Bump springSecurityVersion from 5.8.16 to 7.0.2

[dependabot]

Bumps springSecurityVersion from 5.8.16 to 7.0.2.
Updates org.springframework.security:spring-security-web from 5.8.16 to 7.0.2

Release notes

Sourced from org.springframework.security:spring-security-web's releases.

7.0.2

🪲 Bug Fixes

• AuthorizationWebProxyConfiguration should only be active when both spring-security-web and spring-webmvc are on the classpath #18315

7.0.1

⭐ New Features

• Stop deploying JavaDoc outside of Antora #18200

🪲 Bug Fixes

• An unexpected dependency appeared for spring-security-config of spring-security-web #18307
• Fix "typ" header value in NimbusJwtEncoder-encoded JWT #18270
• Fix broken link to Spring Boot docs #18236
• Fix documentation resource server sample title #18231
• Fix MyCustomDsl to use csrf(Customizer) instead of removed csrf().disabled() #18223
• Fix typo in AnnotationTemplateExpressionDefaults documentation #18255
• Fix typos in documentation depenendencies->dependencies #18209
• NimbusJwtEncoder produces JWT with wrong "typ" header value #18269
• OAuth2AuthorizationEndpointFilter should be applied after AuthorizationFilter #18251
• Remove requireProofKey warning for non-auth-code flows #18221
• Remove throws from MyCustomDsl in docs #18224

🔨 Dependency Upgrades

• Bump ch.qos.logback:logback-classic from 1.5.20 to 1.5.21 #18214
• Bump ch.qos.logback:logback-classic from 1.5.21 to 1.5.22 #18311
• Bump com.fasterxml.jackson:jackson-bom from 2.20.0 to 2.20.1 #18245
• Bump com.unboundid:unboundid-ldapsdk from 7.0.3 to 7.0.4 #18262
• Bump io.micrometer:micrometer-observation from 1.14.12 to 1.14.13 #18189
• Bump io.micrometer:micrometer-observation from 1.14.13 to 1.14.14 #18277
• Bump io.mockk:mockk from 1.14.6 to 1.14.7 #18274
• Bump io.projectreactor:reactor-bom from 2025.0.0 to 2025.0.1 #18289
• Bump io.spring.gradle:spring-security-release-plugin from 1.0.10 to 1.0.13 #18187
• Bump org-aspectj from 1.9.24 to 1.9.25 #18186
• Bump org.apache.kerby:kerb-simplekdc from 2.1.0 to 2.1.1 #18215
• Bump org.junit:junit-bom from 6.0.0 to 6.0.1 #18188
• Bump org.springframework.data:spring-data-bom from 2025.1.0 to 2025.1.1 #18312
• Bump org.springframework:spring-framework-bom from 7.0.0 to 7.0.1 #18213
• Bump org.springframework:spring-framework-bom from 7.0.1 to 7.0.2 #18310
• Bump tools.jackson:jackson-bom from 3.0.1 to 3.0.2 #18212
• Bump tools.jackson:jackson-bom from 3.0.2 to 3.0.3 #18244

🔩 Build Updates

• Add Test for ServletRequestPathUtils.parseAndCache(method=null) #18166
• Bump antora from 3.2.0-alpha.10 to 3.2.0-alpha.11 in /docs #18238

❤️ Contributors

... (truncated)

Commits

• 9d08114 Release 7.0.2
• 0155d4a Restore Check for DispatcherServlet on Classpath
• 29ad1e6 Next development version
• 8651868 Release 7.0.1
• 5732f39 Bump ch.qos.logback:logback-classic from 1.5.21 to 1.5.22
• 8bfa849 Bump org.springframework.data:spring-data-bom from 2025.1.0 to 2025.1.1
• e033086 Bump org.springframework:spring-framework-bom from 7.0.1 to 7.0.2
• 964fcac Polish Tests
• 1d1b3ff Fix "typ" header value in NimbusJwtEncoder-encoded JWT
• c8898f9 Test NimbusJwtEncoder & NimbusJwtDecoder symmetrically
• Additional commits viewable in compare view

Updates org.springframework.security:spring-security-oauth2-client from 5.8.16 to 7.0.2

Release notes

Sourced from org.springframework.security:spring-security-oauth2-client's releases.

