Bump the dependencies group with 2 updates

[dependabot]

Bumps the dependencies group with 2 updates: io.jsonwebtoken:jjwt and org.apache.maven.plugins:maven-javadoc-plugin.

Updates io.jsonwebtoken:jjwt from 0.9.1 to 0.12.1

Release notes

Sourced from io.jsonwebtoken:jjwt's releases.

0.12.1

This is a quick follow-up release from yesterday's 0.12.0 release that addresses a reflection issue on JDK 17. The fix has been tested up through JDK 21.

Notes are in the CHANGELOG, and project documentation is in the README.

Please allow 30 minutes for the release to be available in Maven Central.

0.12.0

It is finally here! This release includes full support for JSON Web Encryption (JWE), JSON Web Keys (JWK), JSON Web Key Thumbprints, JSON Web Key Thumbprint URIs, and so, so much more.

This is the culmination of hundreds of hours worth of work and testing, and we're glad to finally release it. However, please note:

This is our first-ever breaking change release. While we tried hard to minimize the breakages, some were just necessary in preparation for 1.0 and to finalize all JWT RFC features. If you are not partial to fixing changes when upgrading a library, we strongly encourage you to wait until the 1.0 release.

Please pay particular attention to the CHANGELOG listing breaking changes.

Full documentation is available in the README.

Changelog

Sourced from io.jsonwebtoken:jjwt's changelog.

0.12.1

Enabled reflective access on JDK 17+ to java.io.ByteArrayInputStream and sun.security.util.KeyUtil for jjwt-impl.jar

0.12.0

This is a big release! JJWT now fully supports Encrypted JSON Web Tokens (JWE), JSON Web Keys (JWK) and more! See the sections below enumerating all new features as well as important notes on breaking changes or backwards-incompatible changes made in preparation for the upcoming 1.0 release.

Because breaking changes are being introduced, it is strongly recommended to wait until the upcoming 1.0 release where you can address breaking changes one time only.

Those that need immediate JWE encryption and JWK key support however will likely want to upgrade now and deal with the smaller subset of breaking changes in the 1.0 release.

Simplified Starter Jar

Those upgrading to new modular JJWT versions from old single-jar versions will transparently obtain everything they need in their Maven, Gradle or Android projects.

JJWT's early releases had one and only one .jar: jjwt.jar. Later releases moved to a modular design with 'api' and 'impl' jars including 'plugin' jars for Jackson, GSON, org.json, etc. Some users upgrading from the earlier single jar to JJWT's later versions have been frustrated by being forced to learn how to configure the more modular .jars.

This release re-introduces the jjwt.jar artifact again, but this time it is simply an empty .jar with Maven metadata that will automatically transitively download the following into a project, retaining the old single-jar behavior:

• jjwt-api.jar
• jjwt-impl.jar
• jjwt-jackson.jar

Naturally, developers are still encouraged to configure the modular .jars as described in JJWT's documentation for greater control and to enable their preferred JSON parser, but this stop-gap should help those unaware when upgrading.

JSON Web Encryption (JWE) Support!

This has been a long-awaited feature for JJWT, years in the making, and it is quite extensive - so many encryption algorithms and key management algorithms are defined by the JWA specification, and new API concepts had to be introduced for all of them, as well as extensive testing with RFC-defined test vectors. The wait is over!
All JWA-defined encryption algorithms and key management algorithms are fully implemented and supported and available immediately. For example:

AeadAlgorithm enc = Jwts.ENC.A256GCM;
SecretKey key = enc.key().build();
String compact = Jwts.builder().setSubject("Joe").encryptWith(key, enc).compact();
Jwe<Claims> jwe = Jwts.parser().decryptWith(key).build().parseEncryptedClaims(compact);
</tr></table>

... (truncated)

Commits

• 15503da [maven-release-plugin] prepare release 0.12.1
• 64b1f0b prepping for 0.12.1 release
• 1625067 Closes #849 (#852)
• 44cd552 Update README.md
• 0c30409 0.12.0 staging complete (#847)
• b411b19 key byte array cleanup as necessary (#846)
• e78f3f5 JwtParser.parse* method renames (#845)
• 3b529ac Update maven wrapper
• 05717d0 Expanded Parser method argument support (#844)
• 36a6e13 README cleanup based on latest API (#843)
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-javadoc-plugin from 3.5.0 to 3.6.0

Release notes

Sourced from org.apache.maven.plugins:maven-javadoc-plugin's releases.

