fix: bump spring security to 6.3.4 and liquibase maven plugin to 4.19.0

pom.xml

@@ -30,7 +30,8 @@
     <!-- force at least version 2.16 due to https://logging.apache.org/log4j/2.x/security.html -->
     <log4j.version>2.16.0</log4j.version>
     <openapi.generator.maven.version>6.2.1</openapi.generator.maven.version>
-    <liquibase-maven-plugin.version>4.1.1</liquibase-maven-plugin.version>
+    <liquibase-maven-plugin.version>4.19.0</liquibase-maven-plugin.version>
+    <spring.security.version>6.3.4</spring.security.version>
     <liquibase-core.version>4.9.1</liquibase-core.version>
   </properties>
   <dependencyManagement>
@@ -62,10 +63,6 @@
       <groupId>org.springframework.boot</groupId>
       <artifactId>spring-boot-starter-validation</artifactId>
     </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-core</artifactId>
-    </dependency>
     <dependency>
       <groupId>org.springframework.boot</groupId>
       <artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
@@ -74,6 +71,13 @@
       <groupId>org.springframework.boot</groupId>
       <artifactId>spring-boot-starter-web</artifactId>
     </dependency>
+    <dependency>
+      <groupId>org.springframework.security</groupId>
+      <artifactId>spring-security-bom</artifactId>
+      <version>${spring.security.version}</version>
+      <scope>provided</scope>
+      <type>pom</type>
+    </dependency>
     <dependency>
       <groupId>org.springframework.boot</groupId>
       <artifactId>spring-boot-starter-amqp</artifactId>