7.0.2

🪲 Bug Fixes

• AuthorizationWebProxyConfiguration should only be active when both spring-security-web and spring-webmvc are on the classpath #18315

7.0.1

⭐ New Features

• Stop deploying JavaDoc outside of Antora #18200

🪲 Bug Fixes

• An unexpected dependency appeared for spring-security-config of spring-security-web #18307
• Fix "typ" header value in NimbusJwtEncoder-encoded JWT #18270
• Fix broken link to Spring Boot docs #18236
• Fix documentation resource server sample title #18231
• Fix MyCustomDsl to use csrf(Customizer) instead of removed csrf().disabled() #18223
• Fix typo in AnnotationTemplateExpressionDefaults documentation #18255
• Fix typos in documentation depenendencies->dependencies #18209
• NimbusJwtEncoder produces JWT with wrong "typ" header value #18269
• OAuth2AuthorizationEndpointFilter should be applied after AuthorizationFilter #18251
• Remove requireProofKey warning for non-auth-code flows #18221
• Remove throws from MyCustomDsl in docs #18224

🔨 Dependency Upgrades

• Bump ch.qos.logback:logback-classic from 1.5.20 to 1.5.21 #18214
• Bump ch.qos.logback:logback-classic from 1.5.21 to 1.5.22 #18311
• Bump com.fasterxml.jackson:jackson-bom from 2.20.0 to 2.20.1 #18245
• Bump com.unboundid:unboundid-ldapsdk from 7.0.3 to 7.0.4 #18262
• Bump io.micrometer:micrometer-observation from 1.14.12 to 1.14.13 #18189
• Bump io.micrometer:micrometer-observation from 1.14.13 to 1.14.14 #18277
• Bump io.mockk:mockk from 1.14.6 to 1.14.7 #18274
• Bump io.projectreactor:reactor-bom from 2025.0.0 to 2025.0.1 #18289
• Bump io.spring.gradle:spring-security-release-plugin from 1.0.10 to 1.0.13 #18187
• Bump org-aspectj from 1.9.24 to 1.9.25 #18186
• Bump org.apache.kerby:kerb-simplekdc from 2.1.0 to 2.1.1 #18215
• Bump org.junit:junit-bom from 6.0.0 to 6.0.1 #18188
• Bump org.springframework.data:spring-data-bom from 2025.1.0 to 2025.1.1 #18312
• Bump org.springframework:spring-framework-bom from 7.0.0 to 7.0.1 #18213
• Bump org.springframework:spring-framework-bom from 7.0.1 to 7.0.2 #18310
• Bump tools.jackson:jackson-bom from 3.0.1 to 3.0.2 #18212
• Bump tools.jackson:jackson-bom from 3.0.2 to 3.0.3 #18244

🔩 Build Updates

• Add Test for ServletRequestPathUtils.parseAndCache(method=null) #18166
• Bump antora from 3.2.0-alpha.10 to 3.2.0-alpha.11 in /docs #18238

❤️ Contributors

... (truncated)

Commits

• 9d08114 Release 7.0.2
• 0155d4a Restore Check for DispatcherServlet on Classpath
• 29ad1e6 Next development version
• 8651868 Release 7.0.1
• 5732f39 Bump ch.qos.logback:logback-classic from 1.5.21 to 1.5.22
• 8bfa849 Bump org.springframework.data:spring-data-bom from 2025.1.0 to 2025.1.1
• e033086 Bump org.springframework:spring-framework-bom from 7.0.1 to 7.0.2
• 964fcac Polish Tests
• 1d1b3ff Fix "typ" header value in NimbusJwtEncoder-encoded JWT
• c8898f9 Test NimbusJwtEncoder & NimbusJwtDecoder symmetrically
• Additional commits viewable in compare view

Updates org.springframework.security:spring-security-oauth2-jose from 5.8.16 to 7.0.2

Release notes

Sourced from org.springframework.security:spring-security-oauth2-jose's releases.

