…aa@sha256:b690567322e472a2c3edb33e25129bcba0d97caa00c16bce6375244ce11f7000

Bumps [k8s.io/api](https://github.com/kubernetes/api) from 0.20.1 to 0.20.2.
- [Release notes](https://github.com/kubernetes/api/releases)
- [Commits](kubernetes/api@v0.20.1...v0.20.2)

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…aa@sha256:fbb538ec49088e7d1077e083348ef1eda4c0de84ec7bbf0a636733812778fa95

* Add multiple client secret support for uaa.yml

* Add test for multiple client secrets in uaa.yml

* Type conversion and update client handling

* Prevent NullPointer if existing password is null

Bumps [k8s.io/client-go](https://github.com/kubernetes/client-go) from 0.20.1 to 0.20.2.
- [Release notes](https://github.com/kubernetes/client-go/releases)
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](kubernetes/client-go@v0.20.1...v0.20.2)

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…aa@sha256:66f04df3439eae35373850d29b88b5cd3981f51e3811133d0279a86f1409a008

Bumps [jasmine](https://github.com/jasmine/jasmine-npm) from 3.6.1 to 3.6.3.
- [Release notes](https://github.com/jasmine/jasmine-npm/releases)
- [Commits](jasmine/jasmine-npm@v3.6.1...v3.6.3)

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…aa@sha256:40b74a03b4fc897cc1404a38b69b03fb82a46e16e0f199f619c76541a5efd0fb

* Bump - spring boot 2.4.1 - framework 5.3.2

* adaptions for upgrade:

- adapt template invite
- test build in statsd-lib
- test expectation string in MfaUiRequiredFilterTests

* adapt authentication manager

use info from
https://stackoverflow.com/questions/56866472/spring-mvc-authenticationmanager-expected-single-matching-bean-but-found-4

* adapt test compare

* fix leftover from spring boot update

* retrigger

* retrigger

* retrigger

* Bump jasmine from 3.6.3 to 3.6.4 in /uaa

Bumps [jasmine](https://github.com/jasmine/jasmine-npm) from 3.6.3 to 3.6.4.
- [Release notes](https://github.com/jasmine/jasmine-npm/releases)
- [Commits](jasmine/jasmine-npm@v3.6.3...v3.6.4)

Signed-off-by: dependabot[bot] <[email protected]>

* Update package.json

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Markus Strehle <[email protected]>

…aa@sha256:63157b274647127a4a50ecd940bbe52439a63297130fbe80d5a2a14bb7220117

* Bump version spring oauth 2.5.0.RELEASE

* Refactoring of test code:
copy RandomValueStringGenerator from oauth 2.4.0 and replace usage in tests where ASCII random is needed, e.g. zone creation.bump/spring-oauth

* Update RandomValueStringGenerator.java

* use test class

* Update MfaProviderEndpointDocs.java

…dfoundry#1504)

…undry#1505)

slow down, check client before useing

…aa@sha256:cc0d315b3652468fdd1f34c2a13fb1be41ef43c5e982ed11bdc15d1e15817b8a

…loudfoundry#1497)

…aa@sha256:18b29dff62b549b4cd399a00ad6cda9e875cbae4af140fc5d10c47f7ac5e1b58

…undry#1508)

[Changelog](https://github.com/bcgit/bc-java/blob/master/docs/releasenotes.html)

…aa@sha256:0298579a5c4d3a9cbe4712f7c348ddc17e125aa188387b876f8fdf7de0a31e52

…sue1340

Update jQuery version to v3.5.1

…aa@sha256:2290834a460787995cd0cde47c0238dcb38b1b56d2e3bdbd4e9b28b66c4df431

- displays microseconds with UTC+0 timezone

[#176231038]

Co-authored-by: Ryker Reed <[email protected]>

…aa@sha256:36a7180c26dffe6906b2d28133b7829ee60357e24bf890725ed168a622285157

- and update test to point to new repo
- to be consistent with other CF components
- to resolve rate-limiting issue reported by relint team

[#176486720]

temporarily so that CI would go through

[#176486720]

…/uaa@sha256:7b76095c9848216b4871b7120fe5366ab560d20635027c17833267d5e425197f

This reverts commit 46cc261.

