Bump com.nimbusds:nimbus-jose-jwt from 9.40 to 9.41

[dependabot]

Bumps com.nimbusds:nimbus-jose-jwt from 9.40 to 9.41.

Changelog

Sourced from com.nimbusds:nimbus-jose-jwt's changelog.

9.41 (2024-09-10) * JWEHeader receives typed support for the "iss" (issuer), "sub" (subject) and "aud" (audience) claims as replicated JWE header parameters. * Updates the JWE encryption with "PBES2-HS256+A128KW", "PBES2-HS384+A192KW" and "PBES2-HS512+A256KW" to use a JCA provider instead of a local PBKDF2 implementation. "PBKDF2WithHmacSHA256" support is available since Java 8 and Android API level 26 (iss #561). * For "RSA-OAEP" and "RSA-OAEP-256" the cipher mode should be either WRAP or UNWRAP, not ENCRYPT or DECRYPT. Otherwise it will throw an exception when used with a FIPS provider (iss #564).

Commits

• 81efe49 [maven-release-plugin] prepare for next development iteration
• 2c2587a JWEHeader receives support for the iss, sub and aud claims as replicated head...
• ba873c3 Adds Maven org.owasp:dependency-check-maven:10.0.3 plugin
• c383556 Key derivation changed to use standard java.security API
• fde898f ISSUE-564 For CEK keywrap , cipher mode should be wither WRAP or UNWRAP. It w...
• 397e062 Merged in ISSUE-564--incorrect-usage-of-CIPHER-MODES (pull request #121)
• 0ab8280 Adds change log for iss #564)
• 9b42b43 Fixes change log
• a2fa965 Unifies the RSA_OAEP_SHA2.encryptCEK error message on invalid key (size) (iss...
• 1a4f9b5 Merged in ISSUE-561 (pull request #120)
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[quarkus-bot]

/cc @Karm (securepipeline), @jerboaa (securepipeline)

[quarkus-bot]

Status for workflow Quarkus CI

This is the status report for running Quarkus CI on commit e2becd4.

✅ The latest workflow run for the pull request has completed successfully.

It should be safe to merge provided you have a look at the other checks in the summary.

You can consult the Develocity build scans.

---

Flaky tests - Develocity

⚙️ Native Tests - HTTP

📦 integration-tests/rest-client-reactive

✖ io.quarkus.it.rest.client.BasicTestIT.shouldCreateClientSpans - History

• expected: <1> but was: <2> - org.opentest4j.AssertionFailedError

org.opentest4j.AssertionFailedError: expected: <1> but was: <2>
	at io.quarkus.it.rest.client.BasicTest.shouldCreateClientSpans(BasicTest.java:216)
	at java.base/java.lang.reflect.Method.invoke(Method.java:569)
	at io.quarkus.test.junit.QuarkusTestExtension.interceptTestMethod(QuarkusTestExtension.java:810)
	at java.base/java.util.ArrayList.forEach(ArrayList.java:1511)
	at java.base/java.util.ArrayList.forEach(ArrayList.java:1511)