Update all dependencies (major)

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Type	Update	Change	Age	Confidence
actions/cache	action	major	v4 → v5
actions/checkout	action	major	v4 → v6
actions/setup-java	action	major	v4 → v5
org.junit.jupiter:junit-jupiter (source)	compile	major	5.13.1 → 6.0.3
org.springframework.security:spring-security-core (source)	compile	major	5.8.16 → 7.0.5

---

Release Notes

actions/cache (actions/cache)

v5.0.5

Compare Source

What's Changed

• Update ts-http-runtime dependency by @​yacaovsnc in #​1747

Full Changelog: actions/cache@v5...v5.0.5

v5.0.4

Compare Source

v5.0.3

Compare Source

What's Changed

• Bump @actions/cache to v5.0.5 (Resolves: https://github.com/actions/cache/security/dependabot/33)
• Bump @actions/core to v2.0.3

Full Changelog: actions/cache@v5...v5.0.3

v5.0.2

Compare Source

v5.0.1

Compare Source

v5.0.0

Compare Source

v5

Compare Source

v4.3.0

Compare Source

What's Changed

• Add note on runner versions by @​GhadimiR in #​1642
• Prepare v4.3.0 release by @​Link- in #​1655

New Contributors

• @​GhadimiR made their first contribution in #​1642

Full Changelog: actions/cache@v4...v4.3.0

v4.2.4

Compare Source

What's Changed

• Update README.md by @​nebuk89 in #​1620
• Upgrade @actions/cache to 4.0.5 and move @protobuf-ts/plugin to dev depdencies by @​Link- in #​1634
• Prepare release 4.2.4 by @​Link- in #​1636

New Contributors

• @​nebuk89 made their first contribution in #​1620

Full Changelog: actions/cache@v4...v4.2.4

v4.2.3

Compare Source

What's Changed

• Update to use @​actions/cache 4.0.3 package & prepare for new release by @​salmanmkc in #​1577 (SAS tokens for cache entries are now masked in debug logs)

New Contributors

• @​salmanmkc made their first contribution in #​1577

Full Changelog: actions/cache@v4.2.2...v4.2.3

v4.2.2

Compare Source

What's Changed

[!IMPORTANT]
As a reminder, there were important backend changes to release v4.2.0, see those release notes and the announcement for more details.

• Bump @​actions/cache to v4.0.2 by @​robherley in #​1560

Full Changelog: actions/cache@v4.2.1...v4.2.2

v4.2.1

Compare Source

What's Changed

[!IMPORTANT]
As a reminder, there were important backend changes to release v4.2.0, see those release notes and the announcement for more details.

• docs: GitHub is spelled incorrectly in caching-strategies.md by @​janco-absa in #​1526
• docs: Make the "always save prime numbers" example more clear by @​Tobbe in #​1525
• Update force deletion docs due a recent deprecation by @​sebbalex in #​1500
• Bump @​actions/cache to v4.0.1 by @​robherley in #​1554

New Contributors

• @​janco-absa made their first contribution in #​1526
• @​Tobbe made their first contribution in #​1525
• @​sebbalex made their first contribution in #​1500

Full Changelog: actions/cache@v4.2.0...v4.2.1

v4.2.0

Compare Source

⚠️ Important Changes

The cache backend service has been rewritten from the ground up for improved performance and reliability. actions/cache now integrates with the new cache service (v2) APIs.

The new service will gradually roll out as of February 1st, 2025. The legacy service will also be sunset on the same date. Changes in these release are fully backward compatible.

We are deprecating some versions of this action. We recommend upgrading to version v4 or v3 as soon as possible before February 1st, 2025. (Upgrade instructions below).

If you are using pinned SHAs, please use the SHAs of versions v4.2.0 or v3.4.0

If you do not upgrade, all workflow runs using any of the deprecated actions/cache will fail.

Upgrading to the recommended versions will not break your workflows.

Read more about the change & access the migration guide: reference to the announcement.

