Skip to content

Pin cryptacular dependency to version 1.2.6 to consume Opensaml5 updates#3903

Merged
strehle merged 24 commits intodevelopfrom
pin-cryptacular-1.2.6
May 7, 2026
Merged

Pin cryptacular dependency to version 1.2.6 to consume Opensaml5 updates#3903
strehle merged 24 commits intodevelopfrom
pin-cryptacular-1.2.6

Conversation

@strehle
Copy link
Copy Markdown
Member

@strehle strehle commented May 6, 2026
edited
Loading

org.cryptacular:cryptacular is pulled in transitively (via opensaml). Pin it to 1.2.6 via resolutionStrategy to prevent unintended upgrades.

Reserved for post #3840

strehle and others added 18 commits April 14, 2026 17:55
@strehle
WIP: OpenSAML 5.1.6 upgrade
36ff669 
This version is support BC fips.
Higher versions pull directly classes from non fips package.

At least a version that could work together with spring security 7.x and then boot 4.x
@strehle
Merge remote-tracking branch 'origin/develop' into opensaml5-1-6-update
1386e60
@strehle
rebase back to spring security
4453bad
@strehle
fix logout
df8f4a1
@strehle
fix logout - wrong classes
4daa2e2
@strehle
cleanup reference documentations
dd224a0
@strehle
revert a agent change before and fix deprecate all toghether to final…
90a50a7 
…ly fix logout
@strehle
cleanup
c3e5cb9
@strehle
more cleanups
6ce8f97
@strehle
comment changes
fadb026 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@strehle
Merge remote-tracking branch 'origin/opensaml5-1-6-update' into opens…
12b5261 
…aml5-1-6-update
@strehle
Merge remote-tracking branch 'origin/develop' into opensaml5-1-6-update
daa1c74
@strehle
fix rebase
511844b
@strehle
Merge remote-tracking branch 'origin/develop' into opensaml5-1-6-update
7bc2fb9
@strehle
review
32d48aa
@strehle
review
b67d079
@strehle
review
621a77c
@strehle
Pin cryptacular dependency to version 1.2.6
afff8ee 
org.cryptacular:cryptacular is pulled in transitively (via opensaml).
Pin it to 1.2.6 via resolutionStrategy to prevent unintended upgrades.
@strehle strehle added dependencies Pull requests that update a dependency file in progress labels May 6, 2026
@strehle strehle requested a review from Copilot May 6, 2026 18:42
Copilot AI reviewed May 6, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Pins the transitive org.cryptacular:cryptacular dependency (pulled via OpenSAML) to a known-good version to prevent unintended upgrades that could introduce regressions in UAA’s SAML-related dependency set.

Changes:

  • Added a dedicated versions.cryptacular = "1.2.6" entry to the shared dependency versions.
  • Enforced org.cryptacular:cryptacular version 1.2.6 across subprojects via Gradle resolutionStrategy.eachDependency.

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated no comments.

File Description
dependencies.gradle Introduces versions.cryptacular so the pinned version is centrally managed.
build.gradle Adds a resolution strategy rule to force org.cryptacular:cryptacular to 1.2.6.

@strehle strehle changed the title Pin cryptacular dependency to version 1.2.6 Pin cryptacular dependency to version 1.2.6 to consume Opensaml5 updates May 7, 2026
@strehle strehle requested a review from Copilot May 7, 2026 10:31
Copilot AI reviewed May 7, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 2 changed files in this pull request and generated 2 comments.

Comment thread dependencies.gradle Outdated
Comment thread dependencies.gradle
@strehle
Potential fix for pull request finding
d1ab1dc 
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
@strehle strehle requested a review from Copilot May 7, 2026 10:35
Copilot AI reviewed May 7, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 2 changed files in this pull request and generated 1 comment.

Comment thread dependencies.gradle
@strehle strehle requested review from duanemay and fhanik May 7, 2026 11:37
@github-project-automation github-project-automation Bot moved this from Inbox to Pending Merge | Prioritized in Foundational Infrastructure Working Group May 7, 2026
@strehle strehle merged commit e44ffcc into develop May 7, 2026
38 of 39 checks passed
@strehle strehle deleted the pin-cryptacular-1.2.6 branch May 7, 2026 14:55
@github-project-automation github-project-automation Bot moved this from Pending Merge | Prioritized to Done in Foundational Infrastructure Working Group May 7, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@duanemay duanemay duanemay approved these changes

@fhanik fhanik Awaiting requested review from fhanik

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file in progress

Projects

Foundational Infrastructure Working Group
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@strehle @duanemay