Can we trust this dependabot? l like the idea of automatically making updates as long as we can review and approve.
On Mon, Oct 28, 2019 at 3:18 PM GitBox <[email protected]> wrote: > dependabot[bot] opened a new pull request #601: Bump nimbus-jose-jwt from > 4.23 to 7.9 in /mp-jwt > URL: https://github.com/apache/tomee/pull/601 > > > Bumps [nimbus-jose-jwt]( > https://bitbucket.org/connect2id/nimbus-jose-jwt) from 4.23 to 7.9. > <details> > <summary>Changelog</summary> > > *Sourced from [nimbus-jose-jwt's changelog]( > https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt).* > > > version 1.0 (2012-03-01) > > * First version based on the OpenInfoCard JWT, JWS and JWE code > base. > > > > version 1.1 (2012-03-06) > > * Introduces type-safe enumeration of the JSON Web Algorithms > (JWA). > > * Refactors the JWT class. > > > > version 1.2 (2012-03-08) > > * Moves JWS and JWE code into separate classes. > > > > version 1.3 (2012-03-09) > > * Switches to Apache Commons Codec for Base64URL encoding and > decoding > > * Consolidates the crypto utilities within the package. > > * Introduces a JWT content serialiser class. > > > > version 1.4 (2012-03-09) > > * Refactoring of JWT class and JUnit tests. > > > > version 1.5 (2012-03-18) > > * Switches to JSON Smart for JSON serialisation and parsing. > > * Introduces claims set class with JSON objects, string, Base64URL > and > > byte array views. > > > > version 1.6 (2012-03-20) > > * Creates class for representing, serialising and parsing JSON Web > Keys > > (JWK). > > * Introduces separate class for representing JWT headers. > > > > version 1.7 (2012-04-01) > > * Introduces separate classes for plain, JWS and JWE headers. > > * Introduces separate classes for plain, signed and encrypted JWTs. > > * Removes the JWTContent class. > > * Removes password-based (PE820) encryption support. > > > > version 1.8 (2012-04-03) > > * Adds support for the ZIP JWE header parameter. > > * Removes unsupported algorithms from the JWA enumeration. > > > > version 1.9 (2012-04-03) > > * Renames JWEHeader.{get|set}EncryptionAlgorithm() to > > JWEHeader.{get|set}EncryptionMethod(). > > > > version 1.9.1 (2012-04-03) > > * Upgrades JSON Smart JAR to 1.1.1. > > > > version 1.10 (2012-04-14) > > * Introduces serialize() method to base abstract JWT class. > > > > version 1.11 (2012-05-13) > > * JWT.serialize() throws checked JWTException instead of > ></tr></table> ... (truncated) > </details> > <details> > <summary>Commits</summary> > > - [`10dce4f`]( > https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/10dce4f52d13f515ed20d48b94447d00b6b8fd6f) > b64 works with JWTClaimsSet > - [`40b1fcf`]( > https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/40b1fcfe368c6eb0eabd3ed61ba8e102e2a00d9c) > Adds new static X509CertUtils.parseWithException methods > - [`805fce1`]( > https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/805fce19a78544524a316c7bbb6568e25b41b9f3) > [maven-release-plugin] prepare release 7.6 > - [`1a72c5f`]( > https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/1a72c5fa8d2f0c44d39f7ad9d2418e6c7f3e5efa) > [maven-release-plugin] prepare for next development iteration > - [`af733f9`]( > https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/af733f963cc1e98949604c6776d22ccfd2cd66b7) > Changes JWSObject#serialize(boolean) method signature (iss [#320]( > https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/320)) > - [`d752e17`]( > https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/d752e177482d0bf3c42325731c3588dfe5958c03) > Merge branch 'fixB64' > - [`3fa65f3`]( > https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/3fa65f3e2c51d8158b0f63b789d031db0ebc7a9b) > Change log for 7.7 > - [`1abe7c2`]( > https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/1abe7c2ac5addbbefb5b3a061ff7e9c6df40ffa1) > [maven-release-plugin] prepare release 7.7 > - [`dd19a71`]( > https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/dd19a712b2b8c0f7c64cb6678cbf96f97d81553e) > [maven-release-plugin] prepare for next development iteration > - [`7f4dbc0`]( > https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/7f4dbc02f30147806cda74fea5127346c2704523) > Issue [#325](https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/325) > Enhancement: Add an optional proxy support to the DefaultResourceR... > - Additional commits viewable in [compare view]( > https://bitbucket.org/connect2id/nimbus-jose-jwt/branches/compare/7.9..4.23 > ) > </details> > <br /> > > [](https://help.github.com/articles/configuring-automated-security-fixes > ) > > Dependabot will resolve any conflicts with this PR as long as you don't > alter it yourself. You can also trigger a rebase manually by commenting > `@dependabot rebase`. > > [//]: # (dependabot-automerge-start) > [//]: # (dependabot-automerge-end) > > --- > > <details> > <summary>Dependabot commands and options</summary> > <br /> > > You can trigger Dependabot actions by commenting on this PR: > - `@dependabot rebase` will rebase this PR > - `@dependabot recreate` will recreate this PR, overwriting any edits > that have been made to it > - `@dependabot merge` will merge this PR after your CI passes on it > - `@dependabot squash and merge` will squash and merge this PR after > your CI passes on it > - `@dependabot cancel merge` will cancel a previously requested merge > and block automerging > - `@dependabot reopen` will reopen this PR if it is closed > - `@dependabot ignore this [patch|minor|major] version` will close this > PR and stop Dependabot creating any more for this minor/major version > (unless you reopen the PR or upgrade to it yourself) > - `@dependabot ignore this dependency` will close this PR and stop > Dependabot creating any more for this dependency (unless you reopen the PR > or upgrade to it yourself) > - `@dependabot use these labels` will set the current labels as the > default for future PRs for this repo and language > - `@dependabot use these reviewers` will set the current reviewers as > the default for future PRs for this repo and language > - `@dependabot use these assignees` will set the current assignees as > the default for future PRs for this repo and language > - `@dependabot use this milestone` will set the current milestone as > the default for future PRs for this repo and language > > You can disable automated security fix PRs for this repo from the > [Security Alerts page](https://github.com/apache/tomee/network/alerts). > > </details> > > ---------------------------------------------------------------- > This is an automated message from the Apache Git Service. > To respond to the message, please log on to GitHub and use the > URL above to go to the specific comment. > > For queries about this service, please contact Infrastructure at: > [email protected] > > > With regards, > Apache Git Services > -- Richard Monson-Haefel https://twitter.com/rmonson https://www.linkedin.com/in/monsonhaefel/