Minor changes

Minor and patch version updates for these dependencies:

• @​actions/core: 1.11.1
• @​actions/io: 1.1.3
• @​vercel/ncc: 0.38.3

Full Changelog: actions/cache@v4.1.2...v4.2.0

v4.1.2

Compare Source

What's Changed

• Add Bun example by @​idleberg in #​1456
• Revise isGhes logic by @​jww3 in #​1474
• Bump braces from 3.0.2 to 3.0.3 by @​dependabot in #​1475
• Add dependabot.yml to enable automatic dependency upgrades by @​Link- in #​1476
• Bump actions/checkout from 3 to 4 by @​dependabot in #​1478
• Bump actions/stale from 3 to 9 by @​dependabot in #​1479
• Bump github/codeql-action from 2 to 3 by @​dependabot in #​1483
• Bump actions/setup-node from 3 to 4 by @​dependabot in #​1481
• Prepare 4.1.2 release by @​Link- in #​1477

New Contributors

• @​idleberg made their first contribution in #​1456
• @​jww3 made their first contribution in #​1474
• @​Link- made their first contribution in #​1476

Full Changelog: actions/cache@v4.1.1...v4.1.2

v4.1.1

Compare Source

What's Changed

• Restore original behavior of cache-hit output by @​joshmgross in #​1467

Full Changelog: actions/cache@v4.1.0...v4.1.1

v4.1.0

Compare Source

What's Changed

• Fix cache-hit output when cache missed by @​fchimpan in #​1404
• Deprecate save-always input by @​joshmgross in #​1452

New Contributors

• @​ottlinger made their first contribution in #​1437
• @​Olegt0rr made their first contribution in #​1377
• @​fchimpan made their first contribution in #​1404
• @​x612skm made their first contribution in #​1434
• @​todgru made their first contribution in #​1311
• @​Jcambass made their first contribution in #​1463
• @​mackey0225 made their first contribution in #​1462
• @​quatquatt made their first contribution in #​1445

Full Changelog: actions/cache@v4.0.2...v4.1.0

v4.0.2

Compare Source

What's Changed

• Fix fail-on-cache-miss not working by @​cdce8p in #​1327

Full Changelog: actions/cache@v4.0.1...v4.0.2

v4.0.1

Compare Source

What's Changed

• Update README.md by @​yacaovsnc in #​1304
• Update examples by @​yacaovsnc in #​1305
• Update actions/cache publish flow by @​bethanyj28 in #​1340
• Update @​actions/cache by @​bethanyj28 in #​1341

New Contributors

• @​yacaovsnc made their first contribution in #​1304

Full Changelog: actions/cache@v4...v4.0.1

actions/checkout (actions/checkout)

v6.0.2

Compare Source

• Fix tag handling: preserve annotations and explicit fetch-tags by @​ericsciple in #​2356

v6.0.1

Compare Source

v6.0.0

Compare Source

v6

Compare Source

v5.0.1

Compare Source

What's Changed

• Port v6 cleanup to v5 by @​ericsciple in #​2301

Full Changelog: actions/checkout@v5...v5.0.1

v5.0.0

Compare Source

What's Changed

• Update actions checkout to use node 24 by @​salmanmkc in #​2226
• Prepare v5.0.0 release by @​salmanmkc in #​2238

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/checkout@v4...v5.0.0

v5

Compare Source

v4.3.1

Compare Source

What's Changed

• Port v6 cleanup to v4 by @​ericsciple in #​2305

Full Changelog: actions/checkout@v4...v4.3.1

v4.3.0

Compare Source

What's Changed

• docs: update README.md by @​motss in #​1971
• Add internal repos for checking out multiple repositories by @​mouismail in #​1977
• Documentation update - add recommended permissions to Readme by @​benwells in #​2043
• Adjust positioning of user email note and permissions heading by @​joshmgross in #​2044
• Update README.md by @​nebuk89 in #​2194
• Update CODEOWNERS for actions by @​TingluoHuang in #​2224
• Update package dependencies by @​salmanmkc in #​2236
• Prepare release v4.3.0 by @​salmanmkc in #​2237

New Contributors

• @​motss made their first contribution in #​1971
• @​mouismail made their first contribution in #​1977
• @​benwells made their first contribution in #​2043
• @​nebuk89 made their first contribution in #​2194
• @​salmanmkc made their first contribution in #​2236

Full Changelog: actions/checkout@v4...v4.3.0

v4.2.2

Compare Source

• url-helper.ts now leverages well-known environment variables by @​jww3 in #​1941
• Expand unit test coverage for isGhes by @​jww3 in #​1946

v4.2.1

Compare Source

• Check out other refs/* by commit if provided, fall back to ref by @​orhantoy in #​1924

v4.2.0

Compare Source

• Add Ref and Commit outputs by @​lucacome in #​1180
• Dependency updates by @​dependabot- #​1777, #​1872

v4.1.7

Compare Source

• Bump the minor-npm-dependencies group across 1 directory with 4 updates by @​dependabot in #​1739
• Bump actions/checkout from 3 to 4 by @​dependabot in #​1697
• Check out other refs/* by commit by @​orhantoy in #​1774
• Pin actions/checkout's own workflows to a known, good, stable version. by @​jww3 in #​1776

v4.1.6

Compare Source

• Check platform to set archive extension appropriately by @​cory-miller in #​1732

v4.1.5

Compare Source

• Update NPM dependencies by @​cory-miller in #​1703
• Bump github/codeql-action from 2 to 3 by @​dependabot in #​1694
• Bump actions/setup-node from 1 to 4 by @​dependabot in #​1696
• Bump actions/upload-artifact from 2 to 4 by @​dependabot in #​1695
• README: Suggest user.email to be 41898282+github-actions[bot]@​users.noreply.github.com by @​cory-miller in #​1707

v4.1.4

Compare Source

• Disable extensions.worktreeConfig when disabling sparse-checkout by @​jww3 in #​1692
• Add dependabot config by @​cory-miller in #​1688
• Bump the minor-actions-dependencies group with 2 updates by @​dependabot in #​1693
• Bump word-wrap from 1.2.3 to 1.2.5 by @​dependabot in #​1643

v4.1.3

Compare Source

• Check git version before attempting to disable sparse-checkout by @​jww3 in #​1656
• Add SSH user parameter by @​cory-miller in #​1685
• Update actions/checkout version in update-main-version.yml by @​jww3 in #​1650

v4.1.2

Compare Source

• Fix: Disable sparse checkout whenever sparse-checkout option is not present @​dscho in #​1598

v4.1.1

Compare Source

• Correct link to GitHub Docs by @​peterbe in #​1511
• Link to release page from what's new section by @​cory-miller in #​1514

v4.1.0

Compare Source

• Add support for partial checkout filters

actions/setup-java (actions/setup-java)

v5.2.0

Compare Source

What's Changed

Enhancement

• Retry on HTTP 522 Connection timed out by @​findepi in #​964

Documentation Changes

• Update gradle caching by @​priya-kinthali in #​972
• Update checkout to v6 by @​mahabaleshwars in #​973

Dependency Updates

• Upgrade @​actions/cache to v5 by @​salmanmkc in #​968
• Upgrade actions/checkout from 5 to 6 by @​dependabot in #​961

New Contributors

• @​findepi made their first contribution in #​964

Full Changelog: actions/setup-java@v5...v5.2.0

v5.1.0

Compare Source

What's Changed

New Features

• Add support for .sdkmanrc file in java-version-file parameter by @​guicamest in #​736
• Add support for Microsoft OpenJDK 25 builds by @​the-mod in #​927

Bug Fixes & Improvements

• Update Regex to Support All ASDF Versions for the supported distributions in tool-versions File by @​aparnajyothi-y in #​767
• Enhance error logging for network failures to include endpoint/IP details, add retry mechanism and update workflows to use macos-15-intel by @​priya-kinthali in #​946
• Update SapMachine URLs by @​RealCLanger in #​955
• Add GitHub Token Support for GraalVM and Refactor Code by @​mahabaleshwars in #​849

