fix(deps): update dependency io.jsonwebtoken:jjwt-api to v0.12.7 (main) #287
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
0.12.6->0.12.7Release Notes
jwtk/jjwt (io.jsonwebtoken:jjwt-api)
v0.12.7Compare Source
This patch release:
Adds a new Maven BOM, useful for multi-module projects. See Issue 967.
Allows the
JwtParserBuilderto have empty nested algorithm collections, effectively disabling the parser's associated feature:zip()nested collection disables JWT decompression.sig()nested collection disables JWS mac/signature verification (i.e. all JWSs will be unsupported/rejected).enc()orkey()nested collections disables JWE decryption (i.e. all JWEs will be unsupported/rejected)See Issue 996.
Fixes bug 961 where
JwtParserBuildernested collection builders were not correctly replacing algorithms with the same id.Ensures a
JwkSet'skeyscollection is no longer entirely secret/redacted by default. This was an overzealous default that was unnecessarily restrictive; thekeyscollection itself should always be public, and each individual key within should determine which fields should be redacted when printed. See Issue 976.Improves performance slightly by ensuring all
jjwt-apiutility methods that create*Builderinstances (Jwts.builder(),Jwts.parserBuilder(),Jwks.builder(), etc) no longer use reflection.Instead,
staticfactories are created via reflection only once during initialjjwt-apiclassloading, and then*Builders are created via standard instantiation using thenewoperator thereafter. This also benefits certain environments that may not have idealClassLoaderimplementations (e.g. Tomcat in some cases).NOTE: because this changes which classes are loaded via reflection, any environments that must explicitly reference reflective class names (e.g. GraalVM applications) will need to be updated to reflect the new factory class names.
See Issue 988.
Upgrades the Gson dependency to
2.11.0Upgrades the BouncyCastle dependency to
1.78.1Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At 12:00 AM through 04:59 AM and 10:00 PM through 11:59 PM, Monday through Friday ( * 0-4,22-23 * * 1-5 ), Only on Sunday and Saturday ( * * * * 0,6 ) (UTC).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.