Bump spring-security-test from 5.5.0 to 5.5.1

[dependabot[bot]]

Bumps spring-security-test from 5.5.0 to 5.5.1.

Release notes

Sourced from spring-security-test's releases.

5.5.1

:star: New Features

• Consider adding a link checker to build #9972
• Use Job Outputs to Transmit Error #9928
• Store one request by default in WebSessionOAuth2ServerAuthorizationRequestRepository #9917
• Combine different OS Build in one CI Job #9798
• Use GPG_PRIVATE_KEY directly #9778

:beetle: Bug Fixes

• Update links to point to migrated samples #9971
• Add messaging to documentation about sample migration #9970
• Fix broken links in docs #9969
• CORS section is missing in Reactive reference documentation #9952
• RSocket documentation mentions non-existent class #9950
• Disabling logout keeps LogoutPageGeneratingWebFilter registered at /logout #9941
• Missing log of "caused by" exception when OP document metadata cannot be reached #9939
• Missing support for private_key_jwt in ClientRegistrations #9936
• Allow client registration from issuer uri with no authorize_endpoint #9935
• Missing support for urn:ietf:params:oauth:grant-type:jwt-bearer in ClientRegistrations #9934
• Using the SecurityMockServerConfigurers.java requires the com.nimbusds oauth2-oidc-sdk on the classpath #9929
• Jwt client authentication converter should detect new key #9927
• Adding filters relative to custom ones is broken #9906
• SEC-3139: Anonymous authentication token not passed to Controller #9890
• Clarify quick start section in README #9885
• RSocket and WebClient with Security refCount: 0 #9870
• spring-security-config kotlin-stdlib-jdk8 dependency isn't optional #9864
• Client credentials not correctly encoded in Basic Auth #9858
• Docs should state default value for Resource Server validation clock skew is 60 seconds #9849
• OidcClientInitiatedLogoutSuccessHandler url-encodes PostLogoutRedirectUri twice #9819
• DefaultSpringSecurityContextSource can't handle spaces in baseDn #9806
• OAuth2ErrorResponseErrorHandler throws IllegalArgumentException for a nonstandard HTTP status code response #9805
• NPE in HttpSessionSecurityContextRepository.isTransientAuthentication #9801
• Fix Build Scan in Build Windows CI Job #9797
• GitHub Actions only Activated for main #9777
• Artifactory missing mavenJava publication #9774
• spring-security-core depends on spring-security-crypto #9773

:hammer: Dependency Upgrades

• Update org.springframework to 5.3.8 #9984
• Update org.slf4j to 1.7.31 #9983
• Update org.jetbrains.kotlin to 1.5.10 #9982
• Update hibernate-entitymanager to 5.4.32.Final #9981
• Update org.eclipse.jetty to 9.4.42.v20210604 #9980
• Update io.rsocket to 1.1.1 #9979
• Remove commons-codec constraint #9977
• Update to OpenSAML 4.1.1 #9976
• Update to nimbus-jose-jwt 9.10 #9975

... (truncated)

Changelog

Sourced from spring-security-test's changelog.

= Update Dependencies

Ensure you have no changes in your local repository. Change to a new branch. For example:

[source,bash]

$ git checkout -b 5.5.0-RC1-dependencies

Review the rules in build.gradle to ensure the rules make sense. For example, we should not allow major version updates in a patch release. Also ensure that all of the exclusions still make sense.

The following Gradle command will update your dependencies creating a commit for each dependency update. The first invocation of the command will take quite a while (~20 minutes depending on internet speed) to run because it is indexing all the versions of all the dependencies.

[source,bash]

$ ./gradlew updateDependencies

Review the commits to ensure that the updated dependency versions make sense for this release. For example, we should not perform a major version update for a patch release.

[source,bash]

$ git log

If any of the versions don’t make sense, update build.gradle to ensure that the version is excluded.

Run all the checks:

[source,bash]

$ ./gradlew check

If they don’t work, you can run a git bisect to discover what broke the build. Fix any commits that broke the build.

Check out the original brach:

[source,bash]

$ git checkout -

The following command will update the dependencies again but this time creating a ticket for each update and placing Closes gh-<number> in the commit. Replacing the following values:

... (truncated)

Commits

• e41360b Release 5.5.1
• e2e0653 Remove commons-codec constraint
• 93f59a2 Update to OpenSAML 4.1.1
• b2bb014 Update to nimbus-jose-jwt 9.10
• 062910c Update to oauth2-oidc-sdk 9.9
• 40fdb5a Update org.springframework to 5.3.8
• 2fa0da5 Update org.slf4j to 1.7.31
• c5f4ae5 Update org.jetbrains.kotlin to 1.5.10
• c68c1c5 Update hibernate-entitymanager to 5.4.32.Final
• be2595b Update org.eclipse.jetty to 9.4.42.v20210604
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)