Documentation changes

• Update documentation to use checkout and Java v5 by @​lmvysakh in #​903
• Clarify JAVA_HOME and PATH setup in README by @​chiranjib-swain in #​841

Dependency updates

• Upgrade prettier from 2.8.8 to 3.6.2 and document breaking changes in v5 by @​dependabot in #​873
• Upgrade actions/publish-action from 0.3.0 to 0.4.0 by @​dependabot in #​912

New Contributors

• @​lmvysakh made their first contribution in #​903
• @​chiranjib-swain made their first contribution in #​841
• @​the-mod made their first contribution in #​927
• @​priya-kinthali made their first contribution in #​946
• @​guicamest made their first contribution in #​736

Full Changelog: actions/setup-java@v5...v5.1.0

v5.0.0

Compare Source

What's Changed

Breaking Changes

• Upgrade to node 24 by @​salmanmkc in #​888

Make sure your runner is updated to this version or newer to use this release. v2.327.1 Release Notes

Dependency Upgrades

• Upgrade Publish Immutable Action by @​HarithaVattikuti in #​798
• Upgrade eslint-plugin-jest from 27.9.0 to 28.11.0 by @​dependabot[bot] in #​730
• Upgrade undici from 5.28.5 to 5.29.0 by @​dependabot[bot] in #​833
• Upgrade form-data to bring in fix for critical vulnerability by @​gowridurgad in #​887
• Upgrade actions/checkout from 4 to 5 by @​dependabot[bot] in #​896

Bug Fixes

• Prevent default installation of JetBrains pre-releases by @​priyagupta108 in #​859
• Improve Error Handling for Setup-Java Action to Help Debug Intermittent Failures by @​gowridurgad in #​848

New Contributors

• @​gowridurgad made their first contribution in #​848
• @​salmanmkc made their first contribution in #​888

Full Changelog: actions/setup-java@v4...v5.0.0

v5

Compare Source

v4.8.0

Compare Source

What's Changed

• License and Audit Fixes by @​HarithaVattikuti in #​960
• Update SapMachine URLs by @​RealCLanger in #​965

Full Changelog: actions/setup-java@v4...v4.8.0

v4.7.1

Compare Source

What's Changed

Documentation changes

• Add Documentation to Recommend Using GraalVM JDK 17 Version to 17.0.12 to Align with GFTC License Terms by @​aparnajyothi-y in #​704
• Remove duplicated GraalVM section in documentation by @​Marcono1234 in #​716

Dependency updates:

• Upgrade @​action/cache from 4.0.0 to 4.0.2 by @​aparnajyothi-y in #​766
• Upgrade @​actions/glob from 0.4.0 to 0.5.0 by @​dependabot in #​744
• Upgrade ts-jest from 29.1.2 to 29.2.5 by @​dependabot in #​743
• Upgrade @​action/cache to 4.0.3 by @​aparnajyothi-y in #​773

Full Changelog: actions/setup-java@v4...v4.7.1

v4.7.0

Compare Source

What's Changed

• Configure Dependabot settings by @​HarithaVattikuti in #​722
• README Update: Added a permissions section by @​benwells in #​723
• Upgrade cache from version 3.2.4 to 4.0.0 by @​aparnajyothi-y in #​724
• Upgrade @actions/http-client from 2.2.1 to 2.2.3 by @​dependabot in #​728
• Upgrade actions/publish-immutable-action from 0.0.3 to 0.0.4 by @​dependabot in #​727
• Upgrade @types/jest from 29.5.12 to 29.5.14 by @​dependabot in #​729

New Contributors

• @​benwells made their first contribution in #​723

Full Changelog: actions/setup-java@v4...v4.7.0

v4.6.0

Compare Source

What's Changed

Add-ons:

• Add Support for JetBrains Runtime by @​gmitch215 in #​637

 - name: Checkout
   uses: actions/checkout@v4
 - name: Setup-java
   uses: actions/setup-java@v4
   with:
     distribution: ‘jetbrains’
     java-version: '21'

