Pushed to java 21 and latests deps

Author: sptdevos

.github/workflows/maven.yml

@@ -13,4 +13,4 @@ jobs:
   call-workflow:
     uses: 42BV/42-github-workflows/.github/workflows/maven-test.yml@main
     with:
-      java-version: 17
+      java-version: 21

README.md

@@ -23,7 +23,7 @@ Spring boot autoconfig for spring security in a REST environment
   pattern. Implemented by using the [CsrfTokenRepository](https://docs.spring.io/spring-security/site/docs/current/reference/html/csrf.html#csrf-cookie).
 - The @CurrentUser annotation may be used to annotate a controller method argument to inject the current custom user.
 - Note the UserResolver spring bean that is added to your appication context, conveniently get the current logged in user from the SecurityContext!
-- This auto configuration does not make assumptions of how you implement the "authorities" of a User. Spring Security can interpret your authorities by looking
+- This autoconfiguration does not make assumptions of how you implement the "authorities" of a User. Spring Security can interpret your authorities by looking
   at a prefix; if you prefix an authority with "ROLE_", the framework provides a specific role-checking-api. But you can always use the more generic
   authority-checking-api.
     * For instance if you want to make use of "roles" and the Spring Security "hasRole(..)"-api methods, you must prefix your roles with the default "ROLE_".
@@ -44,7 +44,7 @@ Spring boot autoconfig for spring security in a REST environment
     <dependency>
         <groupId>nl.42</groupId>
         <artifactId>rest-secure-spring-boot-starter</artifactId>
-        <version>12.3.0</version>
+        <version>13.0.0</version>
     </dependency>
     <dependency>
         <groupId>org.springframework.boot</groupId>
@@ -232,7 +232,7 @@ Below you'll find more detailed requirements of each endpoint:
 
 ### Using a custom User domain object
 
-To use a custom User object we should implement the `RegisteredUser` interface (using the email fields as username):
+To use a custom User object we should implement the `RegisteredUser` interface (using the email field as username):
 
  ```java
 
@@ -264,7 +264,7 @@ public class User implements RegisteredUser {
 }
  ```
 
-If your custom User domain object has custom properties for `accountExpired`, `accountLocked`, `credentialsExpired` or `userEnabled`,
+If your custom User domain object has custom properties for `accountExpired`, `accountLocked`, `credentialsExpired` or `enabled`,
 you should override the corresponding default RegisteredUser methods. These methods are checked during a successful authentication, by
 default they are all valid.
 

owasp-suppressions.xml

@@ -1,13 +1,3 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
-    <!-- Every time you update Spring Boot, check if there are suppressions that are no longer necessary
-    (these unused suppressions will be listed in the logging of the owasp dependency check plugin). -->
-    <suppress>
-        <notes>logback-core-1.4.11 waiting for spring update</notes>
-        <cve>CVE-2023-6378</cve>
-    </suppress>
-    <suppress>
-        <notes>jackson-databind-2.15.3 waiting for spring update</notes>
-        <cve>CVE-2023-35116</cve>
-    </suppress>
 </suppressions>

pom.xml

@@ -56,19 +56,20 @@
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
-        <maven.compiler.release>17</maven.compiler.release>
+        <maven.compiler.release>21</maven.compiler.release>
 
-        <spring-boot.version>3.2.0</spring-boot.version>
+        <spring-boot.version>3.3.4</spring-boot.version>
         <totp-spring-boot-starter.version>1.7.1</totp-spring-boot-starter.version>
-        <commons-io.version>2.11.0</commons-io.version>
-        <dependency-check-maven-plugin.version>8.4.3</dependency-check-maven-plugin.version>
-        <jacoco-maven-plugin.version>0.8.8</jacoco-maven-plugin.version>
-        <maven-compiler-plugin.version>3.10.1</maven-compiler-plugin.version>
+        <commons-io.version>2.17.0</commons-io.version>
+
+        <dependency-check-maven-plugin.version>10.0.4</dependency-check-maven-plugin.version>
+        <jacoco-maven-plugin.version>0.8.12</jacoco-maven-plugin.version>
+        <maven-compiler-plugin.version>3.13.0</maven-compiler-plugin.version>
         <maven-gpg-plugin.version>3.0.1</maven-gpg-plugin.version>
         <maven-javadoc-plugin.version>3.4.1</maven-javadoc-plugin.version>
-        <maven-release-plugin.version>2.5.3</maven-release-plugin.version>
+        <maven-release-plugin.version>3.1.1</maven-release-plugin.version>
         <maven-source-plugin.version>3.2.1</maven-source-plugin.version>
-        <maven-surefire-plugin.version>2.22.2</maven-surefire-plugin.version>
+        <maven-surefire-plugin.version>3.5.0</maven-surefire-plugin.version>
     </properties>
 
     <dependencies>