Bump spring-security-config from 4.2.20.RELEASE to 5.5.3

[dependabot]

Bumps spring-security-config from 4.2.20.RELEASE to 5.5.3.

Release notes

Sourced from spring-security-config's releases.

5.5.3

⭐ New Features

• Allow defining custom SAML 2.0 Assertion Signature Validator #10317
• Add Documentation for Static Methods Classes for mockJwt() and jwt() #10265

🪲 Bug Fixes

• ClaimAccessor#getClaimAsMap doesn't return null as documented #10371
• 5.5.X only works with spring-security-5.4.xsd schema (XML-based config) #10369
• SecurityNamespaceHandler: update schema version to 5.5 #10348
• JwtTimeStampValidator uses wrong error on token expiration #10328
• Fix typo #10313
• Saml2LoginConfigurer relyingPartyRegistrationRepository method does not return correct type #10257
• ACL docs refer to nonexistent sample apps #10237
• SAML 2.0 Login should allow loginProcessingUrl without {registrationId} when providing an AuthenticationConverter #10176

🔨 Dependency Upgrades

• Update org.springframework.data to 2021.0.6 #10417
• Update org.springframework to 5.3.11 #10416
• Update org.jetbrains.kotlinx to 1.5.2 #10415
• Update org.jetbrains.kotlin to 1.5.31 #10414
• Update org.eclipse.jetty to 9.4.44.v20210927 #10413
• Update io.spring.nohttp to 0.0.10 #10412
• Update r2dbc-spi-test to 0.8.6.RELEASE #10410
• Update reactor-netty to 1.0.12 #10409
• Update io.projectreactor to 2020.0.12 #10408
• Update jackson-datatype-jsr310 to 2.12.5 #10407
• Update jackson-databind to 2.12.5 #10406
• Update jackson-bom to 2.12.5 #10405
• Update logback-classic to 1.2.6 #10404

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​Emkas
• @​marcusdacoregio

5.5.2

⭐ New Features

• Consider adding springFrameworkVersion property #10068
• Introduce samplesBranch property #10036
• Use the new springFrameworkVersion property in docs' links #10067

🔨 Dependency Upgrades

• Update com.nimbusds to 9.9.1 #10186

... (truncated)

Changelog

Sourced from spring-security-config's changelog.

= Update Dependencies

Ensure you have no changes in your local repository. Change to a new branch. For example:

[source,bash]

$ git checkout -b 5.5.0-RC1-dependencies

Review the rules in build.gradle to ensure the rules make sense. For example, we should not allow major version updates in a patch release. Also ensure that all of the exclusions still make sense.

The following Gradle command will update your dependencies creating a commit for each dependency update. The first invocation of the command will take quite a while (~20 minutes depending on internet speed) to run because it is indexing all the versions of all the dependencies.

[source,bash]

$ ./gradlew updateDependencies

Review the commits to ensure that the updated dependency versions make sense for this release. For example, we should not perform a major version update for a patch release.

[source,bash]

$ git log

If any of the versions don’t make sense, update build.gradle to ensure that the version is excluded.

Run all the checks:

[source,bash]

$ ./gradlew check

If they don’t work, you can run a git bisect to discover what broke the build. Fix any commits that broke the build.

Check out the original brach:

[source,bash]

$ git checkout -

The following command will update the dependencies again but this time creating a ticket for each update and placing Closes gh-<number> in the commit. Replacing the following values:

... (truncated)

Commits

• 13e7c9f Release 5.5.3
• 14e6d8a Revert "Update io.spring.javaformat to 0.0.29"
• d1a2767 Update org.springframework.data to 2021.0.6
• 844879b Update org.springframework to 5.3.11
• d5efbd3 Update org.jetbrains.kotlinx to 1.5.2
• b9ef11d Update org.jetbrains.kotlin to 1.5.31
• d9b1df8 Update org.eclipse.jetty to 9.4.44.v20210927
• 020dd90 Update io.spring.nohttp to 0.0.10
• fafde09 Update io.spring.javaformat to 0.0.29
• b2db2bd Update r2dbc-spi-test to 0.8.6.RELEASE
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #2310.