Skip to content

Bump the backend-prod group across 2 directories with 6 updates#858

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/maven/backend-prod-9371206736
Closed

Bump the backend-prod group across 2 directories with 6 updates#858
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/maven/backend-prod-9371206736

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 22, 2025

Copy link
Copy Markdown
Contributor

Bumps the backend-prod group with 6 updates in the / directory:

Package From To
com.maxmind.geoip2:geoip2 4.2.1 4.3.0
com.nimbusds:oauth2-oidc-sdk 11.24 11.25
com.fasterxml.jackson.datatype:jackson-datatype-jdk8 2.18.3 2.19.0
com.fasterxml.jackson.datatype:jackson-datatype-jsr310 2.18.3 2.19.0
com.yubico:webauthn-server-core 2.6.0 2.7.0
com.fasterxml.jackson.core:jackson-databind 2.18.3 2.19.0

Bumps the backend-prod group with 6 updates in the /myconext-server directory:

Package From To
com.maxmind.geoip2:geoip2 4.2.1 4.3.0
com.nimbusds:oauth2-oidc-sdk 11.24 11.25
com.fasterxml.jackson.datatype:jackson-datatype-jdk8 2.18.3 2.19.0
com.fasterxml.jackson.datatype:jackson-datatype-jsr310 2.18.3 2.19.0
com.yubico:webauthn-server-core 2.6.0 2.7.0
com.fasterxml.jackson.core:jackson-databind 2.18.3 2.19.0

Updates com.maxmind.geoip2:geoip2 from 4.2.1 to 4.3.0

Release notes

Sourced from com.maxmind.geoip2:geoip2's releases.

4.3.0

  • Support for the GeoIP Anonymous Plus database has been added. To do a lookup in this database, use the anonymousPlus method on DatabaseReader.
  • getMetroCode in the Location model has been deprecated. The code values are no longer being maintained.
Changelog

Sourced from com.maxmind.geoip2:geoip2's changelog.

4.3.0 (2025-05-05)

  • Support for the GeoIP Anonymous Plus database has been added. To do a lookup in this database, use the anonymousPlus method on DatabaseReader.
  • getMetroCode in the Location model has been deprecated. The code values are no longer being maintained.
Commits
  • 2c404af [maven-release-plugin] prepare release v4.3.0
  • 5127abe update version number in README.md
  • 5deb060 Set release date
  • cb640a2 Update copyright years
  • 6834bcf Fix typo
  • 3314067 Merge pull request #549 from maxmind/dependabot/maven/com.puppycrawl.tools-ch...
  • ed6f9a4 Bump com.puppycrawl.tools:checkstyle from 10.23.0 to 10.23.1
  • 808f1ee Merge pull request #548 from maxmind/dependabot/maven/com.fasterxml.jackson.d...
  • 726f233 Bump com.fasterxml.jackson.datatype:jackson-datatype-jsr310
  • c1f47db Merge pull request #544 from maxmind/dependabot/maven/com.fasterxml.jackson.c...
  • Additional commits viewable in compare view

Updates com.nimbusds:oauth2-oidc-sdk from 11.24 to 11.25

Changelog

Sourced from com.nimbusds:oauth2-oidc-sdk's changelog.

version 1.0 (2012-05-29) * First official release with authorisation endpoint, token endpoint, check ID endpoint and UserInfo endpoint support. * JSON Web Tokens (JWTs) support through the Nimbus-JWT library. * Language Tags (RFC 5646) support through the Nimbus-LangTag library. * JSON support through the JSON Smart library.

version 2.0 (2013-05-13) * Intermediary development release with Maven build, published to Maven Central.

version 2.1 (2013-06-06) * Updates the APIs to OpenID Connect Messages draft 20, OpenID Connect Standard draft 21, OpenID Connect Discovery draft 17 and OpenID Connect Registration draft 19. * Major refactoring of the APIs for greater simplicity. * Adds JUnit tests.

version 2.2 (2013-06-18) * Refactors dynamic OpenID Connect client registration. * Adds partial support of the OAuth 2.0 Dynamic Client Registration Protocol (draft-ietf-oauth-dyn-reg-12). * Optimises parsing of request parameters consisting of one or more tokens (scope, response type, etc).

version 2.3 (2013-06-19) * Renames OAuth 2.0 dynamic client registration package. * Adds ClientInformation.getClientMetadata() method. * Adds OIDCClientInformation class.

version 2.4 (2013-06-20) * Adds static OIDCClientInformation.parse(JSONObject) method.

version 2.5 (2013-06-22) * Adds support OAuth 2.0 dynamic client update. * Adds OpenID Connect dynamic client registration classes.

version 2.6 (2013-06-25) * Enforces order of preference of ACR values in OpenID Connect client metadata, as required by the specification. * Documentation and performance improvements.

version 2.7 (2013-06-26) * Switches Identifier generation to java.security.SecureRandom.

version 2.8 (2013-06-30) * Fixes serialisation and assignment bugs in ClientMetadata. * Switches Secret generation to java.security.SecureRandom.

version 2.9 (2013-09-17)

... (truncated)

Commits
  • 205c2fa [maven-release-plugin] prepare for next development iteration
  • 469da65 Refactors and exposes AccessTokenParseUtils as public class
  • 5f67481 [maven-release-plugin] prepare release 11.25
  • See full diff in compare view

Updates com.fasterxml.jackson.datatype:jackson-datatype-jdk8 from 2.18.3 to 2.19.0

Updates com.fasterxml.jackson.datatype:jackson-datatype-jsr310 from 2.18.3 to 2.19.0

Updates com.yubico:webauthn-server-core from 2.6.0 to 2.7.0

Release notes

Sourced from com.yubico:webauthn-server-core's releases.

