Skip to content

Bump com.nimbusds:nimbus-jose-jwt from 10.0.2 to 10.2 in /plugins/repository-azure#327

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/gradle/plugins/repository-azure/com.nimbusds-nimbus-jose-jwt-10.2
Closed

Bump com.nimbusds:nimbus-jose-jwt from 10.0.2 to 10.2 in /plugins/repository-azure#327
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/gradle/plugins/repository-azure/com.nimbusds-nimbus-jose-jwt-10.2

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Apr 14, 2025
edited
Loading

Bumps com.nimbusds:nimbus-jose-jwt from 10.0.2 to 10.2.

Changelog

Sourced from com.nimbusds:nimbus-jose-jwt's changelog.

10.0.2 (2025-02-25) * Updates JSONObjectUtils.parse and JSONArrayUtils.parse to reject JSON strings with object and array nesting deeper than 255. This is intended to prevent StackOverflowError's in Gson when a parsed JSON string with excessive nesting is serialised, for example to log the claims of a parsed JWT. Note that in Gson the JSON reader is not susceptible to StackOverflowError's, only the serialisation. The nesting limit of depth 255 is introduced in Gson 2.12.0 (iss #583). * Updates GSon to 2.12.1.

10.1 (2025-04-03) * Restores module-info.java. * Adds ExpiredJWTException extends BadJWTException to enable easy programmatic detection whether a JWT has expired (iss #585). * Adds URLBasedJWKSetSource getJWKSetURL and getResourceRetriever methods to ease class extension.

10.2 (2025-04-07) * Gson is made a direct instead of a shaded dependency to address module issues introduced in 10.1 (iss #550).

Commits
  • bcfaf09 [maven-release-plugin] prepare for next development iteration
  • 05e8b9a Change log 10.0.2 updates
  • 729f58b re-add module-info.java
  • b688e46 Edits X509CertChainUtilsTest.testParse_includeUnderlyingCertificateException ...
  • a6a0865 Merge branch 'master' into module-info
  • a655497 Merged in module-info (pull request #125)
  • 9fd3662 Edits CHANGELOG.txt
  • 40a33d2 Adds ExpiredJWTException extends BadJWTException to enable easy programmatic ...
  • 5b5530f Adds URLBasedJWKSetSource getJWKSetURL and getResourceRetriever methods
  • 5586970 Release version 10.1
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot @github
Copy link
Author

dependabot bot commented on behalf of github Apr 14, 2025

Labels

The following labels could not be found: dependabot. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Apr 14, 2025
@dependabot dependabot bot requested a review from mch2 as a code owner April 14, 2025 03:09
@dependabot dependabot bot force-pushed the dependabot/gradle/plugins/repository-azure/com.nimbusds-nimbus-jose-jwt-10.2 branch from 35df8f6 to 71213f0 Compare May 1, 2025 18:17
@dependabot
Bump com.nimbusds:nimbus-jose-jwt in /plugins/repository-azure
4f87be7 
Bumps [com.nimbusds:nimbus-jose-jwt](https://bitbucket.org/connect2id/nimbus-jose-jwt) from 10.0.2 to 10.2.
- [Changelog](https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt)
- [Commits](https://bitbucket.org/connect2id/nimbus-jose-jwt/branches/compare/10.2..10.0.2)

---
updated-dependencies:
- dependency-name: com.nimbusds:nimbus-jose-jwt
  dependency-version: '10.2'
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/gradle/plugins/repository-azure/com.nimbusds-nimbus-jose-jwt-10.2 branch from 71213f0 to 4f87be7 Compare May 9, 2025 18:01
@dependabot @github
Copy link
Author

dependabot bot commented on behalf of github May 12, 2025

Superseded by #331.

@dependabot dependabot bot closed this May 12, 2025
@dependabot dependabot bot deleted the dependabot/gradle/plugins/repository-azure/com.nimbusds-nimbus-jose-jwt-10.2 branch May 12, 2025 03:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mch2 mch2 Awaiting requested review from mch2

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants