Bump spring-security-config from 4.2.20.RELEASE to 5.6.0

[dependabot]

Bumps spring-security-config from 4.2.20.RELEASE to 5.6.0.

Release notes

Sourced from spring-security-config's releases.

5.6.0-RC1

⏪ Breaking Changes

• Conditionally resolve bearer token from request parameters #10340
• DefaultBearerTokenResolver triggers processing of multipart content #10326
• getClaimAsBoolean should not be falsy #10148
• getClaimAsBoolean() should not be falsy #10356

⭐ New Features

• Add saml2.ValidIssuers parameter into SAML 2.0 Assertion Validators #10335
• Add parameters converter support to AbstractWebClientReactiveOAuth2AccessTokenResponseClient #10336
• Add postProcess support to Saml2LogoutConfigurer, closes gh-10311 #10339
• Add saml2.ValidIssuers parameter into SAML 2.0 Assertion Validators #10341
• Add standard OAuth 2.0 error code invalid_redirect_uri #10370
• Add Supplier JwtDecoders #10310
• Allow Defining Custom SAML 2.0 Assertion Signature Validator #10264
• Allow setting custom BodyExtractor to the AbstractWebClientReactiveOAuth2AccessTokenResponseClient #10269
• AuthenticationPrincipal argument type cannot be primitive #10172
• Check for multiple access tokens per rfc 6750 #10302
• Deprecate Kotlin methods that have equivalents using reified types #10365
• Fix Antora cross-references that lead to other pages. #10345
• Fix typo in digest.adoc #10304
• Implement reactive support for JWT as an Authorization Grant #10327
• Implement reactive support for JWT as an Authorization Grant #10147
• Implement reactive support for JWT Client Authentication #10146
• Improve Method Security logging #10279
• Introduce JwtEncoder #9208
• JwtDecoders and NimbusJwtDecoder should use the same JWKSource #10312
• OAuth2LoginAuthenticationProvider information loss at exception handling #10228
• please support lazily doing issuer checks (and all other checks) on startup for oauth resource servers #9991
• Revamp OAuth 2.0 Client reactive documentation #10373
• Saml2WebSsoAuthenticationFilter adds authentication details #10306
• Saml2WebSsoAuthenticationFilter ignores the authentication details #7722
• Structure101 Build Plugin #9768
• Use Antora #5835

🔨 Dependency Upgrades

• Update Gradle to 7.0 #9615
• Update Gradle to 7.2 #10338

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​heowc
• @​sjohnr
• @​DarrenForsythe
• @​jzheaux

... (truncated)

Changelog

Sourced from spring-security-config's changelog.

= Update Dependencies

Ensure you have no changes in your local repository. Change to a new branch. For example:

[source,bash]

$ git checkout -b 5.5.0-RC1-dependencies

Review the rules in build.gradle to ensure the rules make sense. For example, we should not allow major version updates in a patch release. Also ensure that all of the exclusions still make sense.

The following Gradle command will update your dependencies creating a commit for each dependency update. The first invocation of the command will take quite a while (~20 minutes depending on internet speed) to run because it is indexing all the versions of all the dependencies.

[source,bash]

$ ./gradlew updateDependencies

Review the commits to ensure that the updated dependency versions make sense for this release. For example, we should not perform a major version update for a patch release.

[source,bash]

$ git log

If any of the versions don’t make sense, update build.gradle to ensure that the version is excluded.

Run all the checks:

[source,bash]

$ ./gradlew check

If they don’t work, you can run a git bisect to discover what broke the build. Fix any commits that broke the build.

Check out the original brach:

[source,bash]

$ git checkout -

The following command will update the dependencies again but this time creating a ticket for each update and placing Closes gh-<number> in the commit. Replacing the following values:

... (truncated)

Commits

• 1131248 Release 5.6.0
• 385582e Update to spring-data-bom:2021.1.0
• 4f18572 Polish gh-10479
• f0da370 Update org.springframework to 5.3.13
• 6959456 Update hsqldb to 2.6.1
• a5b1d68 Update hibernate-entitymanager to 5.6.1.Final
• 4b23949 Update io.projectreactor to 2020.0.13
• 98a88ff Update com.nimbusds to 9.19
• 23e5177 Update logback-classic to 1.2.7
• 0bdaa21 Update What's New for 5.6
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #2355.