fix(deps): update spring ws to v5

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
org.springframework.ws:spring-ws-security (source)	2.4.7.RELEASE → 5.0.1

---

Release Notes

spring-projects/spring-ws (org.springframework.ws:spring-ws-security)

v5.0.1

Compare Source

🐞 Bug Fixes

• HttpComponents5Connection should not reply on response headers to determine if the response is gzipped #​1755

📔 Documentation

• Add documentation of Shibboleth repository requirement to reference docs #​1776
• Examples in the reference documentation for WSS4J refer to an outdated package #​1774
• XwsSecurityInterceptor examples should be dropped from reference documentation #​1772

🔨 Dependency Upgrades

• Upgrade to Jakarta XML Bind 4.0.5 #​1800
• Upgrade to JAXB 4.0.7 #​1799
• Upgrade to Spring Framework 7.0.6 #​1795
• Upgrade to Spring Security 7.0.4 #​1796

v5.0.0

Compare Source

Full release notes for Spring WS 5.0 are available on the wiki.

🐞 Bug Fixes

• SoapBody declares that the Locale is mandatory where it is optional in SOAP 1.1 #​1744
• XPathExpression and XPathObeservation have invalid nullability declarations #​1727

🔨 Dependency Upgrades

• Upgrade to Spring Framework 7.0.0 #​1728
• Upgrade to Spring Security 7.0.0 #​1730
• Upgrade to WSS4J 4.0.1 #​1739

v4.1.3

Compare Source

🐞 Bug Fixes

• HttpComponents5Connection should not reply on response headers to determine if the response is gzipped #​1754

📔 Documentation

• Examples in the reference documentation for WSS4J refer to an outdated package #​1773
• Add documentation of Shibboleth repository requirement to reference docs #​1771
• XwsSecurityInterceptor examples should be dropped from reference documentation #​1359

🔨 Dependency Upgrades

• Upgrade to Jakarta XML Bind 4.0.5 #​1798
• Upgrade to JAXB 4.0.7 #​1797
• Upgrade to Spring Framework 6.2.17 #​1783
• Upgrade to Spring Security 6.5.9 #​1785
• Upgrade to WSS4J 4.0.1 #​1784

v4.1.2

Compare Source

🐞 Bug Fixes

• WebServiceMessageCallback is not invoked when payload is null #​1667

📔 Documentation

• XML invalid in CustomSoapExceptionResolver example #​1671
• Harmonize links to 'Spring Framework reference documentation' #​1665

🔨 Dependency Upgrades

• Upgrade to Jakarta Activation 2.1.4 #​1699
• Upgrade to Jakarta Mail 2.1.5 #​1701
• Upgrade to Jakarta XML Bind 4.0.4 #​1702
• Upgrade to JAXB 4.0.6 #​1704
• Upgrade to Spring Framework 6.2.12 #​1678
• Upgrade to Spring Security 6.5.6 #​1679

v4.1.1

Compare Source

🔨 Dependency Upgrades

• Upgrade to Spring Framework 6.2.9 #​1631
• Upgrade to Spring Security 6.5.2 #​1654

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​mhalbritter

v4.1.0

Compare Source

🐞 Bug Fixes

• SimpleXsdSchema#loadSchema is not thread-safe #​1572

🔨 Dependency Upgrades

• Upgrade to Spring Framework 6.2.7 #​1570
• Upgrade to Spring Security 6.5.0 #​1571

v4.0.17

Compare Source

🔨 Dependency Upgrades

• Upgrade to Spring Framework 6.2.15 #​1747
• Upgrade to Spring Security 6.4.13 #​1748

v4.0.16

Compare Source

🐞 Bug Fixes

• The default version of Spring Security is no longer supported #​1685
• The default version of Spring Framework is no longer supported #​1684
• WebServiceMessageCallback is not invoked when payload is null #​1653

📔 Documentation

• XML invalid in CustomSoapExceptionResolver example #​1669
• Harmonize links to 'Spring Framework reference documentation' #​1663