Bug fixes:

• Fix Ubuntu-latest CI failures by @​mahabaleshwars in #​693

New Contributors

• @​gmitch215 made their first contribution in #​637

Full Changelog: actions/setup-java@v4...v4.6.0

v4.5.0

Compare Source

What's Changed

• Upgrade IA Publish by @​Jcambass in #​686

Bug fixes:

• Improve archive extraction on windows runners without powershell core and Update micromatch dependency by @​priyagupta108 in #​689
• Update workflows for GraalVM and Version Enhancements by @​mahabaleshwars in #​699
• Refine isGhes logic by @​jww3 in #​697

New Contributors:

• @​priyagupta108 made their first contribution in #​689
• @​jww3 made their first contribution in #​697

Full Changelog: actions/setup-java@v4...v4.5.0

v4.4.0

Compare Source

What's Changed

Add-ons :

• Add support for Oracle GraalVM by @​fniephaus in #​501

steps:
 - name: Checkout
   uses: actions/checkout@v4
 - name: Setup-java
   uses: actions/setup-java@v4
   with:
     distribution: 'graalvm'
     java-version: '21'

• Add workflow file for publishing releases to immutable action package by @​Jcambass in #​684

Bug fixes :

• Add architecture to cache key by @​Zxilly in #​664
  This addresses issues with caching by adding the architecture (arch) to the cache key, ensuring that cache keys are accurate to prevent conflicts.
  Note: This change may break previous cache keys as they will no longer be compatible with the new format.
• Resolve check failures by @​aparnajyothi-y in #​687

New Contributors

• @​Jcambass made their first contribution in #​684
• @​Zxilly made their first contribution in #​664

Full Changelog: actions/setup-java@v4...v4.4.0

v4.3.0

Compare Source

What's Changed

• Add support for SapMachine JDK/JRE by @​Shegox in #​614

steps:
 - name: Checkout
   uses: actions/checkout@v4
 - name: Setup-java
   uses: actions/setup-java@v4
   with:
     distribution: 'sapmachine'
     java-version: '21'

Bug fixes :

• Fix typos on Corretto by @​johnshajiang in #​666
• IBM Semeru Enhancement on arm64 by @​mahabaleshwars in #​677
• Resolve Basic Validation Check Failures by @​aparnajyothi-y
 in #​682

New Contributors :

• @​johnshajiang made their first contribution in #​666
• @​Shegox made their first contribution in #​614

Full Changelog: actions/setup-java@v4...v4.3.0

v4.2.2

Compare Source

What's Changed



Bug fixes:

• Fix macos latest check failures by @​HarithaVattikuti in #​634
• Fix dragonwell distribution parsing issues by @​Accelerator1996 in #​643

Documentation changes

• Update advanced documentation for java-version-file by @​mahabaleshwars in #​622

Dependency updates:

• Bump undici from 5.28.3 to 5.28.4 and other dependency updates by @​dependabot in #​616

Full Changelog: actions/setup-java@v4...v4.2.2

v4.2.1

Compare Source

What's Changed

• Patch for java version file to accept it from any path by @​mahabaleshwars in #​610

Full Changelog: actions/setup-java@v4...v4.2.1

v4.2.0

Compare Source

What's Changed

• Updated actions/httpclient version to 2.2.1 and other dependencies by @​HarithaVattikuti in #​607
• Added .tool-versions file support along with .java-version file by @​mahabaleshwars in #​606

New Contributors

• @​HarithaVattikuti made their first contribution in #​607
  Full Changelog: actions/setup-java@v4...v4.2.0

v4.1.0

Compare Source

What's Changed

• Added Windows Arm64 Support for Windows Arm64 Runners by @​mahabaleshwars in #​595
• feat: bump actions/checkout and actions/setup-java to v4 by @​kbdharun in #​533
• Handle authorization when the token is undefined by @​peter-murray in #​556
• Documentation update of Java 21 by @​Okeanos in #​566
• Documentation update about maven-gpg-plugin version note by @​IvanZosimov in #​570
• Oracle JDK 21 support by @​jdubois in #​538
• Fix typo in configuration example by @​Bananeweizen in #​572

