Commit Graph

120 Commits

Author SHA1 Message Date
snyk-bot 1465a55a39
fix: pom.xml to reduce vulnerabilities
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244
2022-03-26 02:16:56 +00:00
snyk-bot 20b04372d2 fix: upgrade com.google.code.gson:gson from 2.8.8 to 2.8.9
Snyk has created this PR to upgrade com.google.code.gson:gson from 2.8.8 to 2.8.9.

See this package in Maven Repository:
https://mvnrepository.com/artifact/com.google.code.gson/gson/

See this project in Snyk:
https://app.snyk.io/org/micah.silverman/project/cb87a9f4-731e-4a75-a25d-ca3272fdd00b?utm_source=github&utm_medium=referral&page=upgrade-pr
2022-02-28 18:05:54 -05:00
snyk-bot 82189f8418 fix: pom.xml to reduce vulnerabilities
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2326698
2022-01-31 16:25:40 -05:00
dependabot[bot] 2fb6d6bb9c Bump bcprov-jdk15on from 1.60 to 1.67
Bumps [bcprov-jdk15on](https://github.com/bcgit/bc-java) from 1.60 to 1.67.
- [Release notes](https://github.com/bcgit/bc-java/releases)
- [Changelog](https://github.com/bcgit/bc-java/blob/master/docs/releasenotes.html)
- [Commits](https://github.com/bcgit/bc-java/commits)

---
updated-dependencies:
- dependency-name: org.bouncycastle:bcprov-jdk15on
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-11-24 12:36:39 -05:00
Snyk bot 3e6c9e978c
fix: upgrade com.google.code.gson:gson from 2.8.5 to 2.8.8 (#684)
Snyk has created this PR to upgrade com.google.code.gson:gson from 2.8.5 to 2.8.8.

See this package in Maven Repository:
https://mvnrepository.com/artifact/com.google.code.gson/gson/

See this project in Snyk:
https://app.snyk.io/org/dogeared/project/76cafdc8-8c18-4705-9786-9703c2e293c9?utm_source=github&utm_medium=referral&page=upgrade-pr
2021-10-11 13:13:39 -04:00
Snyk bot 878d836347
fix: upgrade com.fasterxml.jackson.core:jackson-databind from 2.9.10.7 to 2.12.5 (#683)
Snyk has created this PR to upgrade com.fasterxml.jackson.core:jackson-databind from 2.9.10.7 to 2.12.5.

See this package in Maven Repository:
https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-databind/

See this project in Snyk:
https://app.snyk.io/org/dogeared/project/d56a851a-c55c-475b-bff7-40745a085073?utm_source=github&utm_medium=referral&page=upgrade-pr
2021-10-11 13:13:16 -04:00
Brian Demers 1118726d04 Update fork of coverall-maven-plugin fork
NOTE: This fork supports Clover for test coverage
2021-07-09 13:23:41 -04:00
dependabot[bot] 8ed4ab407e Bump jackson-databind from 2.9.10.5 to 2.9.10.7
Bumps [jackson-databind](https://github.com/FasterXML/jackson) from 2.9.10.5 to 2.9.10.7.
- [Release notes](https://github.com/FasterXML/jackson/releases)
- [Commits](https://github.com/FasterXML/jackson/commits)

Signed-off-by: dependabot[bot] <support@github.com>
2021-02-19 10:11:08 -05:00
dependabot[bot] 71ed1b67aa Bump junit from 4.12 to 4.13.1
Bumps [junit](https://github.com/junit-team/junit4) from 4.12 to 4.13.1.
- [Release notes](https://github.com/junit-team/junit4/releases)
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.12.md)
- [Commits](https://github.com/junit-team/junit4/compare/r4.12...r4.13.1)

Signed-off-by: dependabot[bot] <support@github.com>
2020-10-13 14:48:06 -04:00
Brian Demers dc120e8c54 Correcting dependabot version bump of Jackson to 2.9.10.5 2020-07-09 16:04:45 -04:00
dependabot[bot] 6f2c0c37aa Bump jackson-databind from 2.9.10.4 to 2.10.0.pr1
Bumps [jackson-databind](https://github.com/FasterXML/jackson) from 2.9.10.4 to 2.10.0.pr1.
- [Release notes](https://github.com/FasterXML/jackson/releases)
- [Commits](https://github.com/FasterXML/jackson/commits)

Signed-off-by: dependabot[bot] <support@github.com>
2020-07-09 16:04:45 -04:00
Les Hazlewood 14b2f19b29 [maven-release-plugin] prepare for next development iteration 2020-06-11 15:50:09 -04:00
Les Hazlewood 274749373f [maven-release-plugin] prepare release 0.11.2 2020-06-11 15:50:00 -04:00
Les Hazlewood 26527bd43c Updated the pom snapshot versions to prepare for the upcoming 0.11.2 release 2020-06-11 14:16:29 -04:00
Johannes Ballmann 82b870e283
Add support for jdk14 (#590) 2020-06-08 14:00:59 -04:00
dependabot[bot] 972591f87f
Bump jackson-databind from 2.9.10.3 to 2.9.10.4 (#587)
Bumps [jackson-databind](https://github.com/FasterXML/jackson) from 2.9.10.3 to 2.9.10.4.
- [Release notes](https://github.com/FasterXML/jackson/releases)
- [Commits](https://github.com/FasterXML/jackson/commits)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-04-24 16:06:43 -04:00
Les Hazlewood 5616ba769a [maven-release-plugin] prepare for next development iteration 2020-03-12 16:59:12 -04:00
Les Hazlewood c09deaa5f3 [maven-release-plugin] prepare release 0.11.1 2020-03-12 16:59:05 -04:00
Les Hazlewood c563365b97 Prepping for the 0.11.0 --> 0.11.1 release 2020-03-12 16:56:17 -04:00
dependabot[bot] 0fd59efc93 Bump jackson-databind from 2.9.10.1 to 2.9.10.3
Bumps [jackson-databind](https://github.com/FasterXML/jackson) from 2.9.10.1 to 2.9.10.3.
- [Release notes](https://github.com/FasterXML/jackson/releases)
- [Commits](https://github.com/FasterXML/jackson/commits)

Signed-off-by: dependabot[bot] <support@github.com>
2020-03-05 10:09:47 -05:00
Les Hazlewood 23743f5a59 [maven-release-plugin] prepare for next development iteration 2020-02-05 12:29:05 -08:00
Les Hazlewood 3cd48fade7 [maven-release-plugin] prepare release 0.11.0 2020-02-05 12:28:58 -08:00
Les Hazlewood 950e6fbcc7
cherry-pick 4821395c06b0786e19b1a3153be65f39a2a524d9: Ensured SignatureAlgorithm `PS256`, `PS384`, and `PS512` worked properly on JDK 11 and later without requiring BouncyCastle. (#555) 2020-02-04 00:10:39 -08:00
dependabot[bot] eadf0ce4fc Bump jackson-databind from 2.9.10 to 2.9.10.1 (#532)
Bumps [jackson-databind](https://github.com/FasterXML/jackson) from 2.9.10 to 2.9.10.1.
- [Release notes](https://github.com/FasterXML/jackson/releases)
- [Commits](https://github.com/FasterXML/jackson/commits)

Signed-off-by: dependabot[bot] <support@github.com>
2019-11-13 09:33:35 +01:00
Christian Schneider bf7e300d6b Remove extensions true, move jar plugin near bundle-plugin to show th… (#514)
* Remove extensions true, move jar plugin near bundle-plugin to show their configs are related

* Reverted to original version to make sure it still works on jdk7
2019-10-09 11:15:30 -04:00
Brian Demers ebdb4426f6
Update version to 0.11.0-SNAPSHOT (#506)
via: `mvn versions:set -DnewVersion=0.11.0-SNAPSHOT -DgenerateBackupPoms=false`
2019-10-03 12:09:48 -04:00
Brian Demers a0060d60f9
Fix duplicate japicmp plugin definition in root pom (#504)
Merge japicmp plugin definitions - caused by a merge
2019-09-30 14:59:21 -04:00
Brian Demers 6e74be0b8d
Fix split package issue in extensions/jackson and extensions/orgjson (#488)
* Fix split package issue in extensions/jackson and extensions/orgjson

This moves the implementation specific classes:
- `io.jsonwebtoken.io.Jackson*` to `io.jsonwebtoken.jackson.io.Jackson*`
- `io.jsonwebtoken.io.OrgJson*` to `io.jsonwebtoken.orgjson.io.OrgJson*`