Version 2.7.0

New features:

  • Added overloaded setter RelyingPartyBuilder.origins(Optional<Set<String>>).
  • Added support for the CTAP2 credProtect extension.
  • Added support for the prf extension.
  • (Experimental) Added option FinishRegistrationOptions.isConditionalCreate to allow UP=0 in registration response for registration ceremonies with mediation: "conditional".
    • NOTE: Experimental features may receive breaking changes without a major version increase.

Fixes:

  • Excluded CVE-2025-27820 vulnerable versions of Apache httpclient5 from dependency resolution. Note that this might only affect consumers using Gradle module metadata.

Artifacts built with openjdk version "17.0.15" 2025-04-15.

Pre-release 2.7.0-RC3

Fixes:

  • Excluded CVE-2025-27820 vulnerable versions of Apache httpclient5 from dependency resolution. Note that this might only affect consumers using Gradle module metadata.

Artifacts built with openjdk version "17.0.15" 2025-04-15.

Pre-release 2.7.0-RC2

Fixes:

  • Fixed JSON encoding of credProtect extension inputs.

Artifacts built with openjdk version "17.0.14" 2025-01-21.

Pre-release 2.7.0-RC1

Changes since 2.7.0-alpha1

Breaking changes:

  • Removed the suite of experimental interfaces related with CredentialRepositoryV2. These will be postponed to minor release 2.8 instead.
  • Removed property RegisteredCredential.transports.

Changes since 2.6.0

New features:

  • Added overloaded setter RelyingPartyBuilder.origins(Optional<Set<String>>).
  • Added support for the CTAP2 credProtect extension.
  • Added support for the prf extension.
  • (Experimental) Added option FinishRegistrationOptions.isConditionalCreate to allow UP=0 in registration response for registration ceremonies with mediation: "conditional".
    • NOTE: Experimental features may receive breaking changes without a major version increase.

Artifacts built with openjdk version "17.0.14" 2025-01-21.

... (truncated)

Changelog

Sourced from com.yubico:webauthn-server-core's changelog.

== Version 2.7.0 ==

New features:

  • Added overloaded setter RelyingPartyBuilder.origins(Optional<Set<String>>).
  • Added support for the CTAP2 credProtect extension.
  • Added support for the prf extension.
  • (Experimental) Added option FinishRegistrationOptions.isConditionalCreate to allow UP=0 in registration response for registration ceremonies with mediation: "conditional". ** NOTE: Experimental features may receive breaking changes without a major version increase.

Fixes:

  • Excluded CVE-2025-27820 vulnerable versions of Apache httpclient5 from dependency resolution. Note that this might only affect consumers using Gradle module metadata.
Commits
  • 703179a Release 2.7.0
  • 7ca8cff Exclude CVE-2025-27820 versions of httpclient5 from dependency resolution
  • e595663 Add section heading to 2.7.0 changes
  • 0ae9fb1 Fix JSON encoding of credProtect extension inputs
  • 37010ca Reorder getCredProps methods together in RegistrationExtensionInputs
  • ea13797 Add PRF to extension input deserialization tests
  • ce28e0c Add credProps assertion to RegistrationExtensionInputs deserialization test
  • 5b7c0a9 Revert new experimental interfaces and classes
  • accb849 Add artifact checksum verification to release procedures
  • 50bb17c Extract URL references in releasing.md
  • Additional commits viewable in compare view

Updates com.fasterxml.jackson.core:jackson-databind from 2.18.3 to 2.19.0

Commits

Updates com.maxmind.geoip2:geoip2 from 4.2.1 to 4.3.0

Release notes

Sourced from com.maxmind.geoip2:geoip2's releases.

4.3.0

  • Support for the GeoIP Anonymous Plus database has been added. To do a lookup in this database, use the anonymousPlus method on DatabaseReader.
  • getMetroCode in the Location model has been deprecated. The code values are no longer being maintained.
Changelog

Sourced from com.maxmind.geoip2:geoip2's changelog.

4.3.0 (2025-05-05)

  • Support for the GeoIP Anonymous Plus database has been added. To do a lookup in this database, use the anonymousPlus method on DatabaseReader.
  • getMetroCode in the Location model has been deprecated. The code values are no longer being maintained.
Commits
  • 2c404af [maven-release-plugin] prepare release v4.3.0
  • 5127abe update version number in README.md
  • 5deb060 Set release date
  • cb640a2 Update copyright years
  • 6834bcf Fix typo
  • 3314067 Merge pull request #549 from maxmind/dependabot/maven/com.puppycrawl.tools-ch...
  • ed6f9a4 Bump com.puppycrawl.tools:checkstyle from 10.23.0 to 10.23.1
  • 808f1ee Merge pull request #548 from maxmind/dependabot/maven/com.fasterxml.jackson.d...
  • 726f233 Bump com.fasterxml.jackson.datatype:jackson-datatype-jsr310
  • c1f47db Merge pull request #544 from maxmind/dependabot/maven/com.fasterxml.jackson.c...
  • Additional commits viewable in compare view

Updates com.nimbusds:oauth2-oidc-sdk from 11.24 to 11.25

Changelog

Sourced from com.nimbusds:oauth2-oidc-sdk's changelog.

version 1.0 (2012-05-29) * First official release with authorisation endpoint, token endpoint, check ID endpoint and UserInfo endpoint support. * JSON Web Tokens (JWTs) support through the Nimbus-JWT library. * Language Tags (RFC 5646) support through the Nimbus-LangTag library. * JSON support through the JSON Smart library.

version 2.0 (2013-05-13) * Intermediary development release with Maven build, published to Maven Central.

version 2.1 (2013-06-06) * Updates the APIs to OpenID Connect Messages draft 20, OpenID Connect Standard draft 21, OpenID Connect Discovery draft 17 and OpenID Connect Registration draft 19. * Major refactoring of the APIs for greater simplicity. * Adds JUnit tests.

version 2.2 (2013-06-18) * Refactors dynamic OpenID Connect client registration. * Adds partial support of the OAuth 2.0 Dynamic Client Registration Protocol (draft-ietf-oauth-dyn-reg-12). * Optimises parsing of request parameters consisting of one or more tokens (scope, response type, etc).

version 2.3 (2013-06-19) * Renames OAuth 2.0 dynamic client registration package. * Adds ClientInformation.getClientMetadata() method. * Adds OIDCClientInformation class.

version 2.4 (2013-06-20) * Adds static OIDCClientInformation.parse(JSONObject) method.

version 2.5 (2013-06-22) * Adds support OAuth 2.0 dynamic client update. * Adds OpenID Connect dynamic client registration classes.

version 2.6 (2013-06-25) * Enforces order of preference of ACR values in OpenID Connect client metadata, as required by the specification. * Documentation and performance improvements.

version 2.7 (2013-06-26) * Switches Identifier generation to java.security.SecureRandom.

version 2.8 (2013-06-30) * Fixes serialisation and assignment bugs in ClientMetadata. * Switches Secret generation to java.security.SecureRandom.

version 2.9 (2013-09-17)

... (truncated)

Commits
  • 205c2fa [maven-release-plugin] prepare for next development iteration
  • 469da65 Refactors and exposes AccessTokenParseUtils as public class
  • 5f67481 [maven-release-plugin] prepare release 11.25
  • See full diff in compare view

Updates com.fasterxml.jackson.datatype:jackson-datatype-jdk8 from 2.18.3 to 2.19.0

Updates com.fasterxml.jackson.datatype:jackson-datatype-jsr310 from 2.18.3 to 2.19.0

Updates com.yubico:webauthn-server-core from 2.6.0 to 2.7.0

Release notes

Sourced from com.yubico:webauthn-server-core's releases.

Version 2.7.0

New features:

  • Added overloaded setter RelyingPartyBuilder.origins(Optional<Set<String>>).
  • Added support for the CTAP2 credProtect extension.
  • Added support for the prf extension.
  • (Experimental) Added option FinishRegistrationOptions.isConditionalCreate to allow UP=0 in registration response for registration ceremonies with mediation: "conditional".
    • NOTE: Experimental features may receive breaking changes without a major version increase.

Fixes:

  • Excluded CVE-2025-27820 vulnerable versions of Apache httpclient5 from dependency resolution. Note that this might only affect consumers using Gradle module metadata.

Artifacts built with openjdk version "17.0.15" 2025-04-15.

Pre-release 2.7.0-RC3

Fixes:

  • Excluded CVE-2025-27820 vulnerable versions of Apache httpclient5 from dependency resolution. Note that this might only affect consumers using Gradle module metadata.

Artifacts built with openjdk version "17.0.15" 2025-04-15.

Pre-release 2.7.0-RC2

Fixes:

  • Fixed JSON encoding of credProtect extension inputs.

Artifacts built with openjdk version "17.0.14" 2025-01-21.

Pre-release 2.7.0-RC1

Changes since 2.7.0-alpha1

Breaking changes:

  • Removed the suite of experimental interfaces related with CredentialRepositoryV2. These will be postponed to minor release 2.8 instead.
  • Removed property RegisteredCredential.transports.

Changes since 2.6.0

New features:

  • Added overloaded setter RelyingPartyBuilder.origins(Optional<Set<String>>).
  • Added support for the CTAP2 credProtect extension.
  • Added support for the prf extension.
  • (Experimental) Added option FinishRegistrationOptions.isConditionalCreate to allow UP=0 in registration response for registration ceremonies with mediation: "conditional".
    • NOTE: Experimental features may receive breaking changes without a major version increase.

Artifacts built with openjdk version "17.0.14" 2025-01-21.

... (truncated)

Changelog

Sourced from com.yubico:webauthn-server-core's changelog.

== Version 2.7.0 ==

New features:

  • Added overloaded setter RelyingPartyBuilder.origins(Optional<Set<String>>).
  • Added support for the CTAP2 credProtect extension.
  • Added support for the prf extension.
  • (Experimental) Added option FinishRegistrationOptions.isConditionalCreate to allow UP=0 in registration response for registration ceremonies with mediation: "conditional". ** NOTE: Experimental features may receive breaking changes without a major version increase.