🔨 Dependency Upgrades

• Upgrade to Jakarta Activation 2.1.4 #​1691
• Upgrade to Jakarta Mail 2.1.5 #​1693
• Upgrade to Jakarta XML Bind 4.0.4 #​1694
• Upgrade to JAXB 4.0.6 #​1697
• Upgrade to Spring Framework 6.2.12 #​1683
• Upgrade to Spring Security 6.4.12 #​1686

v4.0.15

Compare Source

🐞 Bug Fixes

• SimpleXsdSchema#loadSchema is not thread-safe #​1556

🔨 Dependency Upgrades

• Upgrade to Apache Santario 3.0.6 #​1604
• Upgrade to Spring Framework 6.1.21 #​1617
• Upgrade to Spring Security 6.3.10 #​1618
• Upgrade to XmlUnit 2.10.2 #​1591
• Upgrade to Xom 1.3.9 #​1603

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​nosan

v4.0.14

Compare Source

🔨 Dependency Upgrades

• Upgrade to Spring Framework 6.0.20 #​1566

v4.0.13

Compare Source

🐞 Bug Fixes

• HttpComponents5MessageSender overrides HttpClient when set as a property #​1512
• Client-side validation logs an invalid request as the response being invalid [SWS-1078] #​1144
• SmartInterceptor cannot be added using WsConfigurer [SWS-1064] #​1130

📔 Documentation

• Polish SoapFault Javadoc #​1507
• Clarification the semantic of defaultEndpoint in the reference documentation #​1209
• Clarify the scope of WebServiceMessageSender in WebServiceTemplate [SWS-991] #​1063
• Document that XsdSchemaCollection should be configured with inline to inline XSDs [SWS-979] #​1050
• Document how to add a custom detail to a SOAP fault message [SWS-600] #​716

🔨 Dependency Upgrades

• Upgrade to Spring Framework 6.1.19 #​1521
• Upgrade to Spring Security 6.3.9 #​1522

v4.0.12

Compare Source

⭐ New Features

• Allow usage of XMLUnit placeholders in request and response matchers #​1417

🐞 Bug Fixes

• The default version of Spring Security is no longer supported #​1500
• The default version of Spring Framework is no longer supported #​1499
• DelegatingWsConfiguration should load WsConfigurer lazily #​1477
• spring-ws and spring-ws-support should not have transitive dependencies on Mail API and implementation #​1462
• Connection timeout in HttpComponents5MessageSender is not respected #​1436
• WsConfigurer can trigger early initialization that prevents other post processors to run successfully #​1435
• SaajSoapMessageFactory should only split mime type header values #​1421
• LocationTransformerObjectSupport#transformLocation should not append port if it is already present #​1420
• DomPoxMessage sould not have methods of FaultAwareWebServiceMessage as it does not implement it #​622

📔 Documentation

• Review reference guide #​1475
• Fix typos in security doc #​1452

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​flx5 and @​tdinev

v4.0.11

Compare Source

v4.0.10: Spring Web Services v4.0.10

Compare Source

What's Changed

• Support jar:nested in SchemaFactoryUtils by @​izeye in #​1401
• Remove duplicate dependency declaration for httpclient by @​cachescrubber in #​1382
• Update springframwork to 6.0.16 by @​corneil in #​1402

New Contributors

• @​izeye made their first contribution in #​1401
• @​cachescrubber made their first contribution in #​1382

Full Changelog: spring-projects/spring-ws@v4.0.9...v4.0.10

v4.0.9

Compare Source

Changes in version 4.0.8 (2023-11-20)

• #​1394 - Update WSS4J version to 2.4.3 and guava to 32.1.3-jre by @​corneil in #​1397

• iterate over entry-set in getFaultDefinition by @​hduelme in #​1396

New Contributors

• @​hduelme made their first contribution in #​1396

Full Changelog: spring-projects/spring-ws@v4.0.8...v4.0.9

v4.0.8

Compare Source

Changes in version 4.0.8 (2023-11-20)

• #​1390 - Test against Spring Security 6.2.0 on CI.
• #​1387 - Upgrade to Spring Framework 6.0.14.

v4.0.7

Compare Source

Changes in version 4.0.7 (2023-10-23)

