Bump org.apache.shiro:shiro-core from 1.13.0 to 2.0.0

[dependabot]

Bumps org.apache.shiro:shiro-core from 1.13.0 to 2.0.0.

Release notes

Sourced from org.apache.shiro:shiro-core's releases.

Apache Shiro 2.0.0

What's new Highlights

• Java 11 is the minimum supported JVM version
• Jakarta EE 10 support (Java/Jakarta EE 8 is also supported)
• New Jakarta EE integration module (see Jakarta EE Integration for more information)
• SpringBoot 3.x support (SpringBoot 2.x is also supported)
• Automatic form resubmission when session expired (Jakarta EE only)

What's Changed

• [SHIRO-762] Mark SecurityUtils.securityManager as volatile by @​boris-petrov in apache/shiro#218
• [SHIRO-765] Upgrade to Apache Pom Parent 23 by @​fpapon in apache/shiro#222
• [SHIRO-766] ignore exception on invalid cookies. by @​bmarwell in apache/shiro#225
• [SHIRO-764] Add IpFilter for restricting access IP ranges by @​mookkiah in apache/shiro#219
• SHIRO-708 - Remove deprecated shiro-cas module by @​coheigea in apache/shiro#152
• [SHIRO-770] Remove base64 implementation, keep UTF-8 codec by default. by @​bmarwell in apache/shiro#224
• [SHIRO-750] update jax-rs dependency to jakarta. Non-Breaking change. by @​bmarwell in apache/shiro#207
• [SHIRO-750] update jax-rs dependency to jakarta. by @​bmarwell in apache/shiro#226
• Remove CI profile for 2.0.0 by @​fpapon in apache/shiro#229
• [SHIRO-770] Fix test regression introduced by SHIRO-770. by @​bmarwell in apache/shiro#228
• [SHIRO-772] Remove PowerMock from EnvironmentLoaderServiceTest.java. by @​bmarwell in apache/shiro#230
• [SHIRO-773] update groovy for JDK14 builds. by @​bmarwell in apache/shiro#231
• [SHIRO-775] Excessive logging in jetty ContainerITs by @​fpapon in apache/shiro#233
• [SHIRO-771] Add additional build jobs with various JDKs. by @​bmarwell in apache/shiro#227
• (doc) Committer Update by @​bmarwell in apache/shiro#221
• [SHIRO-774] remove ignored prerequisites by @​bmarwell in apache/shiro#234
• [SHIRO-777] remove powermock. by @​bmarwell in apache/shiro#235
• [SHIRO-768] Remove the shiro-all module by @​fpapon in apache/shiro#232
• [SHIRO-679] Shiro modules have split packages by @​fpapon in apache/shiro#236
• [SHIRO-776] Update JUnit by @​bmarwell in apache/shiro#237
• (DOC) - Fix the annotation of setCredentialsMatcher method in AuthenticatingR… by @​ramostear in apache/shiro#238
• [SHIRO-761] Bad OSGi import for javax.annotation in shiro-guice by @​fpapon in apache/shiro#243
• [SHIRO-551] Implement toString() for DelegatingSubject.java. by @​bmarwell in apache/shiro#220
• [SHIRO-784] Fixed issue where no custom filters are defined in spring (non-boot) apps by @​bdemers in apache/shiro#244
• [SHIRO-778] onInit method on AuthenticatingRealm is called twice by @​fpapon in apache/shiro#240
• [SHIRO-610] Allways create resolver for non-empty IniWebEnvironment by @​tbrugz in apache/shiro#242
• [SHIRO-398] - Renamed the variable interval to sessionValidationInterval by @​vgaur in apache/shiro#245
• [SHIRO-785] Upgrade to maven-bundle-plugin 5.1.1 by @​fpapon in apache/shiro#246
• [SHIRO-786] Upgrade to Spring 5.2.8.RELEASE and Spring boot 2.3.2.REL… by @​fpapon in apache/shiro#247
• [SHIRO-780] NOTICE files of shiro components don't match NOTICE in so… by @​fpapon in apache/shiro#239
• Add Jenkins file by @​fpapon in apache/shiro#249
• [SHIRO-767] Fixed issue where ClassUtil cannot load the array of Primitive DataType... by @​ddddyyyy in apache/shiro#248
• [SHIRO-740] SslFilter with HTTP Strict Transport Security (HSTS) by @​raupachz in apache/shiro#55
• SHIRO-349 Security: Byte arrays (and other memory) holding sensitive … by @​bmarwell in apache/shiro#254
• Add Sonarqube quality check by @​fpapon in apache/shiro#256
• Move sonar build step to Java 11 pipeline by @​fpapon in apache/shiro#258
• [SHIRO-793] deleteMe cookie should use the defined "sameSite" by @​FredTreg in apache/shiro#257
• Update AbstractContainerIT to allow for HTTPS connections Using a pre-generated keystore (master) by @​bdemers in apache/shiro#260
• [No JIRA] Fix inefficient iterators by @​TomMD in apache/shiro#250
• [SHIRO-789] Add SameSite option to AbstractShiroWebConfiguration.buildCookie by @​bmarwell in apache/shiro#251
• [CI] Update maven and jdk labels by @​fpapon in apache/shiro#261

