Bump spring-security-config from 4.2.20.RELEASE to 5.6.1

[dependabot]

Bumps spring-security-config from 4.2.20.RELEASE to 5.6.1.

Release notes

Sourced from spring-security-config's releases.

5.6.1

⭐ New Features

• Document authentication helper method in WebClient integration #10468
• Document authentication helper method in WebClient integration for Servlet Environments #10120
• Document parameters converter in oauth2 client servlet docs #10469
• Document parameters converter in oauth2 client servlet docs #10467

🪲 Bug Fixes

• AuthorityAuthorizationManager incorrectly compares GrantedAuthority #10595
• clockSkew Javadoc is not consistent with implementation #10535
• Invalid_request failures in JwtTokenValidators are always turned into invalid_token errors #10560
• Kotlin DSL examples in reactive oauth2 docs call build twice #10591
• StaticServerHttpHeadersWriter should work with case-insensitive header names #10581

🔨 Dependency Upgrades

• Update cas-client-core to 3.6.4 #10654
• Update hibernate-entitymanager to 5.6.3.Final #10653
• Update io.projectreactor to 2020.0.14 #10651
• Update jackson-bom to 2.13.1 #10647
• Update jackson-databind to 2.13.1 #10648
• Update jackson-datatype-jsr310 to 2.13.1 #10649
• Update junit-bom to 5.8.2 #10656
• Update logback-classic to 1.2.9 #10646
• Update mockk to 1.12.1 #10650
• Update org.jetbrains.kotlin to 1.5.32 #10655
• Update org.junit.jupiter to 5.8.2 #10657
• Update org.springframework to 5.3.14 #10658
• Update reactor-netty to 1.0.14 #10652
• Update spring-ldap-core to 2.3.5.RELEASE #10659

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​sjohnr

5.6.0

⭐ New Features

• DaoAuthenticationProviderTests#avg function doesn't return fraction #10426
• Docs Should Use Section Summary #10449
• MissingCsrfTokenException message is misleading when not storing the CSRF tokens in the session #10436
• Revamp OAuth 2.0 Login/Client reactive documentation #8174
• Revamp Reactive OAuth 2.0 Login documentation #10479
• Split up Documentation Further #10367
• Support Structure 101 License Id in Package Tangle Check #10443

... (truncated)

Changelog

Sourced from spring-security-config's changelog.

= Update Dependencies

Ensure you have no changes in your local repository. Change to a new branch. For example:

[source,bash]

$ git checkout -b 5.5.0-RC1-dependencies

Review the rules in build.gradle to ensure the rules make sense. For example, we should not allow major version updates in a patch release. Also ensure that all of the exclusions still make sense.

The following Gradle command will update your dependencies creating a commit for each dependency update. The first invocation of the command will take quite a while (~20 minutes depending on internet speed) to run because it is indexing all the versions of all the dependencies.

[source,bash]

$ ./gradlew updateDependencies

Review the commits to ensure that the updated dependency versions make sense for this release. For example, we should not perform a major version update for a patch release.

[source,bash]

$ git log

If any of the versions don’t make sense, update build.gradle to ensure that the version is excluded.

Run all the checks:

[source,bash]

$ ./gradlew check

If they don’t work, you can run a git bisect to discover what broke the build. Fix any commits that broke the build.

Check out the original brach:

[source,bash]

$ git checkout -

The following command will update the dependencies again but this time creating a ticket for each update and placing Closes gh-<number> in the commit. Replacing the following values:

... (truncated)

Commits

• e38bf6e Release 5.6.1
• 624e0da Update spring-ldap-core to 2.3.5.RELEASE
• b28aa6c Update org.springframework to 5.3.14
• 9e83b4b Update junit-bom to 5.8.2
• e9854c9 Update org.jetbrains.kotlin to 1.5.32
• 0345e29 Update cas-client-core to 3.6.4
• 8bd5795 Update hibernate-entitymanager to 5.6.3.Final
• 4fbc98d Update io.projectreactor to 2020.0.14
• 44cdbd6 Update mockk to 1.12.1
• a9af8c4 Update jackson-bom to 2.13.1
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #2483.