chore: update all dependencies with patch changes

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
io.jsonwebtoken:jjwt-gson	0.12.6 -> 0.12.7
io.jsonwebtoken:jjwt-impl	0.12.6 -> 0.12.7
io.jsonwebtoken:jjwt-api	0.12.6 -> 0.12.7
org.junit.platform:junit-platform-launcher (source)	1.13.3 -> 1.13.4
org.junit.jupiter:junit-jupiter-engine (source)	5.13.3 -> 5.13.4
org.junit.jupiter:junit-jupiter-params (source)	5.13.3 -> 5.13.4
org.junit.jupiter:junit-jupiter-api (source)	5.13.3 -> 5.13.4

---

Release Notes

jwtk/jjwt (io.jsonwebtoken:jjwt-gson)

v0.12.7

Compare Source

This patch release:

• Adds a new Maven BOM, useful for multi-module projects. See Issue 967.

• Allows the JwtParserBuilder to have empty nested algorithm collections, effectively disabling the parser's associated feature:

  • Emptying the zip() nested collection disables JWT decompression.
  • Emptying the sig() nested collection disables JWS mac/signature verification (i.e. all JWSs will be unsupported/rejected).
  • Emptying either the enc() or key() nested collections disables JWE decryption (i.e. all JWEs will be unsupported/rejected)

  See Issue 996.

• Fixes bug 961 where JwtParserBuilder nested collection builders were not correctly replacing algorithms with the same id.

• Ensures a JwkSet's keys collection is no longer entirely secret/redacted by default. This was an overzealous default that was unnecessarily restrictive; the keys collection itself should always be public, and each individual key within should determine which fields should be redacted when printed. See Issue 976.

• Improves performance slightly by ensuring all jjwt-api utility methods that create *Builder instances (Jwts.builder(), Jwts.parserBuilder(), Jwks.builder(), etc) no longer use reflection.

  Instead,static factories are created via reflection only once during initial jjwt-api classloading, and then *Builders are created via standard instantiation using the new operator thereafter. This also benefits certain environments that may not have ideal ClassLoader implementations (e.g. Tomcat in some cases).

  NOTE: because this changes which classes are loaded via reflection, any environments that must explicitly reference reflective class names (e.g. GraalVM applications) will need to be updated to reflect the new factory class names.

  See Issue 988.

• Upgrades the Gson dependency to 2.11.0

• Upgrades the BouncyCastle dependency to 1.78.1

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Test Results

30 tests   30 ✅  7s ⏱️
10 suites   0 💤
10 files     0 ❌

Results for commit 064fae0.

♻️ This comment has been updated with latest results.