build(deps): bump spring-security.version from 3.2.9.RELEASE to 5.4.1 in /dspace-rest

[dependabot[bot]]

Bumps spring-security.version from 3.2.9.RELEASE to 5.4.1. Updates spring-security-core from 3.2.9.RELEASE to 5.4.1

Release notes

Sourced from spring-security-core's releases.

5.4.1

:star: New Features

• Replace expired msdn link with latest web archive copy #9050
• Add documentation for StrictHttpFirewall enhancements #9038
• Replace Tomcat6 URL for SSL Guide to Tomcat 10 #9034
• Use AssertJ for exception testing #9013

:beetle: Bug Fixes

• Add try-with-resources to close stream #9053
• RelyingPartyRegistrations Fails to Read Keycloak Metadata #9051
• fix miswritten comment of FormLoginDsl.kt #9042
• Adapt to WebClient's new exception wrapping #9031
• StandardInterceptUrlRegistry should not refer to ExpressionUrlAuthorizationConfigurer #9026
• Fix broken Mono chain #9022
• Use Schedulers.boundedElastic for UUID.randomUUID #9021
• CookieServerCsrfTokenRepository#createNewToken should use Schedulers.boundedElastic #9018
• WebSessionServerCsrfTokenRepository#generateToken() don't use Schedulers.boundedElastic() #9017
• NullPointerException SessionRegistryImpl.onApplicationEvent(SessionRegistryImpl.java:111) #9011
• Quick javadoc fix for DelegatingPasswordEncoder #8890

:heart: Contributors

We'd like to thank all the contributors who worked on this release!

• @muRn
• @b12f10w
• @uy-rrodriguez
• @geonu1109
• @tt4g
• @philwebb
• @MeTPP

5.4.0

:star: New Features

• Add What's New in 5.4 #9002
• Add What's New in 5.4 Section to Docs #9001
• Add Resource Server Servlet Logging #9000
• Simplify saml2Login Samples #8990
• Remove Framework Tests from saml2Login Sample #8989
• Add authenticationManagerResolver to resource server Kotlin DSL #8981
• Generalize SAML 2.0 Assertion Validation Support #8970
• Update abstract-authentication-processing-filter.adoc #8965
• Add spring-javaformat checkstyle and formatting #8946
• Add hasAnyRole and hasAnyAuthority to authorizeRequests in Kotlin DSL #8926
• Add hasAnyAuthority(String...) and hasAnyRole(String...) to authorizeRequests in Kotlin DSL #8892
• Resolve oauth2 client-id, client-secret placeholders #8880
• Restructure SAML 2.0 documentation #8763

... (truncated)

Commits

• dbce9b5 Release 5.4.1
• 48ac474 Lock Dependencies for 5.4.1
• 66ceb4d Constrain Dependencies for Maintenance Branch
• f87101a Update RSocket Sample to RSocket 1.1.0-M2
• 6cb41fb Update to Kotlin 1.4.10
• 8382f45 Update to AspectJ 1.9.6
• 5706c0f Update to Google App Engine 1.9.82
• 9677bd8 Update to Spring JavaFormat 0.0.25
• 0f51257 Update to Spring Boot 2.4.0-M3
• a2aeb95 Update What's New Link
• Additional commits viewable in compare view

Updates spring-security-web from 3.2.9.RELEASE to 5.4.1

Release notes

Sourced from spring-security-web's releases.

5.4.1

:star: New Features

• Replace expired msdn link with latest web archive copy #9050
• Add documentation for StrictHttpFirewall enhancements #9038
• Replace Tomcat6 URL for SSL Guide to Tomcat 10 #9034
• Use AssertJ for exception testing #9013

:beetle: Bug Fixes

• Add try-with-resources to close stream #9053
• RelyingPartyRegistrations Fails to Read Keycloak Metadata #9051
• fix miswritten comment of FormLoginDsl.kt #9042
• Adapt to WebClient's new exception wrapping #9031
• StandardInterceptUrlRegistry should not refer to ExpressionUrlAuthorizationConfigurer #9026
• Fix broken Mono chain #9022
• Use Schedulers.boundedElastic for UUID.randomUUID #9021
• CookieServerCsrfTokenRepository#createNewToken should use Schedulers.boundedElastic #9018
• WebSessionServerCsrfTokenRepository#generateToken() don't use Schedulers.boundedElastic() #9017
• NullPointerException SessionRegistryImpl.onApplicationEvent(SessionRegistryImpl.java:111) #9011
• Quick javadoc fix for DelegatingPasswordEncoder #8890

:heart: Contributors

We'd like to thank all the contributors who worked on this release!