Fixes:

  • Excluded CVE-2025-27820 vulnerable versions of Apache httpclient5 from dependency resolution. Note that this might only affect consumers using Gradle module metadata.
Commits
  • 703179a Release 2.7.0
  • 7ca8cff Exclude CVE-2025-27820 versions of httpclient5 from dependency resolution
  • e595663 Add section heading to 2.7.0 changes
  • 0ae9fb1 Fix JSON encoding of credProtect extension inputs
  • 37010ca Reorder getCredProps methods together in RegistrationExtensionInputs
  • ea13797 Add PRF to extension input deserialization tests
  • ce28e0c Add credProps assertion to RegistrationExtensionInputs deserialization test
  • 5b7c0a9 Revert new experimental interfaces and classes
  • accb849 Add artifact checksum verification to release procedures
  • 50bb17c Extract URL references in releasing.md
  • Additional commits viewable in compare view

Updates com.fasterxml.jackson.core:jackson-databind from 2.18.3 to 2.19.0

Commits

Updates com.maxmind.geoip2:geoip2 from 4.2.1 to 4.3.0

Release notes

Sourced from com.maxmind.geoip2:geoip2's releases.

4.3.0

  • Support for the GeoIP Anonymous Plus database has been added. To do a lookup in this database, use the anonymousPlus method on DatabaseReader.
  • getMetroCode in the Location model has been deprecated. The code values are no longer being maintained.
Changelog

Sourced from com.maxmind.geoip2:geoip2's changelog.

4.3.0 (2025-05-05)

  • Support for the GeoIP Anonymous Plus database has been added. To do a lookup in this database, use the anonymousPlus method on DatabaseReader.
  • getMetroCode in the Location model has been deprecated. The code values are no longer being maintained.
Commits
  • 2c404af [maven-release-plugin] prepare release v4.3.0
  • 5127abe update version number in README.md
  • 5deb060 Set release date
  • cb640a2 Update copyright years
  • 6834bcf Fix typo
  • 3314067 Merge pull request #549 from maxmind/dependabot/maven/com.puppycrawl.tools-ch...
  • ed6f9a4 Bump com.puppycrawl.tools:checkstyle from 10.23.0 to 10.23.1
  • 808f1ee Merge pull request #548 from maxmind/dependabot/maven/com.fasterxml.jackson.d...
  • 726f233 Bump com.fasterxml.jackson.datatype:jackson-datatype-jsr310
  • c1f47db Merge pull request #544 from maxmind/dependabot/maven/com.fasterxml.jackson.c...
  • Additional commits viewable in compare view

Updates com.nimbusds:oauth2-oidc-sdk from 11.24 to 11.25

Changelog

Sourced from com.nimbusds:oauth2-oidc-sdk's changelog.

version 1.0 (2012-05-29) * First official release with authorisation endpoint, token endpoint, check ID endpoint and UserInfo endpoint support. * JSON Web Tokens (JWTs) support through the Nimbus-JWT library. * Language Tags (RFC 5646) support through the Nimbus-LangTag library. * JSON support through the JSON Smart library.

version 2.0 (2013-05-13) * Intermediary development release with Maven build, published to Maven Central.

version 2.1 (2013-06-06) * Updates the APIs to OpenID Connect Messages draft 20, OpenID Connect Standard draft 21, OpenID Connect Discovery draft 17 and OpenID Connect Registration draft 19. * Major refactoring of the APIs for greater simplicity. * Adds JUnit tests.

version 2.2 (2013-06-18) * Refactors dynamic OpenID Connect client registration. * Adds partial support of the OAuth 2.0 Dynamic Client Registration Protocol (draft-ietf-oauth-dyn-reg-12). * Optimises parsing of request parameters consisting of one or more tokens (scope, response type, etc).

version 2.3 (2013-06-19) * Renames OAuth 2.0 dynamic client registration package. * Adds ClientInformation.getClientMetadata() method. * Adds OIDCClientInformation class.

version 2.4 (2013-06-20) * Adds static OIDCClientInformation.parse(JSONObject) method.

version 2.5 (2013-06-22) * Adds support OAuth 2.0 dynamic client update. * Adds OpenID Connect dynamic client registration classes.

version 2.6 (2013-06-25) * Enforces order of preference of ACR values in OpenID Connect client metadata, as required by the specification. * Documentation and performance improvements.

version 2.7 (2013-06-26) * Switches Identifier generation to java.security.SecureRandom.

version 2.8 (2013-06-30) * Fixes serialisation and assignment bugs in ClientMetadata. * Switches Secret generation to java.security.SecureRandom.

version 2.9 (2013-09-17)

... (truncated)

Commits
  • 205c2fa [maven-release-plugin] prepare for next development iteration
  • 469da65 Refactors and exposes AccessTokenParseUtils as public class
  • 5f67481 [maven-release-plugin] prepare release 11.25
  • See full diff in compare view

Updates com.fasterxml.jackson.datatype:jackson-datatype-jdk8 from 2.18.3 to 2.19.0

Updates com.fasterxml.jackson.datatype:jackson-datatype-jsr310 from 2.18.3 to 2.19.0

Updates com.yubico:webauthn-server-core from 2.6.0 to 2.7.0

Release notes

Sourced from com.yubico:webauthn-server-core's releases.

