Bump springSecurityVersion from 5.8.8 to 5.8.9

[dependabot]

Bumps springSecurityVersion from 5.8.8 to 5.8.9.
Updates org.springframework.security:spring-security-web from 5.8.8 to 5.8.9

Release notes

Sourced from org.springframework.security:spring-security-web's releases.

5.8.9

⭐ New Features

• Document that Shibboleth Repository is Required for SAML Support #14286
• OAuth2 Resource Server is exposing server information. #13730
• Resolve RequestMatcher at request-time #14078
• Update Java Config Spring MVC documentation #14220

🪲 Bug Fixes

• AnnotationConfigurationException when using PreAuthorize, CGLIB and EnableMethodSecurity #13625
• Authentication not propagated correctly after migrating to SB3 #12877
• Authorization does not show up on Features section #14099
• Documentation about configuring SecuritySocketAcceptorInterceptor in Spring Boot is confusing #13718
• Fix caching error state in ReactiveRemoteJWKSource #13976
• fix wrong document about "jws-algorithms" #14252
• Improve error message when ServletRegistration API is unavailable #14221
• References to WebFlux docs do not link to them #14100
• relay_state should not be included in signing calculation when it is null #13913
• Security configuration is failed to be initialized in a Servlet 6.0 container #13794
• Spring Security documentation confuses "idempotent" with "read-only" in CSRF section #13644
• X-Xss-Protection header "1; mode=block" differs in Servlet and Reactive #11948
• XML namespace with saml2-login configuration fails using Java 8 and spring-security 5.8 #12483

🔨 Dependency Upgrades

• Bump actions/checkout from 3 to 4 #14313
• Bump actions/setup-java from 3 to 4 #14307
• Bump ch.qos.logback:logback-classic from 1.2.12 to 1.2.13 #14240
• Bump Gamesight/slack-workflow-status from 1.0.1 to 1.2.0 #14301
• Bump io-spring-javaformat from 0.0.39 to 0.0.40 #14153
• Bump io.projectreactor.netty:reactor-netty from 1.0.38 to 1.0.39 #14143
• Bump io.projectreactor.netty:reactor-netty from 1.0.39 to 1.0.40 #14290
• Bump io.projectreactor:reactor-bom from 2020.0.37 to 2020.0.38 #14142
• Bump io.projectreactor:reactor-bom from 2020.0.38 to 2020.0.39 #14291
• Bump org.springframework.data:spring-data-bom from 2021.2.17 to 2021.2.18 #14170
• Bump org.springframework:spring-framework-bom from 5.3.30 to 5.3.31 #14154
• Bump slackapi/slack-github-action from 1.19.0 to 1.24.0 #14303
• Bump spring-io/spring-gradle-build-action from 1 to 2 #14308

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​dongelci
• @​dependabot[bot]

Commits

• b97c310 Release 5.8.9
• 59461d9 Clarify RSocket Configuration Docs
• fc007aa Check OpenSAML Version in XML Support
• eaaa813 Fix header value typo
• 10b3a9b Bump Gamesight/slack-workflow-status from 1.0.1 to 1.2.0
• e4cc0a4 Bump slackapi/slack-github-action from 1.19.0 to 1.24.0
• ff71ef4 Bump actions/setup-java from 3 to 4
• 5593655 Bump spring-io/spring-gradle-build-action from 1 to 2
• 47812e5 Bump actions/checkout from 3 to 4
• 89fd30f Bump io.projectreactor.netty:reactor-netty from 1.0.39 to 1.0.40
• Additional commits viewable in compare view

Updates org.springframework.security:spring-security-oauth2-client from 5.8.8 to 5.8.9

Release notes

Sourced from org.springframework.security:spring-security-oauth2-client's releases.

5.8.9

⭐ New Features

• Document that Shibboleth Repository is Required for SAML Support #14286
• OAuth2 Resource Server is exposing server information. #13730
• Resolve RequestMatcher at request-time #14078
• Update Java Config Spring MVC documentation #14220

🪲 Bug Fixes

• AnnotationConfigurationException when using PreAuthorize, CGLIB and EnableMethodSecurity #13625
• Authentication not propagated correctly after migrating to SB3 #12877
• Authorization does not show up on Features section #14099
• Documentation about configuring SecuritySocketAcceptorInterceptor in Spring Boot is confusing #13718
• Fix caching error state in ReactiveRemoteJWKSource #13976
• fix wrong document about "jws-algorithms" #14252
• Improve error message when ServletRegistration API is unavailable #14221
• References to WebFlux docs do not link to them #14100
• relay_state should not be included in signing calculation when it is null #13913
• Security configuration is failed to be initialized in a Servlet 6.0 container #13794
• Spring Security documentation confuses "idempotent" with "read-only" in CSRF section #13644
• X-Xss-Protection header "1; mode=block" differs in Servlet and Reactive #11948
• XML namespace with saml2-login configuration fails using Java 8 and spring-security 5.8 #12483

🔨 Dependency Upgrades

• Bump actions/checkout from 3 to 4 #14313
• Bump actions/setup-java from 3 to 4 #14307
• Bump ch.qos.logback:logback-classic from 1.2.12 to 1.2.13 #14240
• Bump Gamesight/slack-workflow-status from 1.0.1 to 1.2.0 #14301
• Bump io-spring-javaformat from 0.0.39 to 0.0.40 #14153
• Bump io.projectreactor.netty:reactor-netty from 1.0.38 to 1.0.39 #14143
• Bump io.projectreactor.netty:reactor-netty from 1.0.39 to 1.0.40 #14290
• Bump io.projectreactor:reactor-bom from 2020.0.37 to 2020.0.38 #14142
• Bump io.projectreactor:reactor-bom from 2020.0.38 to 2020.0.39 #14291
• Bump org.springframework.data:spring-data-bom from 2021.2.17 to 2021.2.18 #14170
• Bump org.springframework:spring-framework-bom from 5.3.30 to 5.3.31 #14154
• Bump slackapi/slack-github-action from 1.19.0 to 1.24.0 #14303
• Bump spring-io/spring-gradle-build-action from 1 to 2 #14308

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​dongelci
• @​dependabot[bot]

Commits

• b97c310 Release 5.8.9
• 59461d9 Clarify RSocket Configuration Docs
• fc007aa Check OpenSAML Version in XML Support
• eaaa813 Fix header value typo
• 10b3a9b Bump Gamesight/slack-workflow-status from 1.0.1 to 1.2.0
• e4cc0a4 Bump slackapi/slack-github-action from 1.19.0 to 1.24.0
• ff71ef4 Bump actions/setup-java from 3 to 4
• 5593655 Bump spring-io/spring-gradle-build-action from 1 to 2
• 47812e5 Bump actions/checkout from 3 to 4
• 89fd30f Bump io.projectreactor.netty:reactor-netty from 1.0.39 to 1.0.40
• Additional commits viewable in compare view

Updates org.springframework.security:spring-security-oauth2-jose from 5.8.8 to 5.8.9

Release notes

Sourced from org.springframework.security:spring-security-oauth2-jose's releases.

5.8.9

⭐ New Features

• Document that Shibboleth Repository is Required for SAML Support #14286
• OAuth2 Resource Server is exposing server information. #13730
• Resolve RequestMatcher at request-time #14078
• Update Java Config Spring MVC documentation #14220

🪲 Bug Fixes

• AnnotationConfigurationException when using PreAuthorize, CGLIB and EnableMethodSecurity #13625
• Authentication not propagated correctly after migrating to SB3 #12877
• Authorization does not show up on Features section #14099
• Documentation about configuring SecuritySocketAcceptorInterceptor in Spring Boot is confusing #13718
• Fix caching error state in ReactiveRemoteJWKSource #13976
• fix wrong document about "jws-algorithms" #14252
• Improve error message when ServletRegistration API is unavailable #14221
• References to WebFlux docs do not link to them #14100
• relay_state should not be included in signing calculation when it is null #13913
• Security configuration is failed to be initialized in a Servlet 6.0 container #13794
• Spring Security documentation confuses "idempotent" with "read-only" in CSRF section #13644
• X-Xss-Protection header "1; mode=block" differs in Servlet and Reactive #11948
• XML namespace with saml2-login configuration fails using Java 8 and spring-security 5.8 #12483

🔨 Dependency Upgrades

• Bump actions/checkout from 3 to 4 #14313
• Bump actions/setup-java from 3 to 4 #14307
• Bump ch.qos.logback:logback-classic from 1.2.12 to 1.2.13 #14240
• Bump Gamesight/slack-workflow-status from 1.0.1 to 1.2.0 #14301
• Bump io-spring-javaformat from 0.0.39 to 0.0.40 #14153
• Bump io.projectreactor.netty:reactor-netty from 1.0.38 to 1.0.39 #14143
• Bump io.projectreactor.netty:reactor-netty from 1.0.39 to 1.0.40 #14290
• Bump io.projectreactor:reactor-bom from 2020.0.37 to 2020.0.38 #14142
• Bump io.projectreactor:reactor-bom from 2020.0.38 to 2020.0.39 #14291
• Bump org.springframework.data:spring-data-bom from 2021.2.17 to 2021.2.18 #14170
• Bump org.springframework:spring-framework-bom from 5.3.30 to 5.3.31 #14154
• Bump slackapi/slack-github-action from 1.19.0 to 1.24.0 #14303
• Bump spring-io/spring-gradle-build-action from 1 to 2 #14308

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​dongelci
• @​dependabot[bot]

Commits

• b97c310 Release 5.8.9
• 59461d9 Clarify RSocket Configuration Docs
• fc007aa Check OpenSAML Version in XML Support
• eaaa813 Fix header value typo
• 10b3a9b Bump Gamesight/slack-workflow-status from 1.0.1 to 1.2.0
• e4cc0a4 Bump slackapi/slack-github-action from 1.19.0 to 1.24.0
• ff71ef4 Bump actions/setup-java from 3 to 4
• 5593655 Bump spring-io/spring-gradle-build-action from 1 to 2
• 47812e5 Bump actions/checkout from 3 to 4
• 89fd30f Bump io.projectreactor.netty:reactor-netty from 1.0.39 to 1.0.40
• Additional commits viewable in compare view

Updates org.springframework.security:spring-security-config from 5.8.8 to 5.8.9

Release notes

Sourced from org.springframework.security:spring-security-config's releases.

5.8.9

⭐ New Features

• Document that Shibboleth Repository is Required for SAML Support #14286
• OAuth2 Resource Server is exposing server information. #13730
• Resolve RequestMatcher at request-time #14078
• Update Java Config Spring MVC documentation #14220

🪲 Bug Fixes

• AnnotationConfigurationException when using PreAuthorize, CGLIB and EnableMethodSecurity #13625
• Authentication not propagated correctly after migrating to SB3 #12877
• Authorization does not show up on Features section #14099
• Documentation about configuring SecuritySocketAcceptorInterceptor in Spring Boot is confusing #13718
• Fix caching error state in ReactiveRemoteJWKSource #13976
• fix wrong document about "jws-algorithms" #14252
• Improve error message when ServletRegistration API is unavailable #14221
• References to WebFlux docs do not link to them #14100
• relay_state should not be included in signing calculation when it is null #13913
• Security configuration is failed to be initialized in a Servlet 6.0 container #13794
• Spring Security documentation confuses "idempotent" with "read-only" in CSRF section #13644
• X-Xss-Protection header "1; mode=block" differs in Servlet and Reactive #11948
• XML namespace with saml2-login configuration fails using Java 8 and spring-security 5.8 #12483

🔨 Dependency Upgrades

• Bump actions/checkout from 3 to 4 #14313
• Bump actions/setup-java from 3 to 4 #14307
• Bump ch.qos.logback:logback-classic from 1.2.12 to 1.2.13 #14240
• Bump Gamesight/slack-workflow-status from 1.0.1 to 1.2.0 #14301
• Bump io-spring-javaformat from 0.0.39 to 0.0.40 #14153
• Bump io.projectreactor.netty:reactor-netty from 1.0.38 to 1.0.39 #14143
• Bump io.projectreactor.netty:reactor-netty from 1.0.39 to 1.0.40 #14290
• Bump io.projectreactor:reactor-bom from 2020.0.37 to 2020.0.38 #14142
• Bump io.projectreactor:reactor-bom from 2020.0.38 to 2020.0.39 #14291
• Bump org.springframework.data:spring-data-bom from 2021.2.17 to 2021.2.18 #14170
• Bump org.springframework:spring-framework-bom from 5.3.30 to 5.3.31 #14154
• Bump slackapi/slack-github-action from 1.19.0 to 1.24.0 #14303
• Bump spring-io/spring-gradle-build-action from 1 to 2 #14308

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​dongelci
• @​dependabot[bot]

Commits

• b97c310 Release 5.8.9
• 59461d9 Clarify RSocket Configuration Docs
• fc007aa Check OpenSAML Version in XML Support
• eaaa813 Fix header value typo
• 10b3a9b Bump Gamesight/slack-workflow-status from 1.0.1 to 1.2.0
• e4cc0a4 Bump slackapi/slack-github-action from 1.19.0 to 1.24.0
• ff71ef4 Bump actions/setup-java from 3 to 4
• 5593655 Bump spring-io/spring-gradle-build-action from 1 to 2
• 47812e5 Bump actions/checkout from 3 to 4
• 89fd30f Bump io.projectreactor.netty:reactor-netty from 1.0.39 to 1.0.40
• Additional commits viewable in compare view

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
org.springframework.security:spring-security-config	[>= 6.a, < 7]
org.springframework.security:spring-security-oauth2-client	[>= 6.a, < 7]
org.springframework.security:spring-security-oauth2-jose	[>= 6.a, < 7]
org.springframework.security:spring-security-web	[>= 6.a, < 7]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)