…/uaa@sha256:37fcf63a156b75174fbc7be0e3809d64cda6851de0bfe6fa7f12793d919de96a

…/uaa@sha256:c1d54700f1e6b8fabe49917a8e4ca59f381a11c69982439525f9af8a08f29e0c

* the previous version of mime has a vulnerability
  https://nvd.nist.gov/vuln/detail/CVE-2017-16138

…/uaa@sha256:7fd48f08134e279a4fe2b8a200ecfdca8cda847175df38f1293e9818d7dd53cc

- and print out the DB boot log if fail to start

[#177100664]

by change I found warnings in log. in total 3 warnings found

[THYMELEAF][Test worker] Template Mode 'HTML5' is deprecated. Using Template Mode 'HTML' instead.
[THYMELEAF][Test worker] Template Mode 'HTML5' is deprecated. Using Template Mode 'HTML' instead.
Initializing Spring TestDispatcherServlet ''
Initializing Servlet ''
Completed initialization in 3 ms
The layout:decorator/data-layout-decorator processor has been deprecated and will be removed in the next major version of the layout dialect.  Please use layout:decorate/data-layout-decorate instead to future-proof your code.  See ultraq/thymeleaf-layout-dialect#95 for more information.
Fragment expression "layouts/main" is being wrapped as a Thymeleaf 3 fragment expression (~{...}) for backwards compatibility purposes.  This wrapping will be dropped in the next major version of the expression processor, so please rewrite as a Thymeleaf 3 fragment expression to future-proof your code.  See thymeleaf/thymeleaf#451 for more information.

## ultraq/thymeleaf-layout-dialect#95 , changed layout:decorator to layout:decorate
## use template mode HTML instead of HTML5
## swtiched back to from th:with="isLdap which was removed with spring update

* spring boot 2.4.4
* spring framework 5.3.5
* tomcat 9.0.41

…ry#1532)

Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.10.4 to 1.11.0.
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](onsi/gomega@v1.10.4...v1.11.0)

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [k8s.io/api](https://github.com/kubernetes/api) from 0.20.2 to 0.20.5.
- [Release notes](https://github.com/kubernetes/api/releases)
- [Commits](kubernetes/api@v0.20.2...v0.20.5)

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…ry#1535)

Bumps [github.com/onsi/ginkgo](https://github.com/onsi/ginkgo) from 1.14.2 to 1.15.2.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](onsi/ginkgo@v1.14.2...v1.15.2)

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [k8s.io/client-go](https://github.com/kubernetes/client-go) from 0.20.2 to 0.20.5.
- [Release notes](https://github.com/kubernetes/client-go/releases)
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](kubernetes/client-go@v0.20.2...v0.20.5)

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

At the moment, when the user visits:

```
/invitations/accept?code=some-code
```

the invitation code from their email is immediately expired and replaced
with a newly generated code which is put in a hidden input in the HTML
form. Each time the user submits the form, the code is expired and (if
necessary - e.g. if there's a validation issue) replaced with a new one.

This is fine so long as the user fills the form in immediately, but
there are a number of edge cases where this approach causes usability
problems:

1) If the user refreshes the page it will tell them their invitation has
   expired.
2) If the user closes the tab without submitting the form, and then
   follows the invitation link from their email later it will show as
   expired.
3) If the user's email client or web browser pre-fetches the link for
   any reason (e.g. virus scanning / spam detection / performance
   optimisation) then the link will not work when they follow it for
   real.

The third issue is the most serious.

We (GOV.UK PaaS) have had some very users working in places that
pre-fetch links in emails (for some reason or other), and this means
they're completely unable to accept invitations. Judging from the irate
support tickets we've had from these users the experience is pretty
frustrating.

This commit changes the GET request to /invitations/accept so that it
does not expire the token (unless the invitation is being auto-accepted).

The POST handler is unchanged, so if the user actually submits the form
then the token will change (as it did before), even if there's a
validation issue that prevents the invitation being accepted.

This change fixes the usability issues, and makes the behaviour more
consistent with HTTP's semantics (in the sense that GET requests should
be "safe" - should not modify the state of the server).

Signed-off-by: Toby Lorne <[email protected]>

Bumps [k8s.io/client-go](https://github.com/kubernetes/client-go) from 0.20.1 to 0.21.0.
- [Release notes](https://github.com/kubernetes/client-go/releases)
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](kubernetes/client-go@v0.20.1...v0.21.0)

Signed-off-by: dependabot[bot] <[email protected]>