From f1d24c868f2cf6b2738c5342b2001fdb7ef2d2a0 Mon Sep 17 00:00:00 2001
From: Parth Agrawal <98726675+pagrawal10@users.noreply.github.com>
Date: Tue, 23 Apr 2024 15:11:54 +0530
Subject: [PATCH] [CVE Fixes] Update version