Skip to content

Bump com.nimbusds:nimbus-jose-jwt from 10.5 to 10.8#8997

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/gradle/com.nimbusds-nimbus-jose-jwt-10.8
Closed

Bump com.nimbusds:nimbus-jose-jwt from 10.5 to 10.8#8997
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/gradle/com.nimbusds-nimbus-jose-jwt-10.8

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Mar 1, 2026
edited
Loading

Bumps com.nimbusds:nimbus-jose-jwt from 10.5 to 10.8.

Changelog

Sourced from com.nimbusds:nimbus-jose-jwt's changelog.

10.5 (2025-09-05) * Support for specifying a ScheduledExecutorService instance in RefreshAheadCachingJWKSetSource and JWKSourceBuilder (iss #592).

10.6 (2025-11-06) * Adds static CollectionUtils.containsNull(Set) method. * DefaultJWTClaimsVerifier accepted "aud" (audience) argument must be compatible with Set.of (iss #499). * The DefaultJWTClaimsVerifier must not include JWT claim values in BadJWTException messages (iss #605).

10.7 (2026-01-08) * Adds MaxCompressedCipherTextLength that implements JWEDecrypterOption, to to configure the maximum allowed length of compressed cipher text. * Adds JWEObject.decrypt(JWEDecrypter, Set) method to support the MaxCompressedCipherTextLength option.

10.8 (2026-02-19) * Adds a PasswordBasedDecrypter(byte[], Set) constructor to specify names of the critical header parameters that are deferred to the application for processing. Aligns with other JWEDecrypter and CriticalHeaderParamsAware implementations (iss #610). * Fixes getDeferredCriticalHeaderParams() in AESDecrypter, DirectDecrypter, RSADecrypter, ECDHDecrypter, X25519Decrypter, ECDH1PUDecrypter, ECDH1PUX25519Decrypter, MultiDecrypter, MACVerifier, ECDSAVerifier and Ed25519Verifier. Must internally call critPolicy.getDeferredCriticalHeaderParams(), not critPolicy.getProcessedCriticalHeaderParams() (iss #612).

11.0 (2026-03-01) * Compile source and target bumped from Java 7 to Java 8. * Adds JWTClaimsSet.getInstantClaims, getExpirationInstant, getNotBeforeInstant and getIssueInstant methods. Adds JWTClaimsSet.Builder.expirationInstant, notBeforeInstant and issueInstant methods. * Adds JWKSet.getKeysByAlgorithm(JWSAlgorithm) method. * Adds JWKSet.getKeysByAlgorithm(JWSAlgorithm,) * Adds JSONObjectUtils.getEpochSecondAsInstant static method.

Commits
  • dacdb14 [maven-release-plugin] prepare for next development iteration
  • d5b9c10 Documents truncation and rounding for float and double getters in JWTClaimsSet
  • 86011d2 The DefaultJWTClaimsVerifier must not include JWT claim values in BadJWTExcep...
  • 1079a45 Adds JSONObjectUtilsTest.testParseObjectDuplicateMember_object (iss #603)
  • 78e86f8 DefaultJWTClaimsVerifier accepted "aud" (audience) argument must be compatibl...
  • d4c1e05 [maven-release-plugin] prepare release 10.6
  • 6a6d0b3 [maven-release-plugin] prepare for next development iteration
  • 72ba7d2 Add configurable max compressed cipher text length for JWE decryption (iss #570)
  • 74d1dd1 Merged in feature/configurable-max-compressed-ciphertext-length (pull request...
  • 1b4a3eb Edits JavaDocs, CHANGELOG.txt for 10.7 release
  • Additional commits viewable in compare view

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Mar 1, 2026
@dependabot dependabot Bot requested a review from mandy-chessell as a code owner March 1, 2026 03:03
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Mar 1, 2026
@dependabot dependabot Bot mentioned this pull request Mar 1, 2026
Closed
@dependabot dependabot Bot force-pushed the dependabot/gradle/com.nimbusds-nimbus-jose-jwt-10.8 branch from 79a8a91 to c009bd8 Compare March 3, 2026 15:11
@dependabot dependabot Bot force-pushed the dependabot/gradle/com.nimbusds-nimbus-jose-jwt-10.8 branch from c009bd8 to 9c312ea Compare March 10, 2026 18:05
@dependabot dependabot Bot force-pushed the dependabot/gradle/com.nimbusds-nimbus-jose-jwt-10.8 branch 3 times, most recently from 5e5f938 to 11da569 Compare March 25, 2026 16:11
@dependabot
Bump com.nimbusds:nimbus-jose-jwt from 10.5 to 10.8
56fa495 
Bumps [com.nimbusds:nimbus-jose-jwt](https://bitbucket.org/connect2id/nimbus-jose-jwt) from 10.5 to 10.8.
- [Changelog](https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt)
- [Commits](https://bitbucket.org/connect2id/nimbus-jose-jwt/branches/compare/10.8..10.5)

---
updated-dependencies:
- dependency-name: com.nimbusds:nimbus-jose-jwt
  dependency-version: '10.8'
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/gradle/com.nimbusds-nimbus-jose-jwt-10.8 branch from 11da569 to 56fa495 Compare March 30, 2026 12:02
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 1, 2026

Superseded by #9054.

@dependabot dependabot Bot closed this May 1, 2026
@dependabot dependabot Bot deleted the dependabot/gradle/com.nimbusds-nimbus-jose-jwt-10.8 branch May 1, 2026 03:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mandy-chessell mandy-chessell Awaiting requested review from mandy-chessell mandy-chessell is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file java Pull requests that update Java code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants