.hibernate.orm:hibernate-core from 7.3.1.Final to 7.3.2.Final
b932571 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 7.3.1.Final to 7.3.2.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/7.3.2/changelog.txt)
- [Commits](hibernate/hibernate-orm@7.3.1...7.3.2)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 7.3.2.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github-actions
Bump com.google.code.gson:gson from 2.13.2 to 2.14.0
06336a6 
Bumps [com.google.code.gson:gson](https://github.com/google/gson) from 2.13.2 to 2.14.0.
- [Release notes](https://github.com/google/gson/releases)
- [Changelog](https://github.com/google/gson/blob/main/CHANGELOG.md)
- [Commits](google/gson@gson-parent-2.13.2...gson-parent-2.14.0)

---
updated-dependencies:
- dependency-name: com.google.code.gson:gson
  dependency-version: 2.14.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github-actions
Bump org-jetbrains-kotlin from 2.3.20 to 2.3.21
3924260 
Bumps `org-jetbrains-kotlin` from 2.3.20 to 2.3.21.

Updates `org.jetbrains.kotlin:kotlin-bom` from 2.3.20 to 2.3.21
- [Release notes](https://github.com/JetBrains/kotlin/releases)
- [Changelog](https://github.com/JetBrains/kotlin/blob/master/ChangeLog.md)
- [Commits](JetBrains/kotlin@v2.3.20...v2.3.21)

Updates `org.jetbrains.kotlin:kotlin-gradle-plugin` from 2.3.20 to 2.3.21
- [Release notes](https://github.com/JetBrains/kotlin/releases)
- [Changelog](https://github.com/JetBrains/kotlin/blob/master/ChangeLog.md)
- [Commits](JetBrains/kotlin@v2.3.20...v2.3.21)

---
updated-dependencies:
- dependency-name: org.jetbrains.kotlin:kotlin-bom
  dependency-version: 2.3.21
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.jetbrains.kotlin:kotlin-gradle-plugin
  dependency-version: 2.3.21
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github-actions
Bump com.fasterxml.jackson:jackson-bom from 2.21.2 to 2.21.3
d184db8 
Bumps [com.fasterxml.jackson:jackson-bom](https://github.com/FasterXML/jackson-bom) from 2.21.2 to 2.21.3.
- [Commits](FasterXML/jackson-bom@jackson-bom-2.21.2...jackson-bom-2.21.3)

---
updated-dependencies:
- dependency-name: com.fasterxml.jackson:jackson-bom
  dependency-version: 2.21.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github-actions
Bump gradle-wrapper from 9.4.1 to 9.5.0
3c88872 
Bumps [gradle-wrapper](https://github.com/gradle/gradle) from 9.4.1 to 9.5.0.
- [Release notes](https://github.com/gradle/gradle/releases)
- [Commits](gradle/gradle@v9.4.1...v9.5.0)

---
updated-dependencies:
- dependency-name: gradle-wrapper
  dependency-version: 9.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@jzheaux
Decode percent-encoded values
b075f0d 
Closes gh-19136

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
@jzheaux
Merge remote-tracking branch 'origin/6.5.x' into 7.0.x
931dfbe
@jzheaux
Merge remote-tracking branch 'origin/7.0.x'
5b8d96f
@jzheaux
Merge branch '6.5.x' into 7.0.x
fdc0fd2 
Closes gh-19137
@jzheaux
Merge branch '7.0.x'
65abe23
@dependabot @github-actions
Bump com.webauthn4j:webauthn4j-core
f7b1447 
Bumps [com.webauthn4j:webauthn4j-core](https://github.com/webauthn4j/webauthn4j) from 0.31.3.RELEASE to 0.31.5.RELEASE.
- [Release notes](https://github.com/webauthn4j/webauthn4j/releases)
- [Commits](webauthn4j/webauthn4j@0.31.3.RELEASE...0.31.5.RELEASE)

---
updated-dependencies:
- dependency-name: com.webauthn4j:webauthn4j-core
  dependency-version: 0.31.5.RELEASE
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github-actions
Bump tools.jackson:jackson-bom from 3.1.2 to 3.1.3
7dcd6f8 
Bumps [tools.jackson:jackson-bom](https://github.com/FasterXML/jackson-bom) from 3.1.2 to 3.1.3.
- [Commits](FasterXML/jackson-bom@jackson-bom-3.1.2...jackson-bom-3.1.3)

---
updated-dependencies:
- dependency-name: tools.jackson:jackson-bom
  dependency-version: 3.1.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github-actions
Bump org.hibernate.orm:hibernate-core from 7.3.2.Final to 7.3.3.Final
8c4c5fe 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 7.3.2.Final to 7.3.3.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/7.3.3/changelog.txt)
- [Commits](hibernate/hibernate-orm@7.3.2...7.3.3)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 7.3.3.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

⤵️ pull merge-conflict Resolve conflicts manually

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.