7.0.2

🪲 Bug Fixes

• AuthorizationWebProxyConfiguration should only be active when both spring-security-web and spring-webmvc are on the classpath #18315

7.0.1

⭐ New Features

• Stop deploying JavaDoc outside of Antora #18200

🪲 Bug Fixes

• An unexpected dependency appeared for spring-security-config of spring-security-web #18307
• Fix "typ" header value in NimbusJwtEncoder-encoded JWT #18270
• Fix broken link to Spring Boot docs #18236
• Fix documentation resource server sample title #18231
• Fix MyCustomDsl to use csrf(Customizer) instead of removed csrf().disabled() #18223
• Fix typo in AnnotationTemplateExpressionDefaults documentation #18255
• Fix typos in documentation depenendencies->dependencies #18209
• NimbusJwtEncoder produces JWT with wrong "typ" header value #18269
• OAuth2AuthorizationEndpointFilter should be applied after AuthorizationFilter #18251
• Remove requireProofKey warning for non-auth-code flows #18221
• Remove throws from MyCustomDsl in docs #18224

🔨 Dependency Upgrades

• Bump ch.qos.logback:logback-classic from 1.5.20 to 1.5.21 #18214
• Bump ch.qos.logback:logback-classic from 1.5.21 to 1.5.22 #18311
• Bump com.fasterxml.jackson:jackson-bom from 2.20.0 to 2.20.1 #18245
• Bump com.unboundid:unboundid-ldapsdk from 7.0.3 to 7.0.4 #18262
• Bump io.micrometer:micrometer-observation from 1.14.12 to 1.14.13 #18189
• Bump io.micrometer:micrometer-observation from 1.14.13 to 1.14.14 #18277
• Bump io.mockk:mockk from 1.14.6 to 1.14.7 #18274
• Bump io.projectreactor:reactor-bom from 2025.0.0 to 2025.0.1 #18289
• Bump io.spring.gradle:spring-security-release-plugin from 1.0.10 to 1.0.13 #18187
• Bump org-aspectj from 1.9.24 to 1.9.25 #18186
• Bump org.apache.kerby:kerb-simplekdc from 2.1.0 to 2.1.1 #18215
• Bump org.junit:junit-bom from 6.0.0 to 6.0.1 #18188
• Bump org.springframework.data:spring-data-bom from 2025.1.0 to 2025.1.1 #18312
• Bump org.springframework:spring-framework-bom from 7.0.0 to 7.0.1 #18213
• Bump org.springframework:spring-framework-bom from 7.0.1 to 7.0.2 #18310
• Bump tools.jackson:jackson-bom from 3.0.1 to 3.0.2 #18212
• Bump tools.jackson:jackson-bom from 3.0.2 to 3.0.3 #18244

🔩 Build Updates

• Add Test for ServletRequestPathUtils.parseAndCache(method=null) #18166
• Bump antora from 3.2.0-alpha.10 to 3.2.0-alpha.11 in /docs #18238

❤️ Contributors

... (truncated)

Commits

• 9d08114 Release 7.0.2
• 0155d4a Restore Check for DispatcherServlet on Classpath
• 29ad1e6 Next development version
• 8651868 Release 7.0.1
• 5732f39 Bump ch.qos.logback:logback-classic from 1.5.21 to 1.5.22
• 8bfa849 Bump org.springframework.data:spring-data-bom from 2025.1.0 to 2025.1.1
• e033086 Bump org.springframework:spring-framework-bom from 7.0.1 to 7.0.2
• 964fcac Polish Tests
• 1d1b3ff Fix "typ" header value in NimbusJwtEncoder-encoded JWT
• c8898f9 Test NimbusJwtEncoder & NimbusJwtDecoder symmetrically
• Additional commits viewable in compare view

Updates org.springframework.security:spring-security-config from 5.8.16 to 7.0.2

Release notes

Sourced from org.springframework.security:spring-security-config's releases.

