build(deps): bump com.unboundid.product.scim2:scim2-sdk-client from 4.0.0 to 4.1.0 (#4621)

Bumps
[com.unboundid.product.scim2:scim2-sdk-client](https://github.com/pingidentity/scim2)
from 4.0.0 to 4.1.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pingidentity/scim2/blob/master/CHANGELOG.md">com.unboundid.product.scim2:scim2-sdk-client's
changelog</a>.</em></p>
<blockquote>
<h2>v4.1.0 - 2025-Oct-06</h2>
<p>Added new methods to the Path class to simplify certain usages and
make interaction, especially
instantiation, less verbose. These include:</p>
<ul>
<li>Creation of simple attributes (e.g., <code>username</code>)
previously had to be performed with
<code>Path.root().attribute(&quot;userName&quot;)</code>, but can now be
done with <code>Path.of(&quot;userName&quot;)</code>. Note that
this may only be used for simple, top-level attributes that are
typically hard-coded.</li>
<li>For fetching the last element in a path, library calls such as
<code>path.getElement(path.size() - 1)</code> can now be shortened to
<code>path.getLastElement()</code>.</li>
</ul>
<p>Updated the documentation of the Path class to elaborate on the
definition of an attribute path, as
well as provide examples for how to interface with the class.</p>
<p>Simplified integration with the <code>scim2-sdk-client</code> library
by updating subclasses of
<code>RequestBuilder</code> to always provide
<code>GenericScimResource</code> objects for JSON payloads. In previous
releases, applications needed to use the right JSON properties in the
environment so that the client
library would send proper JSON when issuing HTTP requests. This update
to the client library places
the responsibility for serialization on the SCIM SDK itself, and reduces
the number of HTTP client
configuration properties to set within your application. If you have
added custom HTTP configuration
to your project specifically for the SCIM SDK, you may be able to remove
some properties.</p>
<p>Updated the following dependencies:</p>
<ul>
<li>Jackson: 2.19.2</li>
</ul>
<p>Added a new <code>ForbiddenException.sensitive()</code> method to
simplify the creation of a <code>403 FORBIDDEN</code>
exception for a client that has entered potentially-sensitive
information via URL query parameters.
This exception encourages SCIM clients to re-issue these requests as a
POST search request that is
less susceptible to leaking this information from web browsers or log
data.</p>
<p>Deprecated the <code>BaseScimResource#addExtensionValue</code>
methods, since they allowed creating schema
extension attributes whose values are arrays instead of objects. Since
this is a form that is not
used in practice, these methods will be removed in a future release.</p>
<p>Fixed an issue where deserialization of <code>ListResponse</code>
objects could result in <code>ClassCastException</code>
errors if an application tried to use fields stored in the
<code>Resources</code> array. Now, the SCIM SDK
supports these conversions (via Jackson <code>TypeReference</code>
objects). See the class-level Javadoc of
ListResponse for more information. As a result of this change, the
map-based constructor,

<code>com.unboundid.scim2.common.messages.ListResponse.ListResponse(java.util.Map)</code>,
is now deprecated
and will be removed in a future release.</p>
<p>Updated documentation for <code>GroupResource</code> and
<code>Group</code> to highlight the distinction between the
classes, as well as provide examples of how they may be used.
GroupResource represents a group
object/entity, whereas a <code>Group</code> is a subfield on a user
resource (like <code>Email</code>). The documentation
for <code>UserResource</code> was also updated.</p>
<p>Added support for non-standard group membership patch remove requests
that contain a value. An
example JSON for this request type is shared below:</p>
<pre lang="json"><code>    {
&quot;schemas&quot;: [
&quot;urn:ietf:params:scim:api:messages:2.0:PatchOp&quot; ],
      &quot;Operations&quot;: [{
&lt;/tr&gt;&lt;/table&gt; 
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="b780494e99"><code>b780494</code></a>
Setting release version 4.1.0</li>
<li><a
href="b6ed7c8ca0"><code>b6ed7c8</code></a>
Add relativePath to child pom.xml files.</li>
<li><a
href="dbfc354685"><code>dbfc354</code></a>
Revert version updates to re-attempt release.</li>
<li><a
href="8ce6abea34"><code>8ce6abe</code></a>
Setting release version 4.1.1-SNAPSHOT</li>
<li><a
href="d0ddde50bf"><code>d0ddde5</code></a>
Setting release version 4.1.0</li>
<li><a
href="1ee18e958e"><code>1ee18e9</code></a>
Update CHANGELOG date for the next release.</li>
<li><a
href="ee20b63fe0"><code>ee20b63</code></a>
Fix incorrect Javadoc.</li>
<li><a
href="ffc152af6a"><code>ffc152a</code></a>
Support non-standard patch group membership remove</li>
<li><a
href="313bccc925"><code>313bccc</code></a>
Deprecate BaseScimResource#addExtensionValue</li>
<li><a
href="3c6bb67773"><code>3c6bb67</code></a>
Update formatting and documentation.</li>
<li>Additional commits viewable in <a
href="https://github.com/pingidentity/scim2/compare/scim2-4.0.0...scim2-4.1.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.unboundid.product.scim2:scim2-sdk-client&package-manager=gradle&previous-version=4.0.0&new-version=4.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

app/proprietary/build.gradle

@@ -57,7 +57,7 @@ dependencies {
 
     implementation 'org.thymeleaf.extras:thymeleaf-extras-springsecurity5:3.1.3.RELEASE'
     api 'io.micrometer:micrometer-registry-prometheus'
-    implementation 'com.unboundid.product.scim2:scim2-sdk-client:4.0.0'
+    implementation 'com.unboundid.product.scim2:scim2-sdk-client:4.1.0'
 
     api "io.jsonwebtoken:jjwt-api:$jwtVersion"
     runtimeOnly "io.jsonwebtoken:jjwt-impl:$jwtVersion"