build(deps): bump org.springframework.security:spring-security-crypto from 5.3.3.RELEASE to 7.1.0

[dependabot]

Bumps org.springframework.security:spring-security-crypto from 5.3.3.RELEASE to 7.1.0.

Release notes

Sourced from org.springframework.security:spring-security-crypto's releases.

7.1.0

🪲 Bug Fixes

• Opaque token introspectors should not allow empty credentials #19201

🔨 Dependency Upgrades

• Bump @springio/antora-extensions from 1.14.11 to 1.14.12 in /docs #19235
• Bump actions/checkout from 6.0.2 to 6.0.3 #19271
• Bump antora from 3.2.0-alpha.11 to 3.2.0-alpha.12 in /docs #19181
• Bump ch.qos.logback:logback-classic from 1.5.32 to 1.5.33 #19228
• Bump ch.qos.logback:logback-classic from 1.5.33 to 1.5.34 #19268
• Bump com.fasterxml.jackson:jackson-bom from 2.21.2 to 2.21.3 #19133
• Bump com.fasterxml.jackson:jackson-bom from 2.21.3 to 2.22.0 #19246
• Bump com.google.code.gson:gson from 2.13.2 to 2.14.0 #19125
• Bump com.nimbusds:oauth2-oidc-sdk from 11.37 to 11.37.1 #19157
• Bump com.nimbusds:oauth2-oidc-sdk from 11.37 to 11.37.2 #19195
• Bump com.webauthn4j:webauthn4j-core from 0.31.3.RELEASE to 0.31.5.RELEASE #19148
• Bump com.webauthn4j:webauthn4j-core from 0.31.5.RELEASE to 0.31.6.RELEASE #19263
• Bump gradle-wrapper from 9.4.1 to 9.5.0 #19135
• Bump gradle-wrapper from 9.5.0 to 9.5.1 #19171
• Bump io-micrometer from 1.16.5 to 1.17.0 #19287
• Bump io.mockk:mockk from 1.14.9 to 1.14.11 #19244
• Bump io.projectreactor:reactor-bom from 2025.0.5 to 2025.0.6 #19296
• Bump org-jetbrains-kotlin from 2.3.20 to 2.3.21 #19126
• Bump org-jetbrains-kotlin from 2.3.21 to 2.4.0 #19264
• Bump org-opensaml5 from 5.2.1 to 5.2.2 #19176
• Bump org.apache.maven:maven-resolver-provider from 3.9.15 to 3.9.16 #19190
• Bump org.apereo.cas.client:cas-client-core from 4.1.0 to 4.1.1 #19200
• Bump org.hibernate.orm:hibernate-core from 7.3.1.Final to 7.3.2.Final #19119
• Bump org.hibernate.orm:hibernate-core from 7.3.2.Final to 7.3.3.Final #19149
• Bump org.hibernate.orm:hibernate-core from 7.3.3.Final to 7.3.4.Final #19165
• Bump org.hibernate.orm:hibernate-core from 7.3.4.Final to 7.3.5.Final #19191
• Bump org.hibernate.orm:hibernate-core from 7.3.5.Final to 7.3.6.Final #19211
• Bump org.hibernate.orm:hibernate-core from 7.3.6.Final to 7.4.0.Final #19226
• Bump org.jetbrains.kotlinx:kotlinx-coroutines-bom from 1.10.2 to 1.11.0 #19166
• Bump org.junit:junit-bom from 6.0.3 to 6.1.0 #19197
• Bump org.slf4j:slf4j-api from 2.0.17 to 2.0.18 #19169
• Bump org.springframework.data:spring-data-bom from 2025.1.5 to 2025.1.6 #19290
• Bump org.springframework.ldap:spring-ldap-core from 4.0.3 to 4.1.0 #19291
• Bump org.springframework:spring-framework-bom from 7.0.7 to 7.0.8 #19285
• Bump spring-io/spring-release-actions from 0.0.4 to 0.0.5 #19179
• Bump tools.jackson:jackson-bom from 3.1.2 to 3.1.3 #19147
• Bump tools.jackson:jackson-bom from 3.1.3 to 3.1.4 #19245
• Bump tools.jackson:jackson-bom from 3.1.4 to 3.2.0 #19286
• Update to spring-data-bom 2026.0.0 #19303

🔩 Build Updates

• Release 7.1.0 #19218

... (truncated)

Changelog

Sourced from org.springframework.security:spring-security-crypto's changelog.

= Release Process

The release process for Spring Security is entirely automated via the https://github.com/spring-io/spring-security-release-tools/blob/main/release-plugin/README.adoc[Spring Security Release Plugin] and https://github.com/spring-io/spring-security-release-tools/tree/main/.github/workflows[reusable workflows]. The following table outlines the steps that are taken by the automation.

WARNING: The 5.8.x branch does not have all of the improvements from the 6.x.x branches. See "Status (5.8.x)" for which steps are still manual.

In case of a failure, you can follow the links below to read about each step, which includes instructions for performing the step manually if applicable. See <<frequently-asked-questions,FAQ>> for troubleshooting tips.

[cols="1,1,1"] |=== | Step | Status (5.8.x) | Status (6.0.x+)

| <> | ✅ automated | ✅ automated

| <> | ✅ automated | ✅ automated

| <> | ✅ automated | ✅ automated

| <> | ✅ automated | ✅ automated

| <> | ✅ automated | ✅ automated

| <> | ✅ automated | ✅ automated

| <> | ✅ automated | ✅ automated

| <> | ❌ manual | ✅ automated

| <<close-create-milestone,Close milestone>> | ❌ manual | ✅ automated

... (truncated)

Commits

• 8078781 Release 7.1.0
• 835ca03 Merge branch '7.0.x'
• 15e2488 Sync branch 'main'
• 62c4d60 Merge branch '6.5.x' into 7.0.x
• d884913 Sync branch '7.0.x'
• fd5dae5 Sync branch '6.5.x'
• 65f43d6 Merge branch '7.0.x'
• d29c761 Merge branch '6.5.x' into 7.0.x
• 700a453 Bump ch.qos.logback:logback-classic from 1.5.32 to 1.5.34
• 831bfd7 Update to spring-data-bom 2026.0.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)