Skip to content

Bump com.nimbusds:nimbus-jose-jwt from 10.6 to 10.8#2547

Merged
acoburn merged 1 commit intomainfrom
dependabot/maven/com.nimbusds-nimbus-jose-jwt-10.8
Mar 18, 2026
Merged

Bump com.nimbusds:nimbus-jose-jwt from 10.6 to 10.8#2547
acoburn merged 1 commit intomainfrom
dependabot/maven/com.nimbusds-nimbus-jose-jwt-10.8

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 18, 2026
edited
Loading

Bumps com.nimbusds:nimbus-jose-jwt from 10.6 to 10.8.

Changelog

Sourced from com.nimbusds:nimbus-jose-jwt's changelog.

10.6 (2025-11-06) * Adds static CollectionUtils.containsNull(Set) method. * DefaultJWTClaimsVerifier accepted "aud" (audience) argument must be compatible with Set.of (iss #499). * The DefaultJWTClaimsVerifier must not include JWT claim values in BadJWTException messages (iss #605).

10.7 (2026-01-08) * Adds MaxCompressedCipherTextLength that implements JWEDecrypterOption, to to configure the maximum allowed length of compressed cipher text. * Adds JWEObject.decrypt(JWEDecrypter, Set) method to support the MaxCompressedCipherTextLength option.

10.8 (2026-02-19) * Adds a PasswordBasedDecrypter(byte[], Set) constructor to specify names of the critical header parameters that are deferred to the application for processing. Aligns with other JWEDecrypter and CriticalHeaderParamsAware implementations (iss #610). * Fixes getDeferredCriticalHeaderParams() in AESDecrypter, DirectDecrypter, RSADecrypter, ECDHDecrypter, X25519Decrypter, ECDH1PUDecrypter, ECDH1PUX25519Decrypter, MultiDecrypter, MACVerifier, ECDSAVerifier and Ed25519Verifier. Must internally call critPolicy.getDeferredCriticalHeaderParams(), not critPolicy.getProcessedCriticalHeaderParams() (iss #612).

11.0 (2026-03-01) * Compile source and target bumped from Java 7 to Java 8. * Adds JSONObjectUtils.getEpochSecondAsInstant static method.

Commits
  • 6a6d0b3 [maven-release-plugin] prepare for next development iteration
  • 72ba7d2 Add configurable max compressed cipher text length for JWE decryption (iss #570)
  • 74d1dd1 Merged in feature/configurable-max-compressed-ciphertext-length (pull request...
  • 1b4a3eb Edits JavaDocs, CHANGELOG.txt for 10.7 release
  • 9f4752d Adds casts to tests
  • ebdea4e [maven-release-plugin] prepare release 10.7
  • 9509dc5 [maven-release-plugin] prepare for next development iteration
  • 0e27c9c Adds a PasswordBasedDecrypter(byte[], Set<String>) constructor to specify nam...
  • decee47 Fixes getDeferredCriticalHeaderParams() in AESDecrypter, DirectDecrypter, RSA...
  • b8d40c9 [maven-release-plugin] prepare release 10.8
  • See full diff in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Mar 18, 2026
@dependabot dependabot bot requested a review from a team as a code owner March 18, 2026 17:15
@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Mar 18, 2026
@dependabot dependabot bot force-pushed the dependabot/maven/com.nimbusds-nimbus-jose-jwt-10.8 branch from 68007d4 to edd924a Compare March 18, 2026 18:56
@acoburn acoburn enabled auto-merge (squash) March 18, 2026 18:57
@dependabot dependabot bot force-pushed the dependabot/maven/com.nimbusds-nimbus-jose-jwt-10.8 branch 2 times, most recently from 3f44a02 to c2f2f7a Compare March 18, 2026 19:09
@dependabot
Bump com.nimbusds:nimbus-jose-jwt from 10.6 to 10.8
7eb26dd 
Bumps [com.nimbusds:nimbus-jose-jwt](https://bitbucket.org/connect2id/nimbus-jose-jwt) from 10.6 to 10.8.
- [Changelog](https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt)
- [Commits](https://bitbucket.org/connect2id/nimbus-jose-jwt/branches/compare/10.8..10.6)

---
updated-dependencies:
- dependency-name: com.nimbusds:nimbus-jose-jwt
  dependency-version: '10.8'
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/maven/com.nimbusds-nimbus-jose-jwt-10.8 branch from c2f2f7a to 7eb26dd Compare March 18, 2026 19:16
@acoburn acoburn merged commit 1431832 into main Mar 18, 2026
7 checks passed
@acoburn acoburn deleted the dependabot/maven/com.nimbusds-nimbus-jose-jwt-10.8 branch March 18, 2026 19:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@acoburn acoburn acoburn approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file java Pull requests that update Java code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@acoburn