dependencies: bump com.c4-soft.springaddons:spring-addons-oauth2-test from 8.1.13 to 8.1.23

[dependabot]

Bumps com.c4-soft.springaddons:spring-addons-oauth2-test from 8.1.13 to 8.1.23.

Changelog

Sourced from com.c4-soft.springaddons:spring-addons-oauth2-test's changelog.

8.1.23

• gh-284 Configurable Back-Channel LogoutHandler bean
• Boot 3.5.5 as transient dependency

8.1.22

• enable overriding the default HTTP status of OAuth2 client responses with response_http_status request parameter (in addition to X-RESPONSE-STATUS header). This enables to ask a specific status for instance when setting the location of a browser tab, or the action of a <form> tag.

8.1.21

• Apply isSecure (https instead of http) and csrf to MockMvcSupport when using .get(...), .post(...), etc.

8.1.20

• Add SSL bundle auto-configuration for RestClient and WebClient. See the manual for details.
• Transitive dependencies manage by Spring Boot 3.5.4

8.1.18

• Transitive dependencies manage by Spring Boot 3.5.3 (after the regression on application properties in 3.5.1 & 3.5.2)

8.1.16

• gh-276 Some authorization servers allow the definition of roles containing spaces or even commas. ConfigurableJwtGrantedAuthoritiesConverter now splits on (space) or , only String claims (and not the values of List<String> claims any more).

8.1.15

• gh-271 RestClient & WebClient auto-configured by spring-addons-starter-rest now scope tokens issued with client credentials to the application (Spring Security's default is user, which is a waste of resources and a source of latency).

8.1.14

• gh-273: Use servlet.context-path or webflux.base-path when building default OAuth2 URIs. Starting from Spring Boot 3.5.0, the OAuth2 URIs are relative by default, which solves compatibility issues with reverse proxies. Only the post-logout URI should contain an authority as it is provided to the authorization server so that it redirects back to the UI after RP-Initiated Logout (⚠️ when removing the client-uri property or when setting it with a relative URI, set the post-login-redirect-host with a URI containing an authority). The URIs built by spring-addons are now using the 1st provided value in the following order:
  • spring-addons-starter-oidc's client-uri property
  • Spring Boot Web's server.servlet.context-path or server.webflux.base-path depending on the application type
  • /
• Spring Boot 3.5.0 to manage default transitive dependencies (designed to work with Spring Cloud 2025.0.0)

Commits

• 53cdbe4 [maven-release-plugin] prepare release spring-addons-8.1.23
• 42e2f36 Boot 3.5.5 as transient dependency
• 8aadb3e gh-284 Configurable Back-Channel LogoutHandler bean
• ecaf0b8 gh-284 remove the reference to the unsued LogoutHandler bean in servlet stack...
• 1ed9e3c [maven-release-plugin] prepare for next development iteration
• 0d0a29f [maven-release-plugin] prepare release spring-addons-8.1.22
• 2958d13 [maven-release-plugin] prepare for next development iteration
• 298fe7f Update versions in READMEs
• 4404e17 Force OAuth2 client responses status with a request param (was possible only ...
• a1b0ef8 Force OAuth2 client responses status with a request param (was possible only ...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)