Skip to content

chore(deps): Bump com.nimbusds:nimbus-jose-jwt from 10.3 to 10.9.1#237

Merged
Skobeltsyn merged 3 commits into
mainfrom
dependabot/gradle/com.nimbusds-nimbus-jose-jwt-10.9.1
Jul 9, 2026
Merged

chore(deps): Bump com.nimbusds:nimbus-jose-jwt from 10.3 to 10.9.1#237
Skobeltsyn merged 3 commits into
mainfrom
dependabot/gradle/com.nimbusds-nimbus-jose-jwt-10.9.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 23, 2026

Copy link
Copy Markdown
Contributor

Bumps com.nimbusds:nimbus-jose-jwt from 10.3 to 10.9.1.

Changelog

Sourced from com.nimbusds:nimbus-jose-jwt's changelog.

version 1.0 (2012-03-01)

  • First version based on the OpenInfoCard JWT, JWS and JWE code base.

version 1.1 (2012-03-06)

  • Introduces type-safe enumeration of the JSON Web Algorithms (JWA).
  • Refactors the JWT class.

version 1.2 (2012-03-08)

  • Moves JWS and JWE code into separate classes.

version 1.3 (2012-03-09)

  • Switches to Apache Commons Codec for Base64URL encoding and decoding
  • Consolidates the crypto utilities within the package.
  • Introduces a JWT content serialiser class.

version 1.4 (2012-03-09)

  • Refactoring of JWT class and JUnit tests.

version 1.5 (2012-03-18)

  • Switches to JSON Smart for JSON serialisation and parsing.
  • Introduces claims set class with JSON objects, string, Base64URL and byte array views.

version 1.6 (2012-03-20)

  • Creates class for representing, serialising and parsing JSON Web Keys (JWK).
  • Introduces separate class for representing JWT headers.

version 1.7 (2012-04-01)

  • Introduces separate classes for plain, JWS and JWE headers.
  • Introduces separate classes for plain, signed and encrypted JWTs.
  • Removes the JWTContent class.
  • Removes password-based (PE820) encryption support.

version 1.8 (2012-04-03)

  • Adds support for the ZIP JWE header parameter.
  • Removes unsupported algorithms from the JWA enumeration.

version 1.9 (2012-04-03)

  • Renames JWEHeader.{get|set}EncryptionAlgorithm() to JWEHeader.{get|set}EncryptionMethod().

version 1.9.1 (2012-04-03)

  • Upgrades JSON Smart JAR to 1.1.1.

version 1.10 (2012-04-14)

  • Introduces serialize() method to base abstract JWT class.

version 1.11 (2012-05-13)

  • JWT.serialize() throws checked JWTException instead of

... (truncated)

Commits
  • b33b54b Bumps GSon and BouncyCastle
  • 3eeaada [maven-release-plugin] prepare release 10.4.2
  • 2aa473f [maven-release-plugin] prepare for next development iteration
  • d52acf5 Merged in iss592 (pull request #129)
  • d1834c6 JWKSourceBuilderTest must target Java 7
  • 5fb46ee Change log for 10.5, JavaDoc edits (iss #592)
  • 724be14 RefreshAheadCachingJWKSetSource JavaDoc markup fix (iss #592)
  • 6be3a17 [maven-release-plugin] prepare release 10.5
  • dacdb14 [maven-release-plugin] prepare for next development iteration
  • d5b9c10 Documents truncation and rounding for float and double getters in JWTClaimsSet
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [com.nimbusds:nimbus-jose-jwt](https://bitbucket.org/connect2id/nimbus-jose-jwt) from 10.3 to 10.9.1.
- [Changelog](https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt)
- [Commits](https://bitbucket.org/connect2id/nimbus-jose-jwt/branches/compare/10.9.1..10.3)

---
updated-dependencies:
- dependency-name: com.nimbusds:nimbus-jose-jwt
  dependency-version: 10.9.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update java code labels Jun 23, 2026
Skobeltsyn and others added 2 commits July 9, 2026 17:52
…sums

Dependabot bumped com.nimbusds:nimbus-jose-jwt 10.3 -> 10.9.1 and
refreshed the lockfiles but not gradle/verification-metadata.xml, so CI
failed dependency verification. Adds sha256 for the 10.9.1 jar + pom.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
# Conflicts:
#	agents-kt-whisper-jni/gradle.lockfile
@Skobeltsyn Skobeltsyn merged commit 4788f6c into main Jul 9, 2026
3 checks passed
@dependabot dependabot Bot deleted the dependabot/gradle/com.nimbusds-nimbus-jose-jwt-10.9.1 branch July 9, 2026 15:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file java Pull requests that update java code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant