prime-reportstream icon indicating copy to clipboard operation
prime-reportstream copied to clipboard
verified publisher icon CDCgov

Bump com.nimbusds:nimbus-jose-jwt from 10.1 to 10.3 in /prime-router

Open dependabot[bot] opened this issue 7 months ago • 7 comments

Bumps com.nimbusds:nimbus-jose-jwt from 10.1 to 10.3.

Changelog

Sourced from com.nimbusds:nimbus-jose-jwt's changelog.

10.1 (2025-04-03) * Restores module-info.java. * Adds ExpiredJWTException extends BadJWTException to enable easy programmatic detection whether a JWT has expired (iss #585). * Adds URLBasedJWKSetSource getJWKSetURL and getResourceRetriever methods to ease class extension.

10.2 (2025-04-07) * Gson is made a direct instead of a shaded dependency to address module issues introduced in 10.1 (iss #550).

10.3 (2025-05-09) * Restores the Gson shading, adding placeholder interfaces to prevent NoClassDefFoundError occurrences at runtime when the JAR is used on a module path (iss #550).

Commits
  • 62b01de [maven-release-plugin] prepare for next development iteration
  • ecd1f8f don't shade GSON
  • e59e3d2 public API doesn't expose GSON → remove transitive
  • 650869d Merged in feature/gson-regular-dependency (pull request #126)
  • e52dc1e Change log for 10.2
  • 1690d5a Clarifies 10.2 iss #550 fix
  • 3fbd750 [maven-release-plugin] prepare release 10.2
  • a988a2d [maven-release-plugin] prepare for next development iteration
  • 5fa1dc9 shade gson again
  • 800db7b Merged in feature/shaded-gson (pull request #127)
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependabot[bot] avatar May 11 '25 07:05 dependabot[bot]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

github-actions[bot] avatar May 11 '25 07:05 github-actions[bot]

If this is in /shared, then we probably want to look into if it's even needed here.

adegolier avatar May 14 '25 16:05 adegolier

@dependabot rebase

adegolier avatar May 15 '25 15:05 adegolier

:white_check_mark: Snyk checks have passed. No issues have been found so far.

Status Scanner Critical High Medium Low Total (0)
:white_check_mark: Open Source Security 0 0 0 0 0 issues

:computer: Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

scott-aquia avatar May 15 '25 15:05 scott-aquia

Test Results

1 323 tests  ±0   1 318 :white_check_mark: ±0   7m 47s :stopwatch: -10s   172 suites ±0       5 :zzz: ±0    172 files   ±0       0 :x: ±0 

Results for commit 6477c7e2. ± Comparison against base commit f17c9f76.

:recycle: This comment has been updated with latest results.

github-actions[bot] avatar May 15 '25 16:05 github-actions[bot]

Integration Test Results

 60 files  ±0   60 suites  ±0   37m 21s :stopwatch: -28s 428 tests ±0  418 :white_check_mark: ±0  10 :zzz: ±0  0 :x: ±0  431 runs  ±0  421 :white_check_mark: ±0  10 :zzz: ±0  0 :x: ±0 

Results for commit 6477c7e2. ± Comparison against base commit f17c9f76.

:recycle: This comment has been updated with latest results.

github-actions[bot] avatar May 15 '25 16:05 github-actions[bot]

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

sonarqubecloud[bot] avatar May 15 '25 22:05 sonarqubecloud[bot]

A newer version of com.nimbusds:nimbus-jose-jwt exists, but since this PR has been edited by someone other than Dependabot I haven't updated it. You'll get a PR for the updated version as normal once this PR is merged.

dependabot[bot] avatar Aug 01 '25 07:08 dependabot[bot]

@dependabot recreate

jack-h-wang avatar Dec 08 '25 20:12 jack-h-wang