• @muRn
• @b12f10w
• @uy-rrodriguez
• @geonu1109
• @tt4g
• @philwebb
• @MeTPP

5.4.0

:star: New Features

• Add What's New in 5.4 #9002
• Add What's New in 5.4 Section to Docs #9001
• Add Resource Server Servlet Logging #9000
• Simplify saml2Login Samples #8990
• Remove Framework Tests from saml2Login Sample #8989
• Add authenticationManagerResolver to resource server Kotlin DSL #8981
• Generalize SAML 2.0 Assertion Validation Support #8970
• Update abstract-authentication-processing-filter.adoc #8965
• Add spring-javaformat checkstyle and formatting #8946
• Add hasAnyRole and hasAnyAuthority to authorizeRequests in Kotlin DSL #8926
• Add hasAnyAuthority(String...) and hasAnyRole(String...) to authorizeRequests in Kotlin DSL #8892
• Resolve oauth2 client-id, client-secret placeholders #8880
• Restructure SAML 2.0 documentation #8763

... (truncated)

Commits

• dbce9b5 Release 5.4.1
• 48ac474 Lock Dependencies for 5.4.1
• 66ceb4d Constrain Dependencies for Maintenance Branch
• f87101a Update RSocket Sample to RSocket 1.1.0-M2
• 6cb41fb Update to Kotlin 1.4.10
• 8382f45 Update to AspectJ 1.9.6
• 5706c0f Update to Google App Engine 1.9.82
• 9677bd8 Update to Spring JavaFormat 0.0.25
• 0f51257 Update to Spring Boot 2.4.0-M3
• a2aeb95 Update What's New Link
• Additional commits viewable in compare view

Updates spring-security-config from 3.2.9.RELEASE to 5.4.1

Release notes

Sourced from spring-security-config's releases.

5.4.1

:star: New Features

• Replace expired msdn link with latest web archive copy #9050
• Add documentation for StrictHttpFirewall enhancements #9038
• Replace Tomcat6 URL for SSL Guide to Tomcat 10 #9034
• Use AssertJ for exception testing #9013

:beetle: Bug Fixes

• Add try-with-resources to close stream #9053
• RelyingPartyRegistrations Fails to Read Keycloak Metadata #9051
• fix miswritten comment of FormLoginDsl.kt #9042
• Adapt to WebClient's new exception wrapping #9031
• StandardInterceptUrlRegistry should not refer to ExpressionUrlAuthorizationConfigurer #9026
• Fix broken Mono chain #9022
• Use Schedulers.boundedElastic for UUID.randomUUID #9021
• CookieServerCsrfTokenRepository#createNewToken should use Schedulers.boundedElastic #9018
• WebSessionServerCsrfTokenRepository#generateToken() don't use Schedulers.boundedElastic() #9017
• NullPointerException SessionRegistryImpl.onApplicationEvent(SessionRegistryImpl.java:111) #9011
• Quick javadoc fix for DelegatingPasswordEncoder #8890

:heart: Contributors

We'd like to thank all the contributors who worked on this release!

• @muRn
• @b12f10w
• @uy-rrodriguez
• @geonu1109
• @tt4g
• @philwebb
• @MeTPP

5.4.0

:star: New Features

• Add What's New in 5.4 #9002
• Add What's New in 5.4 Section to Docs #9001
• Add Resource Server Servlet Logging #9000
• Simplify saml2Login Samples #8990
• Remove Framework Tests from saml2Login Sample #8989
• Add authenticationManagerResolver to resource server Kotlin DSL #8981
• Generalize SAML 2.0 Assertion Validation Support #8970
• Update abstract-authentication-processing-filter.adoc #8965
• Add spring-javaformat checkstyle and formatting #8946
• Add hasAnyRole and hasAnyAuthority to authorizeRequests in Kotlin DSL #8926
• Add hasAnyAuthority(String...) and hasAnyRole(String...) to authorizeRequests in Kotlin DSL #8892
• Resolve oauth2 client-id, client-secret placeholders #8880
• Restructure SAML 2.0 documentation #8763

... (truncated)

Commits

• dbce9b5 Release 5.4.1
• 48ac474 Lock Dependencies for 5.4.1
• 66ceb4d Constrain Dependencies for Maintenance Branch
• f87101a Update RSocket Sample to RSocket 1.1.0-M2
• 6cb41fb Update to Kotlin 1.4.10
• 8382f45 Update to AspectJ 1.9.6
• 5706c0f Update to Google App Engine 1.9.82
• 9677bd8 Update to Spring JavaFormat 0.0.25
• 0f51257 Update to Spring Boot 2.4.0-M3
• a2aeb95 Update What's New Link
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/ilri/DSpace/network/alerts).

[dependabot[bot]]

OK, I won't notify you again about this release, but will get in touch when a new version is available.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.