Upgrade to Spring Security 5.4.5

wilkinsona · wilkinsona · commit bb56de715bd5 · 2021-02-18T11:33:18.000Z
This commit also downgrade JOSE JWT to address an incompatibility with the OIDC SDK 8.x. The OIDC SDK has also been upgraded to the latest 8.x release to align with the version used by Spring Security. Closes gh-25221 Fixes gh-25070
diff --git a/spring-boot-project/spring-boot-dependencies/build.gradle b/spring-boot-project/spring-boot-dependencies/build.gradle
@@ -1196,14 +1196,14 @@ bom {
 			]
 		}
 	}
-	library("OAuth2 OIDC SDK", "8.23.1") {
+	library("OAuth2 OIDC SDK", "8.36") {
 		group("com.nimbusds") {
 			modules = [
 				"oauth2-oidc-sdk"
 			]
 		}
 	}
-	library("Nimbus JOSE JWT", "9.1.3") {
+	library("Nimbus JOSE JWT", "8.20.2") {
 		group("com.nimbusds") {
 			modules = [
 				"nimbus-jose-jwt"
@@ -1624,7 +1624,7 @@ bom {
 			]
 		}
 	}
-	library("Spring Security", "5.4.2") {
+	library("Spring Security", "5.4.5") {
 		group("org.springframework.security") {
 			imports = [
 				"spring-security-bom"

Original file line number	Diff line number	Diff line change
`@@ -1196,14 +1196,14 @@ bom {`
`1196`	`1196`	`]`
`1197`	`1197`	`}`
`1198`	`1198`	`}`
`1199`		`- library("OAuth2 OIDC SDK", "8.23.1") {`
	`1199`	`+ library("OAuth2 OIDC SDK", "8.36") {`
`1200`	`1200`	`group("com.nimbusds") {`
`1201`	`1201`	`modules = [`
`1202`	`1202`	`"oauth2-oidc-sdk"`
`1203`	`1203`	`]`
`1204`	`1204`	`}`
`1205`	`1205`	`}`
`1206`		`- library("Nimbus JOSE JWT", "9.1.3") {`
	`1206`	`+ library("Nimbus JOSE JWT", "8.20.2") {`
`1207`	`1207`	`group("com.nimbusds") {`
`1208`	`1208`	`modules = [`
`1209`	`1209`	`"nimbus-jose-jwt"`
`@@ -1624,7 +1624,7 @@ bom {`
`1624`	`1624`	`]`
`1625`	`1625`	`}`
`1626`	`1626`	`}`
`1627`		`- library("Spring Security", "5.4.2") {`
	`1627`	`+ library("Spring Security", "5.4.5") {`
`1628`	`1628`	`group("org.springframework.security") {`
`1629`	`1629`	`imports = [`
`1630`	`1630`	`"spring-security-bom"`