• #​1384 - Upgrade to xmlsec 3.0.3.

v4.0.6

Compare Source

Changes in version 4.0.6 (2023-09-18)

• #​1380 - Upgrade to Spring Security 6.0.7.
• #​1379 - Upgrade Spring HATEOAS to 2.0.6.
• #​1378 - Upgrade smoke-tests to Spring Framework 6.0.12.
• #​1377 - Test against WSS4j 3.0.0 on CI.
• #​1376 - Connect builds to ge.spring.io.
• #​1375 - Upgrade to Spring Framework 6.0.12.
• #​1370 - Fix forgotten import for XMLUnit2 upgrade.
• #​1369 - Extend testing to Spring Framework 6.1/Spring Security 6.1.
• #​1368 - Fix integration between Logbook and HttpClient5.
• #​1365 - PayloadDiffMatcher: Add "ignoreWhitespace".
• #​1362 - generify ClientHttpRequestMessageSenderIntegrationTest.
• #​1203 - Changed behavior for PayloadDiffMatcher.

v4.0.5

Compare Source

Changes in version 4.0.5 (2023-06-21)

• #​1366 - Upgrade to Spring Framework 6.0.10.
• #​1360 - spring-ws-security has a transitive dependency to pre jakarta javamail.
• #​1357 - Apache HttpClient 5.0 followup.
• #​1355 - Implement a JDK-based HttpClient MessageSender.
• #​1354 - Upgrade maven-assembly-plugin to 3.5.0.
• #​1342 - How to use JDK HttpClient with web services?.
• #​1164 - Add support for Apache HttpClient 5.0.

v4.0.4

Compare Source

Changes in version 4.0.4 (2023-05-11)

• #​1353 - Reintroduce custom container for release phase.
• #​1352 - Upgrade smoke testing to Spring Boot 3.0.6.
• #​1351 - Upgrade Artemis Jakarta Server to 2.28.0.
• #​1350 - Upgrade to Spring Framework 6.0.9.
• #​1348 - Use the Docker proxy service for CI.
• #​1347 - Introduce smoke testing for the release process.
• #​1346 - Introduce .sdkmanrc to automate switching between versions of Java.

v4.0.3

Compare Source

Changes in version 4.0.3 (2023-04-18)

• #​1345 - Upgrade to Spring Security 6.0.3.
• #​1343 - Upgrade to Spring Framework 6.0.8.
• #​1339 - Upgrade to Spring Framework 6.0.6.
• #​1336 - Use bulk operation addAll instead of iteration.
• #​1335 - Use StandardCharsets.UTF_8 instead of a string UTF-8 value.
• #​1334 - Remove unnecessary boxing for integers.
• #​1332 - Upgrade to org.apache.santuario:xmlsec:3.0.2.
• #​1298 - Bump woodstox-core from 6.2.8 to 6.4.0.
• #​1150 - Wss4jSecurityInterceptor not propagating time to live values when validating ws-security soap header timestamp [SWS-1084].
• #​1100 - wsa:to element is not optional [SWS-1031].
• #​109 - Adds UserDetails to Authentication.

v4.0.2

Compare Source

Changes in version 4.0.2 (2023-02-22)

• #​1337 - Upgrade to Spring Framework 6.0.5.
• #​1328 - Fix broken image links in ref docs.
• #​1327 - Use Collections.emptyIterator() instead of iterator of an emptyList.
• #​1326 - Remove null checks from instanceof checks.
• #​1325 - replace Collections.sort() by List.sort().
• #​1324 - Better conversion from ByteArrayOutputStream to String.
• #​1323 - Make EhCache an optional dependency.
• #​1320 - Add SECURITY details.
• #​1318 - use String.contains() instead String.indexOf().
• #​1317 - Use StringBuilder instead of StringBuffer.
• #​1316 - Use enhanced for loop instead of iterator.
• #​1308 - Simplify SimpleNamespaceContext using modern Map APIs.
• #​1300 - Add ability to override inclusive option in wss4j.
• #​1249 - Add LICENSE file.
• #​150 - Location tranformation now uses X-Forwarded-* headers if present.

