Skip to content

HDDS-15742. Bump nimbus-jose-jwt to 10.9.1#10662

Merged
adoroszlai merged 1 commit into
masterfrom
dependabot-maven-com.nimbusds-nimbus-jose-jwt-10.9.1
Jul 4, 2026
Merged

HDDS-15742. Bump nimbus-jose-jwt to 10.9.1#10662
adoroszlai merged 1 commit into
masterfrom
dependabot-maven-com.nimbusds-nimbus-jose-jwt-10.9.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 4, 2026

Copy link
Copy Markdown
Contributor

Bumps com.nimbusds:nimbus-jose-jwt from 10.4 to 10.9.1.

Changelog

Sourced from com.nimbusds:nimbus-jose-jwt's changelog.

version 1.0 (2012-03-01)

  • First version based on the OpenInfoCard JWT, JWS and JWE code base.

version 1.1 (2012-03-06)

  • Introduces type-safe enumeration of the JSON Web Algorithms (JWA).
  • Refactors the JWT class.

version 1.2 (2012-03-08)

  • Moves JWS and JWE code into separate classes.

version 1.3 (2012-03-09)

  • Switches to Apache Commons Codec for Base64URL encoding and decoding
  • Consolidates the crypto utilities within the package.
  • Introduces a JWT content serialiser class.

version 1.4 (2012-03-09)

  • Refactoring of JWT class and JUnit tests.

version 1.5 (2012-03-18)

  • Switches to JSON Smart for JSON serialisation and parsing.
  • Introduces claims set class with JSON objects, string, Base64URL and byte array views.

version 1.6 (2012-03-20)

  • Creates class for representing, serialising and parsing JSON Web Keys (JWK).
  • Introduces separate class for representing JWT headers.

version 1.7 (2012-04-01)

  • Introduces separate classes for plain, JWS and JWE headers.
  • Introduces separate classes for plain, signed and encrypted JWTs.
  • Removes the JWTContent class.
  • Removes password-based (PE820) encryption support.

version 1.8 (2012-04-03)

  • Adds support for the ZIP JWE header parameter.
  • Removes unsupported algorithms from the JWA enumeration.

version 1.9 (2012-04-03)

  • Renames JWEHeader.{get|set}EncryptionAlgorithm() to JWEHeader.{get|set}EncryptionMethod().

version 1.9.1 (2012-04-03)

  • Upgrades JSON Smart JAR to 1.1.1.

version 1.10 (2012-04-14)

  • Introduces serialize() method to base abstract JWT class.

version 1.11 (2012-05-13)

  • JWT.serialize() throws checked JWTException instead of

... (truncated)

Commits
  • b33b54b Bumps GSon and BouncyCastle
  • 3eeaada [maven-release-plugin] prepare release 10.4.2
  • 2aa473f [maven-release-plugin] prepare for next development iteration
  • d52acf5 Merged in iss592 (pull request #129)
  • d1834c6 JWKSourceBuilderTest must target Java 7
  • 5fb46ee Change log for 10.5, JavaDoc edits (iss #592)
  • 724be14 RefreshAheadCachingJWKSetSource JavaDoc markup fix (iss #592)
  • 6be3a17 [maven-release-plugin] prepare release 10.5
  • dacdb14 [maven-release-plugin] prepare for next development iteration
  • d5b9c10 Documents truncation and rounding for float and double getters in JWTClaimsSet
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [com.nimbusds:nimbus-jose-jwt](https://bitbucket.org/connect2id/nimbus-jose-jwt) from 10.4 to 10.9.1.
- [Changelog](https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt)
- [Commits](https://bitbucket.org/connect2id/nimbus-jose-jwt/branches/compare/10.9.1..10.4)

---
updated-dependencies:
- dependency-name: com.nimbusds:nimbus-jose-jwt
  dependency-version: 10.9.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Jul 4, 2026
@adoroszlai adoroszlai changed the title Bump com.nimbusds:nimbus-jose-jwt from 10.4 to 10.9.1 HDDS-15742. Bump nimbus-jose-jwt to 10.9.1 Jul 4, 2026
@adoroszlai

Copy link
Copy Markdown
Contributor
10.4.1 (2025-08-05)
    * Adds "requires java.sql" to module com.nimbusds.jose.jwt (iss #595).

10.4.2 (2025-08-14)
    * Updates GSon to 2.13.1.
    * Updates BouncyCastle to 1.81.

10.5 (2025-09-05)
    * Support for specifying a ScheduledExecutorService instance in
      RefreshAheadCachingJWKSetSource and JWKSourceBuilder (iss #592).

10.6 (2025-11-06)
    * Adds static CollectionUtils.containsNull(Set) method.
    * DefaultJWTClaimsVerifier accepted "aud" (audience) argument must be
      compatible with Set.of (iss #499).
    * The DefaultJWTClaimsVerifier must not include JWT claim values in
      BadJWTException messages (iss #605).