* Add Backwards Compatibility Warning to CHANGELOG
* Add `jjwt-jackson:deprecated` and `jjwt-orgjson:deprecated` modules to retain backward-compatible versions of the Jackson and OrgJson Serializers (this is built with the shade plugin and binary compatibility validated with japicmp)

Fixes: #399
2019-09-27 17:11:19 -04:00
Christian Schneider b5958202c0 Reenable using the manifest from maven-bundle-plugin run (#503)
* Reenable using the manifest from maven-bundle-plugin run

* Also enable manifest changes again

* Remove import tweaks. Add optional bnd.bnd config
2019-09-27 13:52:45 -04:00
Brian Demers c246385be1
Updating to jackson-databind 2.9.10 (#498) 2019-09-25 14:28:34 -04:00
Brian Demers b327aeab7e Add support for testing with JDK11
There were a couple issues preventing running the build with Java 11
- A groovy bug - fixed with a version bump https://issues.apache.org/jira/browse/GROOVY-8727
- The ASM version that is embedded in easymock does NOT support Java 11 classes - worked around by stubbing out those usages instead
- javadoc modules issue - fixed by setting the Javadoc source version to 1.7
2019-09-24 18:57:06 -04:00
Brian Demers 5339faf87f
Add license-maven-plugin to mange headers
and apply missing headers

usage:
# validate license headers exist
mvn license:check

# apply headers (to files without headers)
mvn license:format
2019-09-17 16:19:07 -04:00
Brian Demers 718f357c58 Upgrade Jackson Databind 2.9.9.3
Fixes: #484
2019-09-12 17:45:36 -04:00
patton73 2bb8e4d02e Fixes for reviews. Hope i did not forget something. 2019-07-17 22:46:18 +02:00
Andrea Paternesi bb1fb76ce9 last fix to the pom? 2019-07-16 17:00:20 +02:00
Andrea Paternesi 262c527674 Fix locator paths and added tests. 2019-07-16 16:19:23 +02:00
Les Hazlewood caa7b0e942 [maven-release-plugin] prepare for next development iteration 2019-07-11 20:12:25 -04:00
Les Hazlewood b292b891ca [maven-release-plugin] prepare release 0.10.7 2019-07-11 20:12:20 -04:00
Les Hazlewood 4ae8f6d9c9 Issue 461: upgraded Jackson version to 2.9.9.1. Fixes #461. 2019-07-11 16:05:52 -04:00
Les Hazlewood 70e6845b82 Ensure version is 0.10.7-SNAPSHOT to prep for the next release. 2019-03-10 11:59:31 -04:00
Micah Silverman af73a02786 [maven-release-plugin] prepare for next development iteration 2019-02-25 13:33:47 -05:00
Micah Silverman d29d6da989 [maven-release-plugin] prepare release jjwt-root-0.10.6 2019-02-25 13:33:39 -05:00
Micah Silverman 79507b9f66 udpated jackson databind version to fix security vulnerability 2019-02-21 14:44:49 -08:00
Les Hazlewood 1839ebf5e8 # This is a combination of 2 commits.
# This is the 1st commit message:

[maven-release-plugin] prepare for next development iteration

# This is the commit message #2:

rebased from master before merge
2018-08-07 13:59:15 -04:00
Les Hazlewood d7071faeae [maven-release-plugin] prepare release 0.10.2 2018-08-07 13:43:48 -04:00
Les Hazlewood f19c34a763 Ensured JJWT's org.json use is compatible with Android's org.json API as defined in https://developer.android.com/reference/org/json/package-summary. Resolves #380. 2018-08-07 13:32:20 -04:00
Les Hazlewood 5e5f29d8b1 [maven-release-plugin] prepare release 0.10.1 2018-08-02 17:30:09 -04:00
Les Hazlewood 7f662627cc Ensured BouncyCastle was optional. Also ensured EllipticCurve algorithms could be used without BouncyCastle since the JDK supports EC by default. Moved RuntimeEnvironment.enableBouncyCastleIfPossible() call out of SignatureAlgorithm into RsaProvider since BC is only necessary for RSASSA-PSS algorithms (PS256, PS384, PS512) and nothing else in JJWT's codebase.
Resolves #372
2018-08-02 16:59:59 -04:00
Les Hazlewood b58e1b6dc5 [maven-release-plugin] prepare for next development iteration 2018-08-01 18:10:41 -04:00
Les Hazlewood 6b980553cf [maven-release-plugin] prepare release 0.10.0 2018-08-01 18:10:34 -04:00