Bump spring-security-config from 4.2.20.RELEASE to 5.7.2

[dependabot]

Bumps spring-security-config from 4.2.20.RELEASE to 5.7.2.

Release notes

Sourced from spring-security-config's releases.

5.7.2

⭐ New Features

• Consider updating testing examples to use JUnit Jupiter #11293

🪲 Bug Fixes

• Some Security Expressions cause NPE when used within @Query #11289
• CsrfWebFilter null save content-type check #11341
• Docs example uses access(String) with authorizeHttpRequests() #11296
• Fix typo in BasicLookupStrategy Javadoc #11339
• KeyInfo missing in AuthnRequest when using OpenSaml4AuthenticationRequestResolver #11358
• OidcClientInitiatedLogoutSuccessHandler url-encodes PostLogoutRedirectUri twice #11384
• SAML request encoding: on redirect binding, base64 encoded message contains CRLF #11284
• SecurityContextRepository.loadContext(HttpServletRequest) cache result #11390
• Should SAML metadata EntityDescriptor tag have the md: prefix? #11311
• Update opaque-token.adoc #11303

🔨 Dependency Upgrades

• Update aspectj-plugin to 6.4.3.1 #11402
• Update hibernate-entitymanager to 5.6.9.Final #11405
• Update io.projectreactor to 2020.0.20 #11403
• Update jackson-bom to 2.13.3 #11399
• Update jackson-databind to 2.13.3 #11400
• Update jackson-datatype-jsr310 to 2.13.3 #11401
• Update org.jetbrains.kotlinx to 1.6.3 #11406
• Update org.opensaml:opensaml-core4 to 4.1.1 #11410
• Update org.springframework to 5.3.21 #11407
• Update org.springframework.data to 2021.2.1 #11408
• Update reactor-netty to 1.0.20 #11404
• Update spring-ldap-core to 2.4.1 #11409

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​andrelugomes

5.7.1

🪲 Bug Fixes

• StrictHttpFirewall incorrectly rejects valid CJKV characters #11266

5.7.0

⭐ New Features

• Check Samples should run against the current artifacts #11199
• Consider replacing an inner loop with Set of authority strings in AuthorityAuthorizationManager#isAuthorized #11188
• Remember me should detect UserDetailsService bean #11170

... (truncated)

Changelog

Sourced from spring-security-config's changelog.

= Update Dependencies

Ensure you have no changes in your local repository. Change to a new branch. For example:

[source,bash]

$ git checkout -b 5.5.0-RC1-dependencies

Review the rules in build.gradle to ensure the rules make sense. For example, we should not allow major version updates in a patch release. Also ensure that all of the exclusions still make sense.

The following Gradle command will update your dependencies creating a commit for each dependency update. The first invocation of the command will take quite a while (~20 minutes depending on internet speed) to run because it is indexing all the versions of all the dependencies.

[source,bash]

$ ./gradlew updateDependencies

Review the commits to ensure that the updated dependency versions make sense for this release. For example, we should not perform a major version update for a patch release.

[source,bash]

$ git log

If any of the versions don’t make sense, update build.gradle to ensure that the version is excluded.

Run all the checks:

[source,bash]

$ ./gradlew check

If they don’t work, you can run a git bisect to discover what broke the build. Fix any commits that broke the build.

Check out the original brach:

[source,bash]

$ git checkout -

The following command will update the dependencies again but this time creating a ticket for each update and placing Closes gh-<number> in the commit. Replacing the following values:

... (truncated)

Commits

• c40f65f Release 5.7.2
• bca43af Update org.opensaml:opensaml-core4 to 4.1.1
• d9b8882 Update spring-ldap-core to 2.4.1
• 7358c65 Update org.springframework.data to 2021.2.1
• e02d5f2 Update org.springframework to 5.3.21
• 91a965c Update org.jetbrains.kotlinx to 1.6.3
• 0e88064 Update hibernate-entitymanager to 5.6.9.Final
• 641b9ef Update io.projectreactor to 2020.0.20
• 6f43d23 Update aspectj-plugin to 6.4.3.1
• d7819ea Update jackson-bom to 2.13.3
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #2793.