7.0.2

🪲 Bug Fixes

• AuthorizationWebProxyConfiguration should only be active when both spring-security-web and spring-webmvc are on the classpath #18315

7.0.1

⭐ New Features

• Stop deploying JavaDoc outside of Antora #18200

🪲 Bug Fixes

• An unexpected dependency appeared for spring-security-config of spring-security-web #18307
• Fix "typ" header value in NimbusJwtEncoder-encoded JWT #18270
• Fix broken link to Spring Boot docs #18236
• Fix documentation resource server sample title #18231
• Fix MyCustomDsl to use csrf(Customizer) instead of removed csrf().disabled() #18223
• Fix typo in AnnotationTemplateExpressionDefaults documentation #18255
• Fix typos in documentation depenendencies->dependencies #18209
• NimbusJwtEncoder produces JWT with wrong "typ" header value #18269
• OAuth2AuthorizationEndpointFilter should be applied after AuthorizationFilter #18251
• Remove requireProofKey warning for non-auth-code flows #18221
• Remove throws from MyCustomDsl in docs #18224

🔨 Dependency Upgrades

• Bump ch.qos.logback:logback-classic from 1.5.20 to 1.5.21 #18214
• Bump ch.qos.logback:logback-classic from 1.5.21 to 1.5.22 #18311
• Bump com.fasterxml.jackson:jackson-bom from 2.20.0 to 2.20.1 #18245
• Bump com.unboundid:unboundid-ldapsdk from 7.0.3 to 7.0.4 #18262
• Bump io.micrometer:micrometer-observation from 1.14.12 to 1.14.13 #18189
• Bump io.micrometer:micrometer-observation from 1.14.13 to 1.14.14 #18277
• Bump io.mockk:mockk from 1.14.6 to 1.14.7 #18274
• Bump io.projectreactor:reactor-bom from 2025.0.0 to 2025.0.1 #18289
• Bump io.spring.gradle:spring-security-release-plugin from 1.0.10 to 1.0.13 #18187
• Bump org-aspectj from 1.9.24 to 1.9.25 #18186
• Bump org.apache.kerby:kerb-simplekdc from 2.1.0 to 2.1.1 #18215
• Bump org.junit:junit-bom from 6.0.0 to 6.0.1 #18188
• Bump org.springframework.data:spring-data-bom from 2025.1.0 to 2025.1.1 #18312
• Bump org.springframework:spring-framework-bom from 7.0.0 to 7.0.1 #18213
• Bump org.springframework:spring-framework-bom from 7.0.1 to 7.0.2 #18310
• Bump tools.jackson:jackson-bom from 3.0.1 to 3.0.2 #18212
• Bump tools.jackson:jackson-bom from 3.0.2 to 3.0.3 #18244

🔩 Build Updates

• Add Test for ServletRequestPathUtils.parseAndCache(method=null) #18166
• Bump antora from 3.2.0-alpha.10 to 3.2.0-alpha.11 in /docs #18238

❤️ Contributors

... (truncated)

Commits

• 9d08114 Release 7.0.2
• 0155d4a Restore Check for DispatcherServlet on Classpath
• 29ad1e6 Next development version
• 8651868 Release 7.0.1
• 5732f39 Bump ch.qos.logback:logback-classic from 1.5.21 to 1.5.22
• 8bfa849 Bump org.springframework.data:spring-data-bom from 2025.1.0 to 2025.1.1
• e033086 Bump org.springframework:spring-framework-bom from 7.0.1 to 7.0.2
• 964fcac Polish Tests
• 1d1b3ff Fix "typ" header value in NimbusJwtEncoder-encoded JWT
• c8898f9 Test NimbusJwtEncoder & NimbusJwtDecoder symmetrically
• Additional commits viewable in compare view

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
org.springframework.security:spring-security-config	[>= 6.a, < 7]
org.springframework.security:spring-security-oauth2-client	[>= 6.a, < 7]
org.springframework.security:spring-security-oauth2-jose	[>= 6.a, < 7]
org.springframework.security:spring-security-web	[>= 6.a, < 7]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)