build(deps): bump org.springframework.security:spring-security-test from 5.6.1 to 6.0.2

[dependabot]

Bumps org.springframework.security:spring-security-test from 5.6.1 to 6.0.2.

Release notes

Sourced from org.springframework.security:spring-security-test's releases.

6.0.2

⭐ New Features

• CsrfTokenRequestAttributeHandler documentation should reflect that default is XorCsrfTokenRequestAttributeHandler #12651
• Document @EnableWebFluxSecurity requiring @Configuration in 6.0.0 #12444
• Move classpath checks to class member variable #11437
• Reenable R2dbcReactiveOAuth2AuthorizedClientServiceTests Tests #12339
• Revisit Session Management Documentation #12680
• Spring Security 6.0 Migration Guide Should Mention @Configuration Meta-Annotation Removal From Configuration Annotations #12498
• Update broken links, correct gradle command for Windows OS. #12336

🪲 Bug Fixes

• 200 response is returned when ObservationMarkingRequestRejectedHandler is in use #12548
• @EnableReactiveMethodSecurity#useAuthorizationManager should be true #12506
• A typo in form login doc #12678
• Adjusts setRequestHandler javadoc in CsrfWebFilter #12467
• AuthorizationManager method security documentation should use AnnotationMatchingPointcut #12517
• DefaultSavedRequest.doesRequestMatch does not work, when matchingRequestParameterName is set #12671
• Document XMLObject retreival for Asserting Party metadata #12729
• Document XMLObject retreival for Asserting Party metadata #12728
• Duplicate words. #12471
• Fix CSRF protection provided by @EnableWebSocketSecurity / Stomp #12378
• gradlew nativeTest fails with Failed to instantiate [org.springframework.security.test.context.support.WithUserDetailsSecurityContextFactory]: No default constructor found #12614
• Jackson serialization of DefaultSaml2AuthenticatedPrincipal: LinkedMultiValueMap is not in the allowlist #12459
• javax.json.bind.Jsonb to jakarta.json.bind.Jsonb #12616
• NimbusJwtDecoder unknown KID scenario is not correctly tested #12495
• No provider found for OAuth2AuthorizationCodeAuthenticationToken when running Spring Native Reactive app using OAuth2 #12615
• NPE in HttpSecurity#addFilterBefore when mixing custom DSL and standard #12687
• Security observations are not setting their parent osbervation #12524
• SessionManagementConfigurer ignores custom SecurityContextRepository for SessionManagementFilter #12579
• Spring Security 6.0.1 ObservationFilterChainDecorator produce wrong instrument names #12490
• SwitchUserFilter not working in Spring Security 6 #12511
• Update expression-based.adoc #12363
• Update multitenancy.adoc #12474
• WebTestUtilsTestRuntimeHints should only be invoked for Servlet #12622
• Wrong name of the filter in the SecurityContextHolderFilter diagram #12527

🔨 Dependency Upgrades

• Update hibernate-core to 6.1.7.Final #12707
• Update io.projectreactor to 2022.0.3 #12701
• Update io.spring.nohttp to 0.0.11 #12703
• Update jackson-bom to 2.14.2 #12696
• Update jackson-databind to 2.14.2 #12697
• Update jackson-datatype-jsr310 to 2.14.2 #12698
• Update jakarta.servlet.jsp-api to 3.1.1 #12704
• Update junit-bom to 5.9.2 #12708
• Update junit-platform-launcher to 1.9.2 #12710
• Update maven-resolver-provider to 3.8.7 #12705

... (truncated)

Commits

• 7ef659a Release 6.0.2
• f9f6bd3 Merge branch '5.8.x' into 6.0.x
• a93cc3f Merge branch '5.7.x' into 5.8.x
• 2fcf48a Update org.springframework.data to 2021.2.8
• 0398d86 Update org.springframework to 5.3.25
• c9112df Update hibernate-entitymanager to 5.6.15.Final
• 4156766 Update org.aspectj to 1.9.19
• f125785 Update io.spring.nohttp to 0.0.11
• 4643c0d Update blockhound to 1.0.7.RELEASE
• d2d82b5 Update io.projectreactor to 2020.0.28
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)