Update dependency org.springframework.security:spring-security-crypto to v5.4.6

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
org.springframework.security:spring-security-crypto (source)	5.3.4.RELEASE -> 5.4.6

---

Release Notes

spring-projects/spring-security

v5.4.6

Compare Source

🪲 Bug Fixes

• Add null check in CsrfFilter and CsrfWebFilter #​9592
• @​Order annotations cannot be used with @​Bean methods #​9517

🔨 Dependency Upgrades

• Update to Spring Boot 2.4.4 #​9613

v5.4.5

Compare Source

🪲 Bug Fixes

• Downgrade to Nimbus JOSE JWT 8.+ #​9453

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​wilkinsona

v5.4.4

Compare Source

This release fixes a problem with the release of 5.4.3

⭐ New Features

• Migrate SAML 2.0 Samples to Use PCFOne #​9369
• Resolve artifacts from Maven Central first #​9367
• Use constant time comparisons for CSRF tokens #​9357
• Improve HttpSessionSecurityContextSessionRepository Performance #​9388

🪲 Bug Fixes

• OAuth2ResourceServerSpecTests and OAuth2WebClientControllerTests fail #​9426
• Fix custom marshaller example #​9409
• Fix beanResolver missing in CurrentSecurityContextArgumentResolver. #​9403
• CurrentSecurityContextArgumentResolver should configure BeanResolver #​9402
• Consider downgrading to Nimbus 8 #​9399
• Remove notEmpty check for authorities in DefaultOAuth2User #​9396
• Wrong example name in Spring Security documentation #​9383
• Make user info response status check error only #​9376
• Malformed WWW-Authenticate Causes NPE #​9364
• CsrfWebFilter creates CsrfException with incorrect message when no token is found #​9338
• Exception when declaring multiple AuthenticationManager beans #​9332
• webflux-x509 sample cert needs renewal #​9322
• OidcIdToken cannot be serialized to JSON if token contains claim of type JSONArray #​9258

🔨 Dependency Upgrades

• Update to GAE 1.9.86 #​9448
• Update to Spring Boot 2.4.2 #​9447
• Update to Kotlin 1.4.30 #​9446

v5.4.3

Compare Source

⭐ New Features

• Migrate SAML 2.0 Samples to Use PCFOne #​9369
• Resolve artifacts from Maven Central first #​9367
• Use constant time comparisons for CSRF tokens #​9357
• Improve HttpSessionSecurityContextSessionRepository Performance #​9388

🪲 Bug Fixes

• OAuth2ResourceServerSpecTests and OAuth2WebClientControllerTests fail #​9426
• Fix custom marshaller example #​9409
• Fix beanResolver missing in CurrentSecurityContextArgumentResolver. #​9403
• CurrentSecurityContextArgumentResolver should configure BeanResolver #​9402
• Consider downgrading to Nimbus 8 #​9399
• Remove notEmpty check for authorities in DefaultOAuth2User #​9396
• Wrong example name in Spring Security documentation #​9383
• Make user info response status check error only #​9376
• Malformed WWW-Authenticate Causes NPE #​9364
• CsrfWebFilter creates CsrfException with incorrect message when no token is found #​9338
• Exception when declaring multiple AuthenticationManager beans #​9332
• webflux-x509 sample cert needs renewal #​9322
• OidcIdToken cannot be serialized to JSON if token contains claim of type JSONArray #​9258

🔨 Dependency Upgrades

• Update to GAE 1.9.86 #​9448
• Update to Spring Boot 2.4.2 #​9447
• Update to Kotlin 1.4.30 #​9446

v5.4.2

Compare Source

⭐ New Features

• Update snapshot build dependencies #​9254
• Update to Gradle 6.6.1 #​9232

🪲 Bug Fixes

• Tests should not combine Authentication and @​AuthenticationPrincipal #​9255
• Remove empty Appendix Section from docs #​9253
• CookieRequestCache handles URL encoded query parameters incorrectly #​9252
• Improve Metadata URL Documentation #​9251

🔨 Dependency Upgrades

• Update to Google App Engine 1.9.83 #​9250
• Update to Kotlin 1.4.20 #​9249
• Update to Spring Boot 2.4.0 #​9248
• 5.4.x Snapshot Build Should Point to Other Maintenance Branches #​9162

v5.4.1

Compare Source

⭐ New Features

• Replace expired msdn link with latest web archive copy #​9050
• Add documentation for StrictHttpFirewall enhancements #​9038
• Replace Tomcat6 URL for SSL Guide to Tomcat 10 #​9034
• Use AssertJ for exception testing #​9013

🪲 Bug Fixes

• Add try-with-resources to close stream #​9053
• RelyingPartyRegistrations Fails to Read Keycloak Metadata #​9051
• fix miswritten comment of FormLoginDsl.kt #​9042
• Adapt to WebClient's new exception wrapping #​9031
• StandardInterceptUrlRegistry should not refer to ExpressionUrlAuthorizationConfigurer #​9026
• Fix broken Mono chain #​9022
• Use Schedulers.boundedElastic for UUID.randomUUID #​9021
• CookieServerCsrfTokenRepository#createNewToken should use Schedulers.boundedElastic #​9018
• WebSessionServerCsrfTokenRepository#generateToken() don't use Schedulers.boundedElastic() #​9017
• NullPointerException SessionRegistryImpl.onApplicationEvent(SessionRegistryImpl.java:111) #​9011
• Quick javadoc fix for DelegatingPasswordEncoder #​8890

