Bump IdentityServer4 from 2.5.4 to 4.1.2

[dependabot-preview[bot]]

Bumps IdentityServer4 from 2.5.4 to 4.1.2.

Release notes

Sourced from IdentityServer4's releases.

4.1.1

As part of this release we had 6 issues closed.

bugs

• [#4951](IdentityServer/IdentityServer4#4951) Add null check before setting consumedTime
• [#4948](IdentityServer/IdentityServer4#4948) DefaultClaimsService.GetIdentityTokenClaimsAsync uses wrong Resource parameter for ProfileData
• [#4929](IdentityServer/IdentityServer4#4929) Typo in DefaultClaimsService.cs

enhancements

• [#4942](IdentityServer/IdentityServer4#4942) Obfuscate refresh token and authorization code in logs
• [#4935](IdentityServer/IdentityServer4#4935) Update to Message to enable deserialization in .NET 5.0-rc1
• [#4711](IdentityServer/IdentityServer4#4711) Allow setting SameSite mode of the SessionId cookie

4.1.0

As part of this release we had 13 issues closed.

bugs

• [#4854](IdentityServer/IdentityServer4#4854) only re-issue session cookie when client added #4812
• [#4852](IdentityServer/IdentityServer4#4852) add defensive check to fix bug for when session is expired #4844
• [#4851](IdentityServer/IdentityServer4#4851) fix serialization bug on LogoutRequest.Parameters #4655
• [#4850](IdentityServer/IdentityServer4#4850) ensure consumed time is utc
• [#4849](IdentityServer/IdentityServer4#4849) fix bug for consent is saved regardless of RememberConsent
• [#4833](IdentityServer/IdentityServer4#4833) Consent is saved regardless of RememberConsent checkbox value
• [#4812](IdentityServer/IdentityServer4#4812) Sliding Cookies not working for implicit flow in IdentityServer4 v4.x
• [#4712](IdentityServer/IdentityServer4#4712) fix multiple WWW-Authenticate header to one

enhancements

• [#4870](IdentityServer/IdentityServer4#4870) Update JAR mime type
• [#4868](IdentityServer/IdentityServer4#4868) Make identity server work with publish single file in .NET 5.0
• [#4853](IdentityServer/IdentityServer4#4853) add more defensive check on check session endpoint #4051
• [#4794](IdentityServer/IdentityServer4#4794) Add missing awaits on CachingClientStore and CachingResourceStore
• [#4744](IdentityServer/IdentityServer4#4744) Introduce LoggingOptions.AuthorizeRequestSensitiveValuesFilter

4.0.4

As part of this release we had 2 issues closed.

bug

• [#4677](IdentityServer/IdentityServer4#4677) make AutoMapper v10 the min version

enhancement

... (truncated)

Commits

• 997a6cd HtmlEncode iframe URLs in EndSessionCallbackResult #5184 (#5188)
• 0757467 Fix a couple of typos (#5139)
• b96f3ad Correct brackets in CORS docs example (#5129)
• 3ba0182 Specify the default for RefreshTokenExpiration in the documentation (#5121)
• a9f5fba Removed broken community link for Twitter example (#5104)
• 24feda0 Minor Clarification Update to Profile Service Docs (#5101)
• 07898a6 Fix build to work with spaces in the path (#5065)
• 613df53 update sponsors
• 677cb10 Update ci.yml
• 6a07b50 Delete lock.yml
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)