Bump spring-security-config from 4.2.20.RELEASE to 5.6.3

[dependabot]

Bumps spring-security-config from 4.2.20.RELEASE to 5.6.3.

Release notes

Sourced from spring-security-config's releases.

5.6.3

🪲 Bug Fixes

• AuthorizationManagerWebInvocationPrivilegeEvaluator should grant access when AuthorizationManager abstains #10951
• Change HashSet to LinkedHashSet for RelyingPartyRegistration credentials #10916
• Fix saml2 authentication-requests documentation #11047
• Remove "Hi servlet/authentication/architecture there" from docs #10963

🔨 Dependency Upgrades

• Update hibernate-entitymanager to 5.6.8.Final #11124
• Update io.projectreactor to 2020.0.18 #11119
• Update io.rsocket to 1.1.2 #11121
• Update jackson-bom to 2.13.2.20220328 #11115
• Update jackson-databind to 2.13.2.2 #11116
• Update jackson-datatype-jsr310 to 2.13.2 #11117
• Update logback-classic to 1.2.11 #11114
• Update mockk to 1.12.3 #11118
• Update org.aspectj to 1.9.9.1 #11122
• Update org.eclipse.jetty to 9.4.46.v20220331 #11123
• Update org.springframework to 5.3.19 #11125
• Update org.springframework.data to 2021.1.3 #11126
• Update reactor-netty to 1.0.18 #11120
• Update spring-ldap-core to 2.3.7.RELEASE #11127

5.6.2

⏪ Breaking Changes

• Saml2 metadata includes SingleLogoutService even if saml2 logout is disabled / not configured #10734

⭐ New Features

• Document Authorize HTTP Requests for Reactive Security #10801
• Introduce AuthorizationManagerWebInvocationPrivilegeEvaluator #10682

🪲 Bug Fixes

• add Kotlin examples for Spring Data Integration of servlet application #10848
• commons-logging:commons-logging is a transitive dependency of some modules #10772
• Do not rely on javax. group ids #10770
• Fix broken link to SAML2 login example #10806
• Getting Spring Security Reference Docs have a error #10796
• Make source code compatible with JDK 8 #10699
• Replace StringUtils class of oauth2-oidc-sdk completely #10824
• RequestMatcherDelegatingWebInvocationPrivilegeEvaluator doesn't provided access to the ServletContext #10792
• WebInvocationPrivilegeEvaluator Bean should support multiple SecurityFilterChains #10680

🔨 Dependency Upgrades

• Update hibernate-entitymanager to 5.6.5.Final #10873

... (truncated)

Changelog

Sourced from spring-security-config's changelog.

= Update Dependencies

Ensure you have no changes in your local repository. Change to a new branch. For example:

[source,bash]

$ git checkout -b 5.5.0-RC1-dependencies

Review the rules in build.gradle to ensure the rules make sense. For example, we should not allow major version updates in a patch release. Also ensure that all of the exclusions still make sense.

The following Gradle command will update your dependencies creating a commit for each dependency update. The first invocation of the command will take quite a while (~20 minutes depending on internet speed) to run because it is indexing all the versions of all the dependencies.

[source,bash]

$ ./gradlew updateDependencies

Review the commits to ensure that the updated dependency versions make sense for this release. For example, we should not perform a major version update for a patch release.

[source,bash]

$ git log

If any of the versions don’t make sense, update build.gradle to ensure that the version is excluded.

Run all the checks:

[source,bash]

$ ./gradlew check

If they don’t work, you can run a git bisect to discover what broke the build. Fix any commits that broke the build.

Check out the original brach:

[source,bash]

$ git checkout -

The following command will update the dependencies again but this time creating a ticket for each update and placing Closes gh-<number> in the commit. Replacing the following values:

... (truncated)

Commits

• fa0e06e Release 5.6.3
• 6724627 Update spring-ldap-core to 2.3.7.RELEASE
• 4aab7b0 Update org.springframework.data to 2021.1.3
• d0d4d58 Update org.springframework to 5.3.19
• 29be60d Update hibernate-entitymanager to 5.6.8.Final
• 5024103 Update org.eclipse.jetty to 9.4.46.v20220331
• d032780 Update org.aspectj to 1.9.9.1
• f880f1b Update io.rsocket to 1.1.2
• 71dafc0 Update io.projectreactor to 2020.0.18
• 7d9357b Update mockk to 1.12.3
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #2632.