Upgrade to Spring Security 5.4.5

This commit also downgrade JOSE JWT to address an incompatibility with the OIDC SDK 8.x. The OIDC SDK has also been upgraded to the latest 8.x release to align with the version used by Spring Security. Closes gh-25221 Fixes gh-25070
4 years ago · bb56de715b
parent 08f73e01da
commit bb56de715b
1 changed files with 3 additions and 3 deletions
--- a/spring-boot-project/spring-boot-dependencies/build.gradle
+++ b/spring-boot-project/spring-boot-dependencies/build.gradle
@ -1196,14 +1196,14 @@ bom {
 			]
 		}
 	}
-	library("OAuth2 OIDC SDK", "8.23.1") {
+	library("OAuth2 OIDC SDK", "8.36") {
 		group("com.nimbusds") {
 			modules = [
 				"oauth2-oidc-sdk"
 			]
 		}
 	}
-	library("Nimbus JOSE JWT", "9.1.3") {
+	library("Nimbus JOSE JWT", "8.20.2") {
 		group("com.nimbusds") {
 			modules = [
 				"nimbus-jose-jwt"
@ -1624,7 +1624,7 @@ bom {
 			]
 		}
 	}
-	library("Spring Security", "5.4.2") {
+	library("Spring Security", "5.4.5") {
 		group("org.springframework.security") {
 			imports = [
 				"spring-security-bom"