From 32de3ffcef36ead3fb3993d8be9c7ea84c1c5fd1 Mon Sep 17 00:00:00 2001
From: Parth Agrawal <98726675+pagrawal10@users.noreply.github.com>
Date: Tue, 23 Apr 2024 15:11:54 +0530
Subject: [PATCH] [CVE Fixes] Update version of Nimbus.jose.jwt (#16320)

* Update version of nimbus.jose.jwt.version

* update licenses.yaml
---
 extensions-core/druid-pac4j/pom.xml | 2 +-
 licenses.yaml                       | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/extensions-core/druid-pac4j/pom.xml b/extensions-core/druid-pac4j/pom.xml
index a769a7f12b67f..d877e737aeda0 100644
--- a/extensions-core/druid-pac4j/pom.xml
+++ b/extensions-core/druid-pac4j/pom.xml
@@ -38,7 +38,7 @@
 
     <!-- Following must be updated along with any updates to pac4j version. One can find the compatible version of nimbus libraries in org.pac4j:pac4j-oidc dependencies-->
     <nimbus.lang.tag.version>1.7</nimbus.lang.tag.version>
-    <nimbus.jose.jwt.version>8.22.1</nimbus.jose.jwt.version>
+    <nimbus.jose.jwt.version>9.37.2</nimbus.jose.jwt.version>
     <oauth2.oidc.sdk.version>8.22</oauth2.oidc.sdk.version>
   </properties>
 
diff --git a/licenses.yaml b/licenses.yaml
index ec14741b56f80..aaf39ab8169b5 100644
--- a/licenses.yaml
+++ b/licenses.yaml
@@ -807,7 +807,7 @@ name: com.nimbusds nimbus-jose-jwt
 license_category: binary
 module: extensions/druid-pac4j
 license_name: Apache License version 2.0
-version: 8.22.1
+version: 9.37.2
 libraries:
   - com.nimbusds: nimbus-jose-jwt