New Contributors

• @​kbdharun made their first contribution in #​533
• @​peter-murray made their first contribution in #​556
• @​jdubois made their first contribution in #​538
• @​Bananeweizen made their first contribution in #​572
• @​mahabaleshwars made their first contribution in #​595

Full Changelog: actions/setup-java@v4...v4.1.0

spring-projects/spring-security (org.springframework.security:spring-security-core)

v7.0.5

Compare Source

⭐ New Features

• Add XML Based shouldWriteHeadersEagerly tests #​19018
• Merge Add CredentialRecordOwnerAuthorizationManager #​19005

🪲 Bug Fixes

• Add equals and hashcode to HttpMethodRequestMatcher #​18963
• auth_time claim doesn't show the time of the original authentication #​18282
• auth_time validation fails when SSO session is renewed #​18978
• Fallback defaultTargetUrl if refererHeader is empty #​18981
• Fix HttpSessionRequestCache#getMatchingRequest query string parsing #​18972
• Merge Handle null value in OnCommittedResponseWrapper header methods #​18990
• OAuth2 client sessionManagement ineffective with DefaultOidcUser #​19022

🔨 Dependency Upgrades

• Bump @springio/antora-extensions from 1.14.10 to 1.14.11 in /docs #​19054
• Bump @springio/antora-extensions from 1.14.7 to 1.14.9 in /docs #​18953
• Bump @springio/antora-extensions from 1.14.9 to 1.14.10 in /docs #​19029
• Bump @springio/asciidoctor-extensions from 1.0.0-alpha.17 to 1.0.0-alpha.18 in /docs #​18957
• Bump actions/upload-artifact from 7.0.0 to 7.0.1 #​19096
• Bump com.webauthn4j:webauthn4j-core from 0.31.1.RELEASE to 0.31.2.RELEASE #​19021
• Bump com.webauthn4j:webauthn4j-core from 0.31.2.RELEASE to 0.31.3.RELEASE #​19114
• Bump io.projectreactor:reactor-bom from 2025.0.4 to 2025.0.5 #​19080
• Bump org.apache.maven:maven-resolver-provider from 3.9.14 to 3.9.15 #​19111
• Bump org.springframework.data:spring-data-bom from 2025.1.4 to 2025.1.5 #​19113
• Bump org.springframework.ldap:spring-ldap-core from 4.0.2 to 4.0.3 #​19098
• Bump org.springframework:spring-framework-bom from 7.0.6 to 7.0.7 #​19112
• Bump spring-io/spring-gradle-build-action from 2.0.5 to 2.0.6 #​18996
• Bump spring-io/spring-release-actions from 0.0.3 to 0.0.4 #​19095
• Bump spring-io/spring-security-release-tools/.github/workflows/update-scheduled-release-version.yml from 1.0.14 to 1.0.15 #​18948

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​rwinch

v7.0.4

Compare Source

⭐ New Features

• Update RestTemplateBuilder usage in opaque-token.adoc #​18836

🪲 Bug Fixes

• Fix GrantedAuthority.authority null in AuthoritiesAuthorizationManager #​18784
• Add Jackson Mixin for WebAuthnAuthentication #​18878
• Add Missing OnCommitedResponseWrapper Header Overrides #​18799
• Document the change in dependency coordinates with Spring Security 7 #​18773
• Ensure tests clear AuthorizationServerContextHolder #​18768
• Fix CookieRequestCache parameters #​18864
• Fix Flaky Crypto Tests #​18842
• Fix Jackson Deserializer for AuthenticationExtensionsClientOutputs #​18897
• HttpMessageConverterAuthenticationSuccessHandler Supports Jackson 3 #​18834
• OAuth2DeviceVerificationEndpointFilter should be applied after AuthorizationFilter #​18873
• Restore upgradeEncoding condition in DaoAuthenticationProvider #​18788
• saveAuthenticat

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • "every weekend"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.