v4.0.1

Compare Source

Changes in version 4.0.1 (2023-01-12)

• #​1312 - Release Spring WS 4.0.1.
• #​1311 - Upgrade to Spring HATEOAS 2.0.1.
• #​1310 - Upgrade to Spring Security 6.0.1.
• #​1309 - Upgrade to Spring Framework 6.0.4.
• #​1305 - Change JAXB dependency coordinates.
• #​1303 - Inline the creation of a new TransformerFactory.
• #​1299 - Fix sample code's syntax highlighting to match the fragment's language.
• #​1290 - Introduce Spring WS BOM.
• #​1193 - spring-ws-test - IllegalArgumentException during request comparison.

v4.0.0

Compare Source

Changes in version 4.0.0 (2022-11-21)

• #​1297 - Upgrade to nexus-staging-maven-plugin 1.6.13.
• #​1296 - Upgrade to Spring Security 6.0.0.
• #​1295 - Use GitHub releases to track official releases.
• #​1292 - Upgrade to Spring Framework 6.0.0.
• #​1289 - Upgrade to Jakarta EE 10 specifications.
• #​1248 - Collapse identical catch branches.
• #​1161 - Update Syntax and spellings.

v3.1.8

Compare Source

Changes in version 3.1.8 (2023-11-16)

• #​1389 - Test against Spring Security 5.6.12 on CI.
• #​1388 - Upgrade to Spring Framework 5.3.31.

v3.1.7

Compare Source

Changes in version 3.1.7 (2023-09-18)

• #​1381 - Test against Spring Security 5.7.11 on CI.
• #​1371 - Performance issue in 3.1.x.
• #​1349 - Upgrade to Spring Framework 5.3.30.

v3.1.6

Compare Source

Changes in version 3.1.6 (2023-04-18)

• #​1344 - Upgrade to Spring Framework 5.3.27.
• #​1286 - Use BlobOMDataSource.

v3.1.5

Compare Source

Changes in version 3.1.5 (2023-01-12)

• #​1315 - Upgrade to artifactory-maven-plugin 3.2.3.
• #​1314 - Upgrade Spring Security CI testing.
• #​1313 - Upgrade to Spring Framework 5.3.25.
• #​1294 - Upgrade Spring Security for CI testing.
• #​1293 - Upgrade to Spring Framework 5.3.24.

v3.1.4

Compare Source

• #​1287 - Update copyright statements in source.
• #​1264 - Upgrade to Axiom 1.4.

v3.1.3

Compare Source

• #​1241 - Upgrade to Spring Security 5.5.5.
• #​1240 - Upgrade to Spring Framework 5.3.17.
• #​1233 - Upgrade to Spring Security 5.5.4.
• #​1232 - Upgrade to Spring Framework 5.3.15.
• #​1226 - Upgrade to log4j 2.17.1.

v3.1.2

Compare Source

• #​1222 - Upgrade to Log4j 2.15.0.
• #​1220 - Upgrade to stax-ex 1.8.3.
• #​1218 - Introduce duplicate-finder-maven-plugin to avoid duplicate classes.
• #​1206 - In TransportOutputStream.java when close() is called it will attempt to open a conneciton if the outputSream is null.
• #​1200 - Introduce manual verification step to release process.

v3.1.1

Compare Source

• #​1199 - Don't skip main build targets during releases.

v3.1.0

Compare Source

• #​1198 - Test against JDK 16 on CI.
• #​1197 - Upgrade to Spring Framework 5.3.7.
• #​1187 - Upgrade to Spring Security 5.5.0.

v3.0.12.RELEASE

Compare Source

• #​1224 - Version 3.0.11 breaks build.

v3.0.11.RELEASE

Compare Source

• #​1223 - Upgrade to Log4j 2.15.0.
• #​1171 - Create 3.0 branch.
• #​1169 - Upgrade CI to test against JDK 15.
• #​1168 - Correct documentation regarding Java versions.
• #​1160 - Update code style.
• #​1159 - Upgrade to JUnit 5.
• #​159 - Editing pass.

v3.0.10.RELEASE

Compare Source

• #​1157 - Upgrade to Spring Framework 5.0.19.RELEASE [SWS-1091].
• #​1156 - Spring Integration Issue With Latest XXE Patch and WebSphere 9.0 [SWS-1090].

v3.0.9.RELEASE

Compare Source

• #​1152 - Update reference documentation [SWS-1086].
• #​1151 - Change visibility of MockWebServiceServer(MockWebServiceMessageSender) to support user testing [SWS-1085].

v3.0.8.RELEASE

Compare Source

• #​1141 - Clean up assertion message [SWS-1075].
• #​1138 - Introduce Jenkins CI [SWS-1073].
• #​1137 - Update WSS4J to 2.2.3 or higher [SWS-1072].
• #​1134 - Upgrade CI [SWS-1068].
• #​1133 - Make commons-io a test-scoped dependency [SWS-1067].
• #​1123 - Migrate to https-based URLs [SWS-1057].

v3.0.7.RELEASE

Compare Source

• #​1121 - Perform releases through Concourse CI [SWS-1055].
• #​1116 - TransformerFactoryUtils fails when property doesn't exist [SWS-1050].

v3.0.6.RELEASE

• #​1115 - Use better defaults for certain factory methods [SWS-1049].
• #​1113 - Clean out old sandbox project [SWS-1047].
• #​1111 - Upgrade Spring portfolio versions [SWS-1045].
• #​1110 - Add slack notifications to CI pipeline [SWS-1044].
• #​1109 - Introduce Concourse CI [SWS-1043].

v3.0.4.RELEASE

Compare Source

• #​1059 - Upgrade to latest version of Spring [SWS-1039].
• #​1107 - Polish documentation [SWS-1038].
• #​1106 - Make SimpleXsdSchema give a more productive error message [SWS-1037].
• #​1105 - SimpleXsdSchema not initialized property produces NullPointerException [SWS-1036].
• #​1103 - Switch to Java 11 for future JDK support [SWS-1034].
• #​1102 - Ehcache - OWASP Dependency Check issues [SWS-1033].
• #​1099 - Resolve version conflicts [SWS-1030].
• #​1088 - SaajSoapMessage created with default (empty) SoapEnvelope [SWS-1018].

v3.0.3.RELEASE

Compare Source

• #​1098 - Tune Java 10 dependencies [SWS-1029].

v3.0.2.RELEASE

Compare Source

• #​1097 - Fix log-based issues [SWS-1027].
• #​1096 - Upgrade Spring Framework/Spring Security [SWS-1026].
• #​1090 - Add support for Java 10 [SWS-1020].

v3.0.1.RELEASE

Compare Source

• #​1084 - Support to set timeout on HttpUrlConnectionMessageSender [SWS-1014].
• #​1082 - Upgrade to latest Spring Framework and Spring Security versions [SWS-1012].

v3.0.0.RELEASE

Compare Source

• #​1078 - Remove NO_SECURITY check in 3.x [SWS-1008].
• #​1077 - Fix invalid test cases that close the InputStream too early [SWS-1007].
• #​1076 - Make Axiom SOAP header compatible with Axiom 1.3 [SWS-1006].
• #​1075 - Use correct default content type for SOAP 1.2 with Axiom [SWS-1005].
• #​1074 - Switch to Axiom's getSAXResult [SWS-1004].
• #​1073 - Remove deprecated Axiom API calls [SWS-1003].
• #​1072 - Upgrade AspectJ to 1.8.12/1.9.RC1 [SWS-1002].
• #​1052 - SOAPAction header with SOAP ver 1.2 messages [SWS-981].
• #​1042 - SpringSecurityPasswordValidationCallbackHandler throws NPE when UserDetailsService does not find user [SWS-972].
• #​1032 - WSS4J2 Wss4jSecurityInterceptor -> validation configuration errors [SWS-961].
• #​1027 - Ability to configure SAML callback in Wss4jInterceptor [SWS-955].
• #​801 - Recievign very large attachments in the clent will cause a OutOfMemoryError [SWS-707].

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.