Version 2.7.0

New features:

  • Added overloaded setter RelyingPartyBuilder.origins(Optional<Set<String>>).
  • Added support for the CTAP2 credProtect extension.
  • Added support for the prf extension.
  • (Experimental) Added option FinishRegistrationOptions.isConditionalCreate to allow UP=0 in registration response for registration ceremonies with mediation: "conditional".
    • NOTE: Experimental features may receive breaking changes without a major version increase.

Fixes:

  • Excluded CVE-2025-27820 vulnerable versions of Apache httpclient5 from dependency resolution. Note that this might only affect consumers using Gradle module metadata.

Artifacts built with openjdk version "17.0.15" 2025-04-15.

Pre-release 2.7.0-RC3

Fixes:

  • Excluded CVE-2025-27820 vulnerable versions of Apache httpclient5 from dependency resolution. Note that this might only affect consumers using Gradle module metadata.

Artifacts built with openjdk version "17.0.15" 2025-04-15.

Pre-release 2.7.0-RC2

Fixes:

  • Fixed JSON encoding of credProtect extension inputs.

Artifacts built with openjdk version "17.0.14" 2025-01-21.

Pre-release 2.7.0-RC1

Changes since 2.7.0-alpha1

Breaking changes:

  • Removed the suite of experimental interfaces related with CredentialRepositoryV2. These will be postponed to minor release 2.8 instead.
  • Removed property RegisteredCredential.transports.

Changes since 2.6.0

New features:

  • Added overloaded setter RelyingPartyBuilder.origins(Optional<Set<String>>).
  • Added support for the CTAP2 credProtect extension.
  • Added support for the prf extension.
  • (Experimental) Added option FinishRegistrationOptions.isConditionalCreate to allow UP=0 in registration response for registration ceremonies with mediation: "conditional".
    • NOTE: Experimental features may receive breaking changes without a major version increase.

Artifacts built with openjdk version "17.0.14" 2025-01-21.

... (truncated)

Changelog

Sourced from com.yubico:webauthn-server-core's changelog.

== Version 2.7.0 ==

New features:

  • Added overloaded setter RelyingPartyBuilder.origins(Optional<Set<String>>).
  • Added support for the CTAP2 credProtect extension.
  • Added support for the prf extension.
  • (Experimental) Added option FinishRegistrationOptions.isConditionalCreate to allow UP=0 in registration response for registration ceremonies with mediation: "conditional". ** NOTE: Experimental features may receive breaking changes without a major version increase.

Fixes:

  • Excluded CVE-2025-27820 vulnerable versions of Apache httpclient5 from dependency resolution. Note that this might only affect consumers using Gradle module metadata.
Commits
  • 703179a Release 2.7.0
  • 7ca8cff Exclude CVE-2025-27820 versions of httpclient5 from dependency resolution
  • e595663 Add section heading to 2.7.0 changes
  • 0ae9fb1 Fix JSON encoding of credProtect extension inputs
  • 37010ca Reorder getCredProps methods together in RegistrationExtensionInputs
  • ea13797 Add PRF to extension input deserialization tests
  • ce28e0c Add credProps assertion to RegistrationExtensionInputs deserialization test
  • 5b7c0a9 Revert new experimental interfaces and classes
  • accb849 Add artifact checksum verification to release procedures
  • 50bb17c Extract URL references in releasing.md
  • Additional commits viewable in compare view

Updates com.fasterxml.jackson.core:jackson-databind from 2.18.3 to 2.19.0

Commits

Updates com.maxmind.geoip2:geoip2 from 4.2.1 to 4.3.0

Release notes

Sourced from com.maxmind.geoip2:geoip2's releases.

4.3.0

  • Support for the GeoIP Anonymous Plus database has been added. To do a lookup in this database, use the anonymousPlus method on DatabaseReader.
  • getMetroCode in the Location model has been deprecated. The code values are no longer being maintained.
Changelog

Sourced from com.maxmind.geoip2:geoip2's changelog.

4.3.0 (2025-05-05)

  • Support for the GeoIP Anonymous Plus database has been added. To do a lookup in this database, use the anonymousPlus method on DatabaseReader.
  • getMetroCode in the Location model has been deprecated. The code values are no longer being maintained.
Commits
  • 2c404af [maven-release-plugin] prepare release v4.3.0
  • 5127abe update version number in README.md
  • 5deb060 Set release date
  • cb640a2 Update copyright years
  • 6834bcf Fix typo
  • 3314067 Merge pull request #549 from maxmind/dependabot/maven/com.puppycrawl.tools-ch...
  • ed6f9a4 Bump com.puppycrawl.tools:checkstyle from 10.23.0 to 10.23.1
  • 808f1ee Merge pull request #548 from maxmind/dependabot/maven/com.fasterxml.jackson.d...
  • 726f233 Bump com.fasterxml.jackson.datatype:jackson-datatype-jsr310
  • c1f47db Merge pull request #544 from maxmind/dependabot/maven/com.fasterxml.jackson.c...
  • Additional commits viewable in compare view

Updates com.nimbusds:oauth2-oidc-sdk from 11.24 to 11.25

Changelog

Sourced from com.nimbusds:oauth2-oidc-sdk's changelog.

version 1.0 (2012-05-29) * First official release with authorisation endpoint, token endpoint, check ID endpoint and UserInfo endpoint support. * JSON Web Tokens (JWTs) support through the Nimbus-JWT library. * Language Tags (RFC 5646) support through the Nimbus-LangTag library. * JSON support through the JSON Smart library.

