Skip to content

Bump com.nimbusds:nimbus-jose-jwt from 10.1 to 10.7 in /prime-router#18835

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/gradle/prime-router/com.nimbusds-nimbus-jose-jwt-10.7
Closed

Bump com.nimbusds:nimbus-jose-jwt from 10.1 to 10.7 in /prime-router#18835
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/gradle/prime-router/com.nimbusds-nimbus-jose-jwt-10.7

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Feb 1, 2026

Bumps com.nimbusds:nimbus-jose-jwt from 10.1 to 10.7.

Changelog

Sourced from com.nimbusds:nimbus-jose-jwt's changelog.

10.1 (2025-04-03) * Restores module-info.java. * Adds ExpiredJWTException extends BadJWTException to enable easy programmatic detection whether a JWT has expired (iss #585). * Adds URLBasedJWKSetSource getJWKSetURL and getResourceRetriever methods to ease class extension.

10.2 (2025-04-07) * Gson is made a direct instead of a shaded dependency to address module issues introduced in 10.1 (iss #550).

10.3 (2025-05-09) * Restores the Gson shading, adding placeholder interfaces to prevent NoClassDefFoundError occurrences at runtime when the JAR is used on a module path (iss #550).

10.3.1 (2025-07-01) * OctetKeyPairGenerator with Curve.Ed25519 should use the provided SecureRandom (iss #590).

10.4 (2025-07-19) * Creates a hierarchy of Option interfaces, extended by JWSSignerOption, JWEEncrypterOption and JWEDecrypterOption. Intended to provide optional configuration parameters to RSASSASigner, ECDSASigner, RSADecrypter, etc. * Introduces CipherMode implementing JWEEncrypterOption and JWEDecrypterOption, to specify a preferred JCA Cipher mode, such as MODE_ENCRYPT / MODE_DECRYPT when the default MODE_WRAP / MODE_UNWRAP is not supported by the JCA provider (iss #576). * Updates RSAEncrypter and RSADecrypter to support the JWEEncrypterOption CipherMode.ENCRYPT_DECRYPT (iss #576). * Factors out OptionUtils.ensureMinRSAPrivateKeySize. * Deprecates OptionUtils.optionIsPresent.

10.4.1 (2025-08-05) * Adds "requires java.sql" to module com.nimbusds.jose.jwt (iss #595).

10.4.2 (2025-08-14) * Updates GSon to 2.13.1. * Updates BouncyCastle to 1.81.

10.5 (2025-09-05) * Support for specifying a ScheduledExecutorService instance in RefreshAheadCachingJWKSetSource and JWKSourceBuilder (iss #592).

10.6 (2025-11-06) * Adds static CollectionUtils.containsNull(Set) method. * DefaultJWTClaimsVerifier accepted "aud" (audience) argument must be compatible with Set.of (iss #499). * The DefaultJWTClaimsVerifier must not include JWT claim values in BadJWTException messages (iss #605).

... (truncated)

Commits
  • 0f3191f [maven-release-plugin] prepare release 10.3.1
  • 63b1101 [maven-release-plugin] prepare for next development iteration
  • cd1345b Introduces CipherMode to specify a preferred JCA Cipher mode when the default...
  • 9799fd5 Fixes compile errors - generics (iss #576)
  • 73a8489 [maven-release-plugin] prepare release 10.4
  • adf2576 [maven-release-plugin] prepare for next development iteration
  • 436fb18 Add tests for JWKSourceBuilder and RefreshAheadCachingJWKSetSource
  • d4137db Adds "requires java.sql" to module com.nimbusds.jose.jwt (iss #595)
  • c6c8025 [maven-release-plugin] prepare release 10.4.1
  • e7c7a8c [maven-release-plugin] prepare for next development iteration
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump com.nimbusds:nimbus-jose-jwt from 10.1 to 10.7 in /prime-router
92606be 
Bumps [com.nimbusds:nimbus-jose-jwt](https://bitbucket.org/connect2id/nimbus-jose-jwt) from 10.1 to 10.7.
- [Changelog](https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt)
- [Commits](https://bitbucket.org/connect2id/nimbus-jose-jwt/branches/compare/10.7..10.1)

---
updated-dependencies:
- dependency-name: com.nimbusds:nimbus-jose-jwt
  dependency-version: '10.7'
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Feb 1, 2026
@dependabot dependabot Bot requested a review from a team as a code owner February 1, 2026 08:19
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Feb 1, 2026
@dependabot dependabot Bot mentioned this pull request Feb 1, 2026
Closed
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Feb 1, 2026

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

@scott-aquia
Copy link
Copy Markdown
Collaborator

scott-aquia commented Feb 1, 2026

Snyk checks have passed. No issues have been found so far.

Status Scanner Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Feb 20, 2026

Superseded by #18879.

@dependabot dependabot Bot closed this Feb 20, 2026
@dependabot dependabot Bot deleted the dependabot/gradle/prime-router/com.nimbusds-nimbus-jose-jwt-10.7 branch February 20, 2026 22:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@JFisk42 JFisk42

@victor-chaparro victor-chaparro

Labels

dependencies Pull requests that update a dependency file java Pull requests that update Java code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@scott-aquia @JFisk42 @victor-chaparro