Bump org.springframework.security:spring-security-bom from 6.1.5 to 6.1.6

[dependabot]

Bumps org.springframework.security:spring-security-bom from 6.1.5 to 6.1.6.

Release notes

Sourced from org.springframework.security:spring-security-bom's releases.

6.1.6

⭐ New Features

• Document that Shibboleth Repository is Required for SAML Support #14294
• Integrate HandlerMappingIntrospector Caching #14128
• OAuth2 Resource Server is exposing server information. #14277
• Resolve RequestMatcher at request-time #14085

🪲 Bug Fixes

• AnnotationConfigurationException when using PreAuthorize, CGLIB and EnableMethodSecurity #14266
• Authentication not propagated correctly after migrating to SB3 #14111
• Authorization does not show up on Features section #14104
• DefaultLoginPageGeneratingFilter should be able to handle AuthenticationExceptions without message #14117
• Fix broken link for servlet getting started page #14119
• Fix typo in method-security.adoc #14059
• fix wrong document about "jws-algorithms" #14279
• Improve error message when ServletRegistration API is unavailable #14231
• improve render in headers.adoc #14101
• On Cancel, ObservationWebFilterDecorator Starts After-Filter Span without Stopping It #14063
• ReactiveRemoteJWKSource caches invalid response status into jwkSetURL #14041
• References to WebFlux docs do not link to them #14107
• relay_state should not be included in signing calculation when it is null #14038
• samesite set by Tomcat CookieProcessor ignored when creating XSRF-TOKEN cookie in CsrfTokenRepository #14131
• Security configuration is failed to be initialized in a Servlet 6.0 container #14165
• Spring Security documentation confuses "idempotent" with "read-only" in CSRF section #14114
• Spring Security metric names should not contain dashes #14066
• spring.security counters inaccurate due onComplete and cancel() #14146
• Update Java Config Spring MVC documentation #14233
• Update logout.adoc: Replace Directives with Directive #14062

🔨 Dependency Upgrades

• Bump actions/checkout from 3 to 4 #14310
• Bump actions/setup-java from 3 to 4 #14327
• Bump ch.qos.logback:logback-classic from 1.4.11 to 1.4.13 #14214
• Bump ch.qos.logback:logback-classic from 1.4.13 to 1.4.14 #14238
• Bump com.unboundid:unboundid-ldapsdk from 6.0.10 to 6.0.11 #14224
• Bump Gamesight/slack-workflow-status from 1.0.1 to 1.2.0 #14317
• Bump Gradle Wrapper from 8.4 to 8.5 #14218
• Bump io-spring-javaformat from 0.0.39 to 0.0.40 #14158
• Bump io.micrometer:micrometer-observation from 1.10.12 to 1.10.13 #14134
• Bump io.projectreactor:reactor-bom from 2022.0.12 to 2022.0.13 #14144
• Bump io.projectreactor:reactor-bom from 2022.0.13 to 2022.0.14 #14288
• Bump org-aspectj from 1.9.20.1 to 1.9.21 #14272
• Bump org-eclipse-jetty from 11.0.17 to 11.0.18 #14081
• Bump org.springframework.data:spring-data-bom from 2022.0.11 to 2022.0.12 #14173
• Bump org.springframework:spring-framework-bom from 6.0.13 to 6.0.14 #14159
• Bump org.springframework:spring-framework-bom from 6.0.14 to 6.0.15 #14312
• Bump sjohnr/slack-workflow-status from 1.pre.beta to 1.1.0 #14315

... (truncated)

Commits

• f5c9c7d Release 6.1.6
• 142b268 Use CompositeFilterChainProxy
• 70dfb3d Add HandlerMappingIntrospector Caching
• 1bb5fe4 Bump actions/setup-java from 3 to 4
• 87e6986 Revert "Bump sjohnr/slack-workflow-status from 1.pre.beta to 1.1.0"
• b2c3bc6 Bump spring-io/spring-gradle-build-action from 1 to 2
• 652f98a Bump actions/checkout from 3 to 4
• fd02d70 Bump org.springframework:spring-framework-bom from 6.0.14 to 6.0.15
• 40dd7a0 Bump sjohnr/slack-workflow-status from 1.pre.beta to 1.1.0
• 53b640e Bump slackapi/slack-github-action from 1.19.0 to 1.24.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)