version 2.0 (2013-05-13) * Intermediary development release with Maven build, published to Maven Central.

version 2.1 (2013-06-06) * Updates the APIs to OpenID Connect Messages draft 20, OpenID Connect Standard draft 21, OpenID Connect Discovery draft 17 and OpenID Connect Registration draft 19. * Major refactoring of the APIs for greater simplicity. * Adds JUnit tests.

version 2.2 (2013-06-18) * Refactors dynamic OpenID Connect client registration. * Adds partial support of the OAuth 2.0 Dynamic Client Registration Protocol (draft-ietf-oauth-dyn-reg-12). * Optimises parsing of request parameters consisting of one or more tokens (scope, response type, etc).

version 2.3 (2013-06-19) * Renames OAuth 2.0 dynamic client registration package. * Adds ClientInformation.getClientMetadata() method. * Adds OIDCClientInformation class.

version 2.4 (2013-06-20) * Adds static OIDCClientInformation.parse(JSONObject) method.

version 2.5 (2013-06-22) * Adds support OAuth 2.0 dynamic client update. * Adds OpenID Connect dynamic client registration classes.

version 2.6 (2013-06-25) * Enforces order of preference of ACR values in OpenID Connect client metadata, as required by the specification. * Documentation and performance improvements.

version 2.7 (2013-06-26) * Switches Identifier generation to java.security.SecureRandom.

version 2.8 (2013-06-30) * Fixes serialisation and assignment bugs in ClientMetadata. * Switches Secret generation to java.security.SecureRandom.

version 2.9 (2013-09-17)

... (truncated)

Commits
  • 205c2fa [maven-release-plugin] prepare for next development iteration
  • 469da65 Refactors and exposes AccessTokenParseUtils as public class
  • 5f67481 [maven-release-plugin] prepare release 11.25
  • See full diff in compare view

Updates com.fasterxml.jackson.datatype:jackson-datatype-jdk8 from 2.18.3 to 2.19.0

Updates com.fasterxml.jackson.datatype:jackson-datatype-jsr310 from 2.18.3 to 2.19.0

Updates com.yubico:webauthn-server-core from 2.6.0 to 2.7.0

Release notes

Sourced from com.yubico:webauthn-server-core's releases.

Version 2.7.0

New features:

  • Added overloaded setter RelyingPartyBuilder.origins(Optional<Set<String>>).
  • Added support for the CTAP2 credProtect extension.
  • Added support for the prf extension.
  • (Experimental) Added option FinishRegistrationOptions.isConditionalCreate to allow UP=0 in registration response for registration ceremonies with mediation: "conditional".
    • NOTE: Experimental features may receive breaking changes without a major version increase.

Fixes:

  • Excluded CVE-2025-27820 vulnerable versions of Apache httpclient5 from dependency resolution. Note that this might only affect consumers using Gradle module metadata.

Artifacts built with openjdk version "17.0.15" 2025-04-15.

Pre-release 2.7.0-RC3

Fixes:

  • Excluded CVE-2025-27820 vulnerable versions of Apache httpclient5 from dependency resolution. Note that this might only affect consumers using Gradle module metadata.

Artifacts built with openjdk version "17.0.15" 2025-04-15.

Pre-release 2.7.0-RC2

Fixes:

  • Fixed JSON encoding of credProtect extension inputs.

Artifacts built with openjdk version "17.0.14" 2025-01-21.

Pre-release 2.7.0-RC1

Changes since 2.7.0-alpha1

Breaking changes:

  • Removed the suite of experimental interfaces related with CredentialRepositoryV2. These will be postponed to minor release 2.8 instead.
  • Removed property RegisteredCredential.transports.

Changes since 2.6.0

New features:

  • Added overloaded setter RelyingPartyBuilder.origins(Optional<Set<String>>).
  • Added support for the CTAP2 credProtect extension.
  • Added support for the prf extension.
  • (Experimental) Added option FinishRegistrationOptions.isConditionalCreate to allow UP=0 in registration response for registration ceremonies with mediation: "conditional".
    • NOTE: Experimental features may receive breaking changes without a major version increase.

Artifacts built with openjdk version "17.0.14" 2025-01-21.

... (truncated)

Changelog

Sourced from com.yubico:webauthn-server-core's changelog.

== Version 2.7.0 ==

New features:

  • Added overloaded setter RelyingPartyBuilder.origins(Optional<Set<String>>).
  • Added support for the CTAP2 credProtect extension.
  • Added support for the prf extension.
  • (Experimental) Added option FinishRegistrationOptions.isConditionalCreate to allow UP=0 in registration response for registration ceremonies with mediation: "conditional". ** NOTE: Experimental features may receive breaking changes without a major version increase.

Fixes:

  • Excluded CVE-2025-27820 vulnerable versions of Apache httpclient5 from dependency resolution. Note that this might only affect consumers using Gradle module metadata.
Commits
  • 703179a Release 2.7.0
  • 7ca8cff Exclude CVE-2025-27820 versions of httpclient5 from dependency resolution
  • e595663 Add section heading to 2.7.0 changes
  • 0ae9fb1 Fix JSON encoding of credProtect extension inputs
  • 37010ca Reorder getCredProps methods together in RegistrationExtensionInputs
  • ea13797 Add PRF to extension input deserialization tests
  • ce28e0c Add credProps assertion to RegistrationExtensionInputs deserialization test
  • 5b7c0a9 Revert new experimental interfaces and classes
  • accb849 Add artifact checksum verification to release procedures
  • 50bb17c Extract URL references in releasing.md
  • Additional commits viewable in compare view

Updates com.fasterxml.jackson.core:jackson-databind from 2.18.3 to 2.19.0

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the backend-prod group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [com.maxmind.geoip2:geoip2](https://github.com/maxmind/GeoIP2-java) | `4.2.1` | `4.3.0` |
| [com.nimbusds:oauth2-oidc-sdk](https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions) | `11.24` | `11.25` |
| com.fasterxml.jackson.datatype:jackson-datatype-jdk8 | `2.18.3` | `2.19.0` |
| com.fasterxml.jackson.datatype:jackson-datatype-jsr310 | `2.18.3` | `2.19.0` |
| [com.yubico:webauthn-server-core](https://github.com/Yubico/java-webauthn-server) | `2.6.0` | `2.7.0` |
| [com.fasterxml.jackson.core:jackson-databind](https://github.com/FasterXML/jackson) | `2.18.3` | `2.19.0` |

Bumps the backend-prod group with 6 updates in the /myconext-server directory:

| Package | From | To |
| --- | --- | --- |
| [com.maxmind.geoip2:geoip2](https://github.com/maxmind/GeoIP2-java) | `4.2.1` | `4.3.0` |
| [com.nimbusds:oauth2-oidc-sdk](https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions) | `11.24` | `11.25` |
| com.fasterxml.jackson.datatype:jackson-datatype-jdk8 | `2.18.3` | `2.19.0` |
| com.fasterxml.jackson.datatype:jackson-datatype-jsr310 | `2.18.3` | `2.19.0` |
| [com.yubico:webauthn-server-core](https://github.com/Yubico/java-webauthn-server) | `2.6.0` | `2.7.0` |
| [com.fasterxml.jackson.core:jackson-databind](https://github.com/FasterXML/jackson) | `2.18.3` | `2.19.0` |



Updates `com.maxmind.geoip2:geoip2` from 4.2.1 to 4.3.0
- [Release notes](https://github.com/maxmind/GeoIP2-java/releases)
- [Changelog](https://github.com/maxmind/GeoIP2-java/blob/main/CHANGELOG.md)
- [Commits](maxmind/GeoIP2-java@v4.2.1...v4.3.0)

Updates `com.nimbusds:oauth2-oidc-sdk` from 11.24 to 11.25
- [Changelog](https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions/src/master/CHANGELOG.txt)
- [Commits](https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions/branches/compare/11.25..11.24)

Updates `com.fasterxml.jackson.datatype:jackson-datatype-jdk8` from 2.18.3 to 2.19.0

Updates `com.fasterxml.jackson.datatype:jackson-datatype-jsr310` from 2.18.3 to 2.19.0

Updates `com.yubico:webauthn-server-core` from 2.6.0 to 2.7.0
- [Release notes](https://github.com/Yubico/java-webauthn-server/releases)
- [Changelog](https://github.com/Yubico/java-webauthn-server/blob/main/NEWS)
- [Commits](Yubico/java-webauthn-server@2.6.0...2.7.0)

Updates `com.fasterxml.jackson.core:jackson-databind` from 2.18.3 to 2.19.0
- [Commits](https://github.com/FasterXML/jackson/commits)

Updates `com.maxmind.geoip2:geoip2` from 4.2.1 to 4.3.0
- [Release notes](https://github.com/maxmind/GeoIP2-java/releases)
- [Changelog](https://github.com/maxmind/GeoIP2-java/blob/main/CHANGELOG.md)
- [Commits](maxmind/GeoIP2-java@v4.2.1...v4.3.0)

Updates `com.nimbusds:oauth2-oidc-sdk` from 11.24 to 11.25
- [Changelog](https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions/src/master/CHANGELOG.txt)
- [Commits](https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions/branches/compare/11.25..11.24)

Updates `com.fasterxml.jackson.datatype:jackson-datatype-jdk8` from 2.18.3 to 2.19.0

Updates `com.fasterxml.jackson.datatype:jackson-datatype-jsr310` from 2.18.3 to 2.19.0

Updates `com.yubico:webauthn-server-core` from 2.6.0 to 2.7.0
- [Release notes](https://github.com/Yubico/java-webauthn-server/releases)
- [Changelog](https://github.com/Yubico/java-webauthn-server/blob/main/NEWS)
- [Commits](Yubico/java-webauthn-server@2.6.0...2.7.0)

Updates `com.fasterxml.jackson.core:jackson-databind` from 2.18.3 to 2.19.0
- [Commits](https://github.com/FasterXML/jackson/commits)

Updates `com.maxmind.geoip2:geoip2` from 4.2.1 to 4.3.0
- [Release notes](https://github.com/maxmind/GeoIP2-java/releases)
- [Changelog](https://github.com/maxmind/GeoIP2-java/blob/main/CHANGELOG.md)
- [Commits](maxmind/GeoIP2-java@v4.2.1...v4.3.0)

Updates `com.nimbusds:oauth2-oidc-sdk` from 11.24 to 11.25
- [Changelog](https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions/src/master/CHANGELOG.txt)
- [Commits](https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions/branches/compare/11.25..11.24)

