Skip to content

[CORE-69]: Bump the minor-patch-dependencies group with 3 updates #425

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 7, 2025
Merged

[CORE-69]: Bump the minor-patch-dependencies group with 3 updates #425

merged 1 commit into from
Apr 7, 2025

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Apr 3, 2025

Bumps the minor-patch-dependencies group with 3 updates: com.nimbusds:nimbus-jose-jwt, bio.terra:terra-common-lib and org.webjars.npm:swagger-ui-dist.

Updates com.nimbusds:nimbus-jose-jwt from 10.0.2 to 10.1

Changelog

Sourced from com.nimbusds:nimbus-jose-jwt's changelog.

10.0.2 (2025-02-25) * Updates JSONObjectUtils.parse and JSONArrayUtils.parse to reject JSON strings with object and array nesting deeper than 255. This is intended to prevent StackOverflowError's in Gson when a parsed JSON string with excessive nesting is serialised, for example to log the claims of a parsed JWT. Note that in Gson the JSON reader is not susceptible to StackOverflowError's, only the serialisation. The nesting limit of depth 255 is introduced in Gson 2.12.0 (iss #583). * Updates GSon to 2.12.1.

10.1 (2025-04-03) * Restores module-info.java. * Adds ExpiredJWTException extends BadJWTException to enable easy programmatic detection whether a JWT has expired (iss #585). * Adds URLBasedJWKSetSource getJWKSetURL and getResourceRetriever methods to ease class extension.

Commits
  • bcfaf09 [maven-release-plugin] prepare for next development iteration
  • 05e8b9a Change log 10.0.2 updates
  • 729f58b re-add module-info.java
  • b688e46 Edits X509CertChainUtilsTest.testParse_includeUnderlyingCertificateException ...
  • a6a0865 Merge branch 'master' into module-info
  • a655497 Merged in module-info (pull request #125)
  • 9fd3662 Edits CHANGELOG.txt
  • 40a33d2 Adds ExpiredJWTException extends BadJWTException to enable easy programmatic ...
  • 5b5530f Adds URLBasedJWKSetSource getJWKSetURL and getResourceRetriever methods
  • 5586970 Release version 10.1
  • Additional commits viewable in compare view

Updates bio.terra:terra-common-lib from 1.1.39-SNAPSHOT to 1.1.40-SNAPSHOT

Updates org.webjars.npm:swagger-ui-dist from 5.20.2 to 5.20.3

Release notes

Sourced from org.webjars.npm:swagger-ui-dist's releases.

Swagger UI v5.20.3 Released!

5.20.3 (2025-04-02)

Bug Fixes

  • json-schema-2020-12: avoid accessing properties of null schemas (#10397) (d2fff7c)
Commits
  • ac4b549 chore(release): cut the v5.20.3 release
  • ba7b251 chore(deps): bump @​babel/runtime from 7.26.9 to 7.27.0 (#10398)
  • d2fff7c fix(json-schema-2020-12): avoid accessing properties of null schemas (#10397)
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
[CORE-69]: Bump the minor-patch-dependencies group with 3 updates
224dfbf 
Bumps the minor-patch-dependencies group with 3 updates: [com.nimbusds:nimbus-jose-jwt](https://bitbucket.org/connect2id/nimbus-jose-jwt), bio.terra:terra-common-lib and [org.webjars.npm:swagger-ui-dist](https://github.com/swagger-api/swagger-ui).


Updates `com.nimbusds:nimbus-jose-jwt` from 10.0.2 to 10.1
- [Changelog](https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt)
- [Commits](https://bitbucket.org/connect2id/nimbus-jose-jwt/branches/compare/10.1..10.0.2)

Updates `bio.terra:terra-common-lib` from 1.1.39-SNAPSHOT to 1.1.40-SNAPSHOT

Updates `org.webjars.npm:swagger-ui-dist` from 5.20.2 to 5.20.3
- [Release notes](https://github.com/swagger-api/swagger-ui/releases)
- [Changelog](https://github.com/swagger-api/swagger-ui/blob/master/.releaserc)
- [Commits](swagger-api/swagger-ui@v5.20.2...v5.20.3)

---
updated-dependencies:
- dependency-name: com.nimbusds:nimbus-jose-jwt
  dependency-version: '10.1'
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-patch-dependencies
- dependency-name: bio.terra:terra-common-lib
  dependency-version: 1.1.40-SNAPSHOT
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-patch-dependencies
- dependency-name: org.webjars.npm:swagger-ui-dist
  dependency-version: 5.20.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-patch-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot requested review from a team, marctalbott and kevinmarete and removed request for a team April 3, 2025 13:51
@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented Apr 3, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@marctalbott marctalbott merged commit 9902872 into master Apr 7, 2025
6 checks passed
@marctalbott marctalbott deleted the dependabot/gradle/master/minor-patch-dependencies-32d92725c6 branch April 7, 2025 13:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

@kevinmarete kevinmarete kevinmarete approved these changes

@marctalbott marctalbott Awaiting requested review from marctalbott marctalbott is a code owner automatically assigned from DataBiosphere/broad-core-services

Assignees
No one assigned
Labels
dependency gradle
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@kevinmarete @marctalbott