3.6.0

🚀 New features and improvements

• [MJAVADOC-642] - Make offline mode configurable (#238) @​hgschmie
• [MJAVADOC-642] - Make offline mode configurable (#232) @​hgschmie
• [MJAVADOC-770] - Implement legacy mode for Java 9+ (#228) @​hgschmie
• [MJAVADOC-743] - Drop deprecated mojo parameter (#185) @​cstamas

🐛 Bug Fixes

• [MJAVADOC-742] - Fix resolution of docletArtifacts (#186) @​cstamas
• [MJAVADOC-758] - correct exception in JavadocUtil (#230) @​hgschmie
• [MJAVADOC-769] - fix for transitive filename based modules (#227) @​hgschmie
• [MJAVADOC-767] - javadoc creates invalid --patch-module statements (#225) @​hgschmie
• [MJAVADOC-763] - remove test that doesn't test what it claims (#219) @​elharo
• [MJAVADOC-757] - fix Javadoc warnings (#212) @​elharo
• Fix UmlGraph link in site example (#198) @​ParkerM

📦 Dependency updates

• [JAVADOC-771] - Upgrade Parent to 40 (#234) @​hgschmie
• Bump org.apache.maven:maven-core from 3.6.0 to 3.8.1 in /src/it/projects/MJAVADOC-568_manifest-splitpackage/mojo (#226) @​dependabot
• Bump com.google.guava:guava from 31.1-jre to 32.0.0-jre in /src/it/projects/MJAVADOC-769 (#229) @​dependabot
• [MJAVADOC-766] - Bump org.codehaus.plexus:plexus-archiver from 4.7.1 to 4.8.0 (#222) @​dependabot
• Bump hamcrest-core from 1.3 to 2.2 (#221) @​dependabot
• Bump guava from 27.0.1-jre to 32.0.0-jre in /src/it/projects/MJAVADOC-555_link-automatic-modules (#207) @​dependabot
• Bump javax.servlet-api from 3.1.0 to 4.0.1 (test dependency) (#220) @​dependabot
• [MJAVADOC-761] - commons-io 2.13.0 (#215) @​elharo
• Bump plexus-utils from 3.5.0 to 3.5.1 (#201) @​dependabot
• Bump mockito-core from 4.4.0 to 4.11.0 (#196) @​dependabot

👻 Maintenance

• fix jenkins link (#237) @​hgschmie
• Fix build on jenkins (#236) @​slawekjaranowski
• [MJAVADOC-772] - Refresh download page (#235) @​slawekjaranowski
• Use 3.6.0 as release version (#233) @​hgschmie
• Remove superflous whitespace from PR template (#231) @​hgschmie
• Bump jetty from 9.4.50.v20221201 to 9.4.51.v20230217 (#224) @​slachiewicz
• [MJAVADOC-765] - Fix build with Java 20 (#223) @​slachiewicz
• [MJAVADOC-760] - declare test dependencies (#217) @​elharo
• [MJAVADOC-760] - explicitly declare shared utility dependencies (#216) @​elharo
• remove unused private method (#213) @​elharo
• replace plexus with maven shared utils (#211) @​elharo
• [MJAVADOC-755] - replace IOUtil.close with try with resources (#209) @​elharo
• [MJAVADOC-755] - Use java.lang.String instead of StringUtils (#208) @​elharo
• [MNG-6829] - Replace StringUtils#isEmpty(String) and #isNotEmpty(String) (#205) @​timtebeek
• Bump mockito-core from 4.4.0 to 4.11.0 (#196) @​dependabot
• [MNG-6825] - Replace Maven shared StringUtils with Commons Lang3 (#199) @​timtebeek

... (truncated)

Commits

• 7548066 [maven-release-plugin] prepare release maven-javadoc-plugin-3.6.0
• 77adc47 [MJAVADOC-642] Make offline mode configurable (#238)
• 24362d2 [MJAVADOC-742] Fix resolution of docletArtifacts (#186)
• bee4197 fix jenkins link (#237)
• 9830bdc Fix build on jenkins
• 6f30bed [MJAVADOC-642] Make offline mode configurable (#232)
• e4023d0 [JAVADOC-771] Upgrade Parent to 40 (#234)
• 7904e45 [MJAVADOC-772] Refresh download page
• 87c2424 Bump org.apache.maven:maven-core (#226)
• 83ab01b Use 3.6.0 as release version (#233)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.