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​muRn
• @​b12f10w
• @​uy-rrodriguez
• @​geonu1109
• @​tt4g
• @​philwebb
• @​MeTPP

v5.4.0

Compare Source

⭐ New Features

• Add What's New in 5.4 #​9002
• Add What's New in 5.4 Section to Docs #​9001
• Add Resource Server Servlet Logging #​9000
• Simplify saml2Login Samples #​8990
• Remove Framework Tests from saml2Login Sample #​8989
• Add authenticationManagerResolver to resource server Kotlin DSL #​8981
• Generalize SAML 2.0 Assertion Validation Support #​8970
• Update abstract-authentication-processing-filter.adoc #​8965
• Add spring-javaformat checkstyle and formatting #​8946
• Add hasAnyRole and hasAnyAuthority to authorizeRequests in Kotlin DSL #​8926
• Add hasAnyAuthority(String...) and hasAnyRole(String...) to authorizeRequests in Kotlin DSL #​8892
• Resolve oauth2 client-id, client-secret placeholders #​8880
• Restructure SAML 2.0 documentation #​8763
• security:client-registrations doesn't take propertyconfigurer properties #​8453

🪲 Bug Fixes

• Clickjacking demo in docs: YouTube link in X-Frame-Options section leads to private video #​8986
• NoClassDefFoundError: AuthMetadataFlyweight at o.s.s.r.m.SimpleAuthenticationEncoder #​8948
• SAML attributes not parsed correctly with prefixed XML elements #​8864
• Don't use oidc scopes_supported for scope as default in ClientRegistrations #​8790
• scopes_supported metadata should not be used as default in ClientRegistrations #​8514

🔨 Dependency Upgrades

• Set springDataVersion to Neumann-SR+ #​9007
• Set rsocketVersion to 1.0.+ #​9006

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​evgeniycheban
• @​jzheaux
• @​taoroot
• @​philwebb
• @​koishikawa11
• @​martin-v

v5.3.9.RELEASE

Compare Source

🪲 Bug Fixes

• Add null check in CsrfFilter and CsrfWebFilter #​9593

🔨 Dependency Upgrades

• Update to Spring Boot 2.2.13 #​9614

v5.3.8.RELEASE

Compare Source

This release fixes a problem with the release of 5.3.7.

⭐ New Features

• Improve HttpSessionSecurityContextSessionRepository Performance #​9391
• Improve HttpSessionSecurityContextSessionRepository Performance #​9389
• Migrate SAML 2.0 Samples to Use PCFOne #​9370
• Resolve artifacts from Maven Central first #​9368
• Use constant time comparisons for CSRF tokens #​9358

🪲 Bug Fixes

• Fix the 5.3.7.RELEASE
• OAuth2ResourceServerSpecTests and OAuth2WebClientControllerTests fail #​9427
• CurrentSecurityContextArgumentResolver should configure BeanResolver #​9405
• Fix beanResolver missing in CurrentSecurityContextArgumentResolver. #​9404
• Remove notEmpty check for authorities in DefaultOAuth2User #​9397
• Wrong example name in Spring Security documentation #​9384
• CsrfWebFilter creates CsrfException with incorrect message when no token is found #​9339
• webflux-x509 sample cert needs renewal #​9323
• OidcIdToken cannot be serialized to JSON if token contains claim of type JSONArray #​9259

v5.3.7.RELEASE

Compare Source

⭐ New Features

• Improve HttpSessionSecurityContextSessionRepository Performance #​9391
• Improve HttpSessionSecurityContextSessionRepository Performance #​9389
• Migrate SAML 2.0 Samples to Use PCFOne #​9370
• Resolve artifacts from Maven Central first #​9368
• Use constant time comparisons for CSRF tokens #​9358

🪲 Bug Fixes

• OAuth2ResourceServerSpecTests and OAuth2WebClientControllerTests fail #​9427
• CurrentSecurityContextArgumentResolver should configure BeanResolver #​9405
• Fix beanResolver missing in CurrentSecurityContextArgumentResolver. #​9404
• Remove notEmpty check for authorities in DefaultOAuth2User #​9397
• Wrong example name in Spring Security documentation #​9384
• CsrfWebFilter creates CsrfException with incorrect message when no token is found #​9339
• webflux-x509 sample cert needs renewal #​9323
• OidcIdToken cannot be serialized to JSON if token contains claim of type JSONArray #​9259

v5.3.6.RELEASE

Compare Source

🪲 Bug Fixes

• Remove empty Appendix Section from docs #​9161
• Tests should not combine Authentication and @​AuthenticationPrincipal #​9125

🔨 Dependency Upgrades

• Update to Google App Engine 1.9.83 #​9247
• Update to Spring Boot 2.2.11 #​9246

v5.3.5.RELEASE

Compare Source

🪲 Bug Fixes

• SpringSecurityCoreVersion.java getSpringVersion() method does not close stream. #​9057
• CookieServerCsrfTokenRepository#createNewToken should use Schedulers.boundedElastic #​9024

🔨 Dependency Upgrades

• Update to AspectJ 1.9.6 #​9106
• Update to Google App Engine 1.9.82 #​9105
• Update to Spring Boot 2.2.10.RELEASE #​9104

---

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻️ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box.

---

This PR has been generated by WhiteSource Renovate. View repository job log here.