10.7 (2026-01-08)
    * Adds MaxCompressedCipherTextLength that implements JWEDecrypterOption, to
      to configure the maximum allowed length of compressed cipher text.
    * Adds JWEObject.decrypt(JWEDecrypter, Set<JWEDecrypterOption>) method to
      support the MaxCompressedCipherTextLength option.

10.8 (2026-02-19)
    * Adds a PasswordBasedDecrypter(byte[], Set<String>) constructor to specify
      names of the critical header parameters that are deferred to the
      application for processing. Aligns with other JWEDecrypter and
      CriticalHeaderParamsAware implementations (iss #610).
    * Fixes getDeferredCriticalHeaderParams() in AESDecrypter, DirectDecrypter,
      RSADecrypter, ECDHDecrypter, X25519Decrypter, ECDH1PUDecrypter,
      ECDH1PUX25519Decrypter, MultiDecrypter, MACVerifier, ECDSAVerifier and
      Ed25519Verifier. Must internally call
      critPolicy.getDeferredCriticalHeaderParams(), not
      critPolicy.getProcessedCriticalHeaderParams() (iss #612).

10.9 (2026-04-02)
    * Adds X509CertUtils.computeSHA1Thumbprint(X509Certificate) method to
      compute the SHA-1 thumbprint of an X.509 certificate for the "x5t" (X.509
      certificate SHA-1 thumbprint) JWK and JOSE header parameter.

10.9.1 (2026-05-31)
    * Fixes health status reporting when RefreshAheadCachingJWKSetSource,
      JWKSetSourceWithHealthStatusReporting and OutageTolerantJWKSetSource are
      used together. A failed refresh-ahead background update could previously
      cause JWKSetSourceWithHealthStatusReporting to mark the JWK set source as
      UNHEALTHY, even though OutageTolerantJWKSetSource was still within its
      configured outage tolerance window and regular JWT validation could
      continue using the cached JWK set. Refresh-ahead failures that are
      covered by outage tolerance no longer cause the health status to become
      unhealthy before the outage tolerance period has been exceeded (iss
      #619).

https://bitbucket.org/connect2id/nimbus-jose-jwt/raw/e055b3bf56bf379cf1ad0b804fe167cdd28ef445/CHANGELOG.txt

@adoroszlai adoroszlai merged commit d1bbec9 into master Jul 4, 2026
45 of 46 checks passed
@dependabot dependabot Bot deleted the dependabot-maven-com.nimbusds-nimbus-jose-jwt-10.9.1 branch July 4, 2026 14:58
errose28 added a commit to errose28/ozone that referenced this pull request Jul 7, 2026
* master: (519 commits)
  HDDS-14544. OM DB Insights: Duplicate API calls triggered when changing limit selector (apache#10677).
  HDDS-15587. [Recon] Show 0 for offline DN pending deletion instead of -1 (apache#10585).
  HDDS-15521. StreamBlockInputStream fails with TimeoutIOException without retry or failover. (apache#10479)
  HDDS-15170. Add mock-based unit tests for DataStream write path (apache#10230)
  HDDS-15552. Ratis events should not be published as metrics (apache#10523)
  HDDS-15746. Bump kerby to 2.1.2 (apache#10666)
  HDDS-15579. Replace SimpleSpanProcessor with BatchSpanProcessor (apache#10569)
  HDDS-15747. Address review comments for HDDS-15083 (apache#10669)
  HDDS-15732. Some ozone commands ignore OZONE_MODULE_ACCESS_ARGS (apache#10655)
  HDDS-15605. Fix flaky testContainerExclusionWithClosedContainerException (apache#10621)
  HDDS-11855. Fix flaky TestContainerBalancerDatanodeNodeLimit#checkIterationResultException (apache#10667)
  HDDS-15741. Bump awssdk to 2.46.17 (apache#10661)
  HDDS-10307. Speed up TestOzoneManagerHAWithStoppedNodes (apache#10658)
  HDDS-15651. Test case for DiskBalancer when markContainerForDelete fails (apache#10593)
  HDDS-15742. Bump nimbus-jose-jwt to 10.9.1 (apache#10662)
  HDDS-15719. Add check for allowed action usage in workflows (apache#10641)
  HDDS-15744. Bump javassist to 3.32.0-GA (apache#10665)
  HDDS-15737. Fix intermittent failure in balancerShouldOnlySelectConfiguredIncludeContainers (apache#10660)
  HDDS-15743. Bump gson to 2.14.0 (apache#10664)
  HDDS-11093. Fix intermittent failure in TestContainerBalancerDatanodeNodeLimit#testMetrics (apache#10659)
  ...

Conflicts:
hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/container/ozoneimpl/ContainerScanHelper.java
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file java Pull requests that update Java code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant