Bump org.springframework.security:spring-security-bom from 5.8.8 to 5.8.9

[dependabot]

Bumps org.springframework.security:spring-security-bom from 5.8.8 to 5.8.9.

Release notes

Sourced from org.springframework.security:spring-security-bom's releases.

5.8.9

⭐ New Features

• Document that Shibboleth Repository is Required for SAML Support #14286
• OAuth2 Resource Server is exposing server information. #13730
• Resolve RequestMatcher at request-time #14078
• Update Java Config Spring MVC documentation #14220

🪲 Bug Fixes

• AnnotationConfigurationException when using PreAuthorize, CGLIB and EnableMethodSecurity #13625
• Authentication not propagated correctly after migrating to SB3 #12877
• Authorization does not show up on Features section #14099
• Documentation about configuring SecuritySocketAcceptorInterceptor in Spring Boot is confusing #13718
• Fix caching error state in ReactiveRemoteJWKSource #13976
• fix wrong document about "jws-algorithms" #14252
• Improve error message when ServletRegistration API is unavailable #14221
• References to WebFlux docs do not link to them #14100
• relay_state should not be included in signing calculation when it is null #13913
• Security configuration is failed to be initialized in a Servlet 6.0 container #13794
• Spring Security documentation confuses "idempotent" with "read-only" in CSRF section #13644
• X-Xss-Protection header "1; mode=block" differs in Servlet and Reactive #11948
• XML namespace with saml2-login configuration fails using Java 8 and spring-security 5.8 #12483

🔨 Dependency Upgrades

• Bump actions/checkout from 3 to 4 #14313
• Bump actions/setup-java from 3 to 4 #14307
• Bump ch.qos.logback:logback-classic from 1.2.12 to 1.2.13 #14240
• Bump Gamesight/slack-workflow-status from 1.0.1 to 1.2.0 #14301
• Bump io-spring-javaformat from 0.0.39 to 0.0.40 #14153
• Bump io.projectreactor.netty:reactor-netty from 1.0.38 to 1.0.39 #14143
• Bump io.projectreactor.netty:reactor-netty from 1.0.39 to 1.0.40 #14290
• Bump io.projectreactor:reactor-bom from 2020.0.37 to 2020.0.38 #14142
• Bump io.projectreactor:reactor-bom from 2020.0.38 to 2020.0.39 #14291
• Bump org.springframework.data:spring-data-bom from 2021.2.17 to 2021.2.18 #14170
• Bump org.springframework:spring-framework-bom from 5.3.30 to 5.3.31 #14154
• Bump slackapi/slack-github-action from 1.19.0 to 1.24.0 #14303
• Bump spring-io/spring-gradle-build-action from 1 to 2 #14308

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​dongelci
• @​dependabot[bot]

Commits

• b97c310 Release 5.8.9
• 59461d9 Clarify RSocket Configuration Docs
• fc007aa Check OpenSAML Version in XML Support
• eaaa813 Fix header value typo
• 10b3a9b Bump Gamesight/slack-workflow-status from 1.0.1 to 1.2.0
• e4cc0a4 Bump slackapi/slack-github-action from 1.19.0 to 1.24.0
• ff71ef4 Bump actions/setup-java from 3 to 4
• 5593655 Bump spring-io/spring-gradle-build-action from 1 to 2
• 47812e5 Bump actions/checkout from 3 to 4
• 89fd30f Bump io.projectreactor.netty:reactor-netty from 1.0.39 to 1.0.40
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[sonarcloud]

Quality Gate passed

Kudos, no new issues were introduced!

0 New issues
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarCloud

[codecov-commenter]

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (1d7c906) 70.36% compared to head (8836dee) 70.38%.

Additional details and impacted files

@@            Coverage Diff             @@
##              3.2   #13569      +/-   ##
==========================================
+ Coverage   70.36%   70.38%   +0.01%     
==========================================
  Files        1603     1603              
  Lines       69886    69886              
  Branches    10092    10092              
==========================================
+ Hits        49177    49190      +13     
+ Misses      16090    16073      -17     
- Partials     4619     4623       +4     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.