Bump org.springframework.security-version from 5.4.1 to 5.4.6

[dependabot]

Bumps org.springframework.security-version from 5.4.1 to 5.4.6.
Updates spring-security-config from 5.4.1 to 5.4.6

Release notes

Sourced from spring-security-config's releases.

5.4.6

🪲 Bug Fixes

• Add null check in CsrfFilter and CsrfWebFilter #9592
• @​Order annotations cannot be used with @​Bean methods #9517

🔨 Dependency Upgrades

• Update to Spring Boot 2.4.4 #9613

5.4.5

🪲 Bug Fixes

• Downgrade to Nimbus JOSE JWT 8.+ #9453

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​wilkinsona

5.4.4

This release fixes a problem with the release of 5.4.3

⭐ New Features

• Migrate SAML 2.0 Samples to Use PCFOne #9369
• Resolve artifacts from Maven Central first #9367
• Use constant time comparisons for CSRF tokens #9357
• Improve HttpSessionSecurityContextSessionRepository Performance #9388

🪲 Bug Fixes

• OAuth2ResourceServerSpecTests and OAuth2WebClientControllerTests fail #9426
• Fix custom marshaller example #9409
• Fix beanResolver missing in CurrentSecurityContextArgumentResolver. #9403
• CurrentSecurityContextArgumentResolver should configure BeanResolver #9402
• Consider downgrading to Nimbus 8 #9399
• Remove notEmpty check for authorities in DefaultOAuth2User #9396
• Wrong example name in Spring Security documentation #9383
• Make user info response status check error only #9376
• Malformed WWW-Authenticate Causes NPE #9364
• CsrfWebFilter creates CsrfException with incorrect message when no token is found #9338
• Exception when declaring multiple AuthenticationManager beans #9332
• webflux-x509 sample cert needs renewal #9322
• OidcIdToken cannot be serialized to JSON if token contains claim of type JSONArray #9258

🔨 Dependency Upgrades

• Update to GAE 1.9.86 #9448

... (truncated)

Commits

• 321e6a8 Release 5.4.6
• 924ceac Lock Dependencies
• 951cb84 Update to Spring Boot 2.4.4
• 9570d0c Add null check in CsrfFilter and CsrfWebFilter
• e7ee703 Consider Order on SecurityFilterChain bean definitions
• d192b3e Next Development Version
• 71e0967 Revert "Lock Dependencies for Release"
• 45bca75 Release 5.4.5
• 8c04074 Lock Dependencies for Release
• 7db6c91 Downgrade to Nimbus JOSE JWT 8.+
• Additional commits viewable in compare view

Updates spring-security-web from 5.4.1 to 5.4.6

Release notes

Sourced from spring-security-web's releases.

5.4.6

🪲 Bug Fixes

• Add null check in CsrfFilter and CsrfWebFilter #9592
• @​Order annotations cannot be used with @​Bean methods #9517

🔨 Dependency Upgrades

• Update to Spring Boot 2.4.4 #9613

5.4.5

🪲 Bug Fixes

• Downgrade to Nimbus JOSE JWT 8.+ #9453

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​wilkinsona

5.4.4

This release fixes a problem with the release of 5.4.3

⭐ New Features

• Migrate SAML 2.0 Samples to Use PCFOne #9369
• Resolve artifacts from Maven Central first #9367
• Use constant time comparisons for CSRF tokens #9357
• Improve HttpSessionSecurityContextSessionRepository Performance #9388

🪲 Bug Fixes

• OAuth2ResourceServerSpecTests and OAuth2WebClientControllerTests fail #9426
• Fix custom marshaller example #9409
• Fix beanResolver missing in CurrentSecurityContextArgumentResolver. #9403
• CurrentSecurityContextArgumentResolver should configure BeanResolver #9402
• Consider downgrading to Nimbus 8 #9399
• Remove notEmpty check for authorities in DefaultOAuth2User #9396
• Wrong example name in Spring Security documentation #9383
• Make user info response status check error only #9376
• Malformed WWW-Authenticate Causes NPE #9364
• CsrfWebFilter creates CsrfException with incorrect message when no token is found #9338
• Exception when declaring multiple AuthenticationManager beans #9332
• webflux-x509 sample cert needs renewal #9322
• OidcIdToken cannot be serialized to JSON if token contains claim of type JSONArray #9258

🔨 Dependency Upgrades

• Update to GAE 1.9.86 #9448

... (truncated)

Commits

• 321e6a8 Release 5.4.6
• 924ceac Lock Dependencies
• 951cb84 Update to Spring Boot 2.4.4
• 9570d0c Add null check in CsrfFilter and CsrfWebFilter
• e7ee703 Consider Order on SecurityFilterChain bean definitions
• d192b3e Next Development Version
• 71e0967 Revert "Lock Dependencies for Release"
• 45bca75 Release 5.4.5
• 8c04074 Lock Dependencies for Release
• 7db6c91 Downgrade to Nimbus JOSE JWT 8.+
• Additional commits viewable in compare view

Updates spring-security-taglibs from 5.4.1 to 5.4.6

Release notes

Sourced from spring-security-taglibs's releases.

5.4.6

🪲 Bug Fixes

• Add null check in CsrfFilter and CsrfWebFilter #9592
• @​Order annotations cannot be used with @​Bean methods #9517

🔨 Dependency Upgrades

• Update to Spring Boot 2.4.4 #9613

5.4.5

🪲 Bug Fixes

• Downgrade to Nimbus JOSE JWT 8.+ #9453

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​wilkinsona

5.4.4

This release fixes a problem with the release of 5.4.3

⭐ New Features

• Migrate SAML 2.0 Samples to Use PCFOne #9369
• Resolve artifacts from Maven Central first #9367
• Use constant time comparisons for CSRF tokens #9357
• Improve HttpSessionSecurityContextSessionRepository Performance #9388

🪲 Bug Fixes

• OAuth2ResourceServerSpecTests and OAuth2WebClientControllerTests fail #9426
• Fix custom marshaller example #9409
• Fix beanResolver missing in CurrentSecurityContextArgumentResolver. #9403
• CurrentSecurityContextArgumentResolver should configure BeanResolver #9402
• Consider downgrading to Nimbus 8 #9399
• Remove notEmpty check for authorities in DefaultOAuth2User #9396
• Wrong example name in Spring Security documentation #9383
• Make user info response status check error only #9376
• Malformed WWW-Authenticate Causes NPE #9364
• CsrfWebFilter creates CsrfException with incorrect message when no token is found #9338
• Exception when declaring multiple AuthenticationManager beans #9332
• webflux-x509 sample cert needs renewal #9322
• OidcIdToken cannot be serialized to JSON if token contains claim of type JSONArray #9258

🔨 Dependency Upgrades

• Update to GAE 1.9.86 #9448

... (truncated)

Commits

• 321e6a8 Release 5.4.6
• 924ceac Lock Dependencies
• 951cb84 Update to Spring Boot 2.4.4
• 9570d0c Add null check in CsrfFilter and CsrfWebFilter
• e7ee703 Consider Order on SecurityFilterChain bean definitions
• d192b3e Next Development Version
• 71e0967 Revert "Lock Dependencies for Release"
• 45bca75 Release 5.4.5
• 8c04074 Lock Dependencies for Release
• 7db6c91 Downgrade to Nimbus JOSE JWT 8.+
• Additional commits viewable in compare view

Updates spring-security-test from 5.4.1 to 5.4.6

Release notes

Sourced from spring-security-test's releases.

5.4.6

🪲 Bug Fixes

• Add null check in CsrfFilter and CsrfWebFilter #9592
• @​Order annotations cannot be used with @​Bean methods #9517

🔨 Dependency Upgrades

• Update to Spring Boot 2.4.4 #9613

5.4.5

🪲 Bug Fixes

• Downgrade to Nimbus JOSE JWT 8.+ #9453

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​wilkinsona

5.4.4

This release fixes a problem with the release of 5.4.3

⭐ New Features

• Migrate SAML 2.0 Samples to Use PCFOne #9369
• Resolve artifacts from Maven Central first #9367
• Use constant time comparisons for CSRF tokens #9357
• Improve HttpSessionSecurityContextSessionRepository Performance #9388

🪲 Bug Fixes

• OAuth2ResourceServerSpecTests and OAuth2WebClientControllerTests fail #9426
• Fix custom marshaller example #9409
• Fix beanResolver missing in CurrentSecurityContextArgumentResolver. #9403
• CurrentSecurityContextArgumentResolver should configure BeanResolver #9402
• Consider downgrading to Nimbus 8 #9399
• Remove notEmpty check for authorities in DefaultOAuth2User #9396
• Wrong example name in Spring Security documentation #9383
• Make user info response status check error only #9376
• Malformed WWW-Authenticate Causes NPE #9364
• CsrfWebFilter creates CsrfException with incorrect message when no token is found #9338
• Exception when declaring multiple AuthenticationManager beans #9332
• webflux-x509 sample cert needs renewal #9322
• OidcIdToken cannot be serialized to JSON if token contains claim of type JSONArray #9258

🔨 Dependency Upgrades

• Update to GAE 1.9.86 #9448

... (truncated)

Commits

• 321e6a8 Release 5.4.6
• 924ceac Lock Dependencies
• 951cb84 Update to Spring Boot 2.4.4
• 9570d0c Add null check in CsrfFilter and CsrfWebFilter
• e7ee703 Consider Order on SecurityFilterChain bean definitions
• d192b3e Next Development Version
• 71e0967 Revert "Lock Dependencies for Release"
• 45bca75 Release 5.4.5
• 8c04074 Lock Dependencies for Release
• 7db6c91 Downgrade to Nimbus JOSE JWT 8.+
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)