... (truncated)

Changelog

Sourced from org.apache.shiro:shiro-core's changelog.

2.0.0

###########################################################

Improvement

[SHIRO-290] Implement bcrypt and argon2 KDF algorithms

Backwards Incompatible Changes

• Changed default DefaultPasswordService.java algorithm to "Argon2id".
• PasswordService.encryptPassword(Object plaintext) will now throw a NullPointerException on null parameter. It was never specified how this method would behave.
• Made salt non-nullable.
• Removed methods in PasswordMatcher.

###########################################################

1.7.1

###########################################################

Bug

[SHIRO-797] - Shiro 1.7.0 is lower than using springboot version 2.0.7 dependency error

###########################################################

1.7.0

###########################################################

Bug

[SHIRO-767] - org.apache.shiro.util.ClassUtil cannot load the array of Primitive DataType when use undertow as web container
[SHIRO-792] - ShiroWebFilterConfiguration seems to conflict with other FilterRegistrationBean

New Feature

[SHIRO-789] - Also add cookie SameSite option to Spring

Improvement

[SHIRO-740] - SslFilter with HTTP Strict Transport Security (HSTS)
[SHIRO-794] - Add system property to enable backslash path normalization
[SHIRO-795] - Disable session path rewriting by default

Task

[SHIRO-793] - deleteMe cookie should use the defined "sameSite"

... (truncated)

Commits

• ef7117b [maven-release-plugin] prepare release shiro-root-2.0.0
• d2afa85 Merge pull request #1320 from apache/dependabot/maven/com.github.siom79.japic...
• 879c6a7 Merge pull request #1319 from apache/dependabot/maven/tomcat.version-10.1.19
• e8fd2a9 Merge pull request #1318 from apache/dependabot/maven/com.flowlogix-flowlogix...
• bcbb087 build(deps): bump com.github.siom79.japicmp:japicmp-maven-plugin
• 02ca3fb build(deps-dev): bump tomcat.version from 10.1.18 to 10.1.19
• a385227 build(deps): bump com.flowlogix:flowlogix-jee from 5.5.2 to 5.5.3
• 8ecf148 Merge pull request #1314 from apache/dependabot/maven/com.github.siom79.japic...
• 6d99d22 Merge pull request #1313 from apache/dependabot/maven/bytebuddy.version-1.14.12
• acec94d build(deps): bump com.github.siom79.japicmp:japicmp-maven-plugin
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[kroepke]

Tested this with MongoDB users, permissions, shares, and a FusionAuth OIDC authenticator.

All works as expected.