Updates `com.fasterxml.jackson.datatype:jackson-datatype-jdk8` from 2.18.3 to 2.19.0

Updates `com.fasterxml.jackson.datatype:jackson-datatype-jsr310` from 2.18.3 to 2.19.0

Updates `com.yubico:webauthn-server-core` from 2.6.0 to 2.7.0
- [Release notes](https://github.com/Yubico/java-webauthn-server/releases)
- [Changelog](https://github.com/Yubico/java-webauthn-server/blob/main/NEWS)
- [Commits](Yubico/java-webauthn-server@2.6.0...2.7.0)

Updates `com.fasterxml.jackson.core:jackson-databind` from 2.18.3 to 2.19.0
- [Commits](https://github.com/FasterXML/jackson/commits)

Updates `com.maxmind.geoip2:geoip2` from 4.2.1 to 4.3.0
- [Release notes](https://github.com/maxmind/GeoIP2-java/releases)
- [Changelog](https://github.com/maxmind/GeoIP2-java/blob/main/CHANGELOG.md)
- [Commits](maxmind/GeoIP2-java@v4.2.1...v4.3.0)

Updates `com.nimbusds:oauth2-oidc-sdk` from 11.24 to 11.25
- [Changelog](https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions/src/master/CHANGELOG.txt)
- [Commits](https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions/branches/compare/11.25..11.24)

Updates `com.fasterxml.jackson.datatype:jackson-datatype-jdk8` from 2.18.3 to 2.19.0

Updates `com.fasterxml.jackson.datatype:jackson-datatype-jsr310` from 2.18.3 to 2.19.0

Updates `com.yubico:webauthn-server-core` from 2.6.0 to 2.7.0
- [Release notes](https://github.com/Yubico/java-webauthn-server/releases)
- [Changelog](https://github.com/Yubico/java-webauthn-server/blob/main/NEWS)
- [Commits](Yubico/java-webauthn-server@2.6.0...2.7.0)

Updates `com.fasterxml.jackson.core:jackson-databind` from 2.18.3 to 2.19.0
- [Commits](https://github.com/FasterXML/jackson/commits)

---
updated-dependencies:
- dependency-name: com.maxmind.geoip2:geoip2
  dependency-version: 4.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend-prod
- dependency-name: com.nimbusds:oauth2-oidc-sdk
  dependency-version: '11.25'
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend-prod
- dependency-name: com.fasterxml.jackson.datatype:jackson-datatype-jdk8
  dependency-version: 2.19.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend-prod
- dependency-name: com.fasterxml.jackson.datatype:jackson-datatype-jsr310
  dependency-version: 2.19.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend-prod
- dependency-name: com.yubico:webauthn-server-core
  dependency-version: 2.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend-prod
- dependency-name: com.fasterxml.jackson.core:jackson-databind
  dependency-version: 2.19.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend-prod
- dependency-name: com.maxmind.geoip2:geoip2
  dependency-version: 4.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend-prod
- dependency-name: com.nimbusds:oauth2-oidc-sdk
  dependency-version: '11.25'
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend-prod
- dependency-name: com.fasterxml.jackson.datatype:jackson-datatype-jdk8
  dependency-version: 2.19.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend-prod
- dependency-name: com.fasterxml.jackson.datatype:jackson-datatype-jsr310
  dependency-version: 2.19.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend-prod
- dependency-name: com.yubico:webauthn-server-core
  dependency-version: 2.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend-prod
- dependency-name: com.fasterxml.jackson.core:jackson-databind
  dependency-version: 2.19.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend-prod
- dependency-name: com.maxmind.geoip2:geoip2
  dependency-version: 4.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend-prod
- dependency-name: com.nimbusds:oauth2-oidc-sdk
  dependency-version: '11.25'
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend-prod
- dependency-name: com.fasterxml.jackson.datatype:jackson-datatype-jdk8
  dependency-version: 2.19.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend-prod
- dependency-name: com.fasterxml.jackson.datatype:jackson-datatype-jsr310
  dependency-version: 2.19.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend-prod
- dependency-name: com.yubico:webauthn-server-core
  dependency-version: 2.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend-prod
- dependency-name: com.fasterxml.jackson.core:jackson-databind
  dependency-version: 2.19.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend-prod
- dependency-name: com.maxmind.geoip2:geoip2
  dependency-version: 4.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend-prod
- dependency-name: com.nimbusds:oauth2-oidc-sdk
  dependency-version: '11.25'
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend-prod
- dependency-name: com.fasterxml.jackson.datatype:jackson-datatype-jdk8
  dependency-version: 2.19.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend-prod
- dependency-name: com.fasterxml.jackson.datatype:jackson-datatype-jsr310
  dependency-version: 2.19.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend-prod
- dependency-name: com.yubico:webauthn-server-core
  dependency-version: 2.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend-prod
- dependency-name: com.fasterxml.jackson.core:jackson-databind
  dependency-version: 2.19.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend-prod
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels May 22, 2025
@dependabot @github

dependabot Bot commented on behalf of github May 23, 2025

Copy link
Copy Markdown
Contributor Author

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this May 23, 2025
@dependabot dependabot Bot deleted the dependabot/maven/backend-prod-9371206736 branch May 23, 2025 15:44
@github-project-automation github-project-automation Bot moved this from New to Delivered in Openconext-Myconext May 23, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file java Pull requests that update Java code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant