Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Bump com.nimbusds:nimbus-jose-jwt from 9.40 to 9.41 #944

Merged

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Sep 10, 2024

Bumps com.nimbusds:nimbus-jose-jwt from 9.40 to 9.41.

Changelog

Sourced from com.nimbusds:nimbus-jose-jwt's changelog.

9.41 (2024-09-10) * JWEHeader receives typed support for the "iss" (issuer), "sub" (subject) and "aud" (audience) claims as replicated JWE header parameters. * Updates the JWE encryption with "PBES2-HS256+A128KW", "PBES2-HS384+A192KW" and "PBES2-HS512+A256KW" to use a JCA provider instead of a local PBKDF2 implementation. "PBKDF2WithHmacSHA256" support is available since Java 8 and Android API level 26 (iss #561). * For "RSA-OAEP" and "RSA-OAEP-256" the cipher mode should be either WRAP or UNWRAP, not ENCRYPT or DECRYPT. Otherwise it will throw an exception when used with a FIPS provider (iss #564).

Commits
  • 81efe49 [maven-release-plugin] prepare for next development iteration
  • 2c2587a JWEHeader receives support for the iss, sub and aud claims as replicated head...
  • ba873c3 Adds Maven org.owasp:dependency-check-maven:10.0.3 plugin
  • c383556 Key derivation changed to use standard java.security API
  • fde898f ISSUE-564 For CEK keywrap , cipher mode should be wither WRAP or UNWRAP. It w...
  • 397e062 Merged in ISSUE-564--incorrect-usage-of-CIPHER-MODES (pull request #121)
  • 0ab8280 Adds change log for iss #564)
  • 9b42b43 Fixes change log
  • a2fa965 Unifies the RSA_OAEP_SHA2.encryptCEK error message on invalid key (size) (iss...
  • 1a4f9b5 Merged in ISSUE-561 (pull request #120)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [com.nimbusds:nimbus-jose-jwt](https://bitbucket.org/connect2id/nimbus-jose-jwt) from 9.40 to 9.41.
- [Changelog](https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt)
- [Commits](https://bitbucket.org/connect2id/nimbus-jose-jwt/branches/compare/9.41..9.40)

---
updated-dependencies:
- dependency-name: com.nimbusds:nimbus-jose-jwt
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot requested a review from a team as a code owner September 10, 2024 14:28
@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Sep 10, 2024
@github-actions github-actions bot enabled auto-merge (squash) September 10, 2024 14:28
@github-actions github-actions bot merged commit dbb418b into master Sep 10, 2024
2 checks passed
@github-actions github-actions bot deleted the dependabot/maven/com.nimbusds-nimbus-jose-jwt-9.41 branch September 10, 2024 14:30
# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
dependencies Pull requests that update a dependency file java Pull requests that update Java code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants