Bump spring-security-config from 4.2.19.RELEASE to 5.5.0

[dependabot]

Bumps spring-security-config from 4.2.19.RELEASE to 5.5.0.

Release notes

Sourced from spring-security-config's releases.

5.5.0

⭐ New Features

• Configure user name used for Gradle CI builds #9747
• HttpSessionOAuth2AuthorizationRequestRepository storing one OAuth2AuthorizationRequest #9649
• Incorrect javadoc in AuthorizationCodeOAuth2AuthorizedClientProvider #9708
• Restore Dependency Constraints for commons-codec and commons-logging #8836
• Stop CI Jobs on Forks #9717
• Update javadoc AuthorizationCodeOAuth2AuthorizedClientProvider #9730

🔨 Dependency Upgrades

• Update io.projectreactor to 2020.0.7 #9750
• Update io.spring.nohttp to 0.0.8 #9753
• Update org.springframework to 5.3.7 #9754
• Update org.springframework.data to 2021.0.1 #9755
• Update r2dbc-spi-test to 0.8.5.RELEASE #9752
• Update spring-ldap-core to 2.3.4.RELEASE #9756
• Update to com.gradle.enterprise 3.6.1 #9764
• Update to Gradle. 6.9 #9758
• Update to Kotlin 1.5.0 #9763

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​jzheaux
• @​talentedasian
• @​candrews
• @​marcusdacoregio

5.5.0-RC2

⏪ Breaking Changes

• Rename DelegatingAuthorizationManager to RequestMatcherDelegatingAuthorizationManager #9692
• Inline ResourceKeyConverterAdapter #9689

⭐ New Features

• Add Ability to Exclude Minor Version Bump #9709
• Add Task to Check if All Issues in GitHub Milestone are closed #9693
• rename master->main #9683
• Make Csrf cookie secure flag configurable (WebFlux) #9679
• Make the cookie secure flag configurable in CookieServerCsrfTokenRepository #9678
• Add RELEASE.adoc #9627

🔨 Dependency Upgrades

• Update ehcache to 2.10.9.2 #9712
• Update hibernate-entitymanager to 5.4.31.Final #9714

... (truncated)

Changelog

Sourced from spring-security-config's changelog.

$ ./scripts/release/wait-for-done.sh 5.5.0

= Announce the release on Slack

• Announce via Slack on https://pivotal.slack.com/messages/spring-release[#spring-release], including the keyword +spring-security-announcing+ in the message. Something like:

.... spring-security-announcing 5.5.0 is available. ....

= Tag the release

• Tag the release and then push the tag

.... git tag 5.4.0-RC1 git push origin 5.4.0-RC1 ....

== 7. Update to Next Development Version

• Update gradle.properties version to next +SNAPSHOT+ version and then push

== 8. Update version on project page

The following command will update https://spring.io/projects/spring-security#learn with the new release version using the following parameters

- Replace with a https://github.com/settings/tokens[GitHub personal access token] that has a scope of public_repo - Replace with the milestone you are releasing now (i.e. 5.5.0-RC1) - Replace with the previous release which will be removed from the listed versions (i.e. 5.5.0-M3)

[source,bash]

$ ./gradlew saganCreateRelease saganDeleteRelease -PgitHubAccessToken= -PnextVersion= -PpreviousVersion=

== 9. Update Release Notes on GitHub

Generate the Release Notes replacing:

• - Replace with the milestone you are releasing now (i.e. 5.5.0-RC1)

---

$ ./gradlew generateChangelog -P

... (truncated)

Commits

• abd1001 Fix SpringNexsPublishPlugin spacing in root
• 39c5f3d Fix closeAndReleaseOssrhStagingRepository
• 05dd693 Delay until PublishAllJavaComponentsPlugin
• 0392495 Update GitHub Actions to use publishArtifacts
• 4d25115 opensaml4MainCompile
• 1491f2e Fix saml javadoc
• 777a275 fix bom
• b750f3b copyproperties for bom plugin
• b0f661f Revert "Map optional dependencies to Maven"
• d8e4f6c Revert "Management no longer operates on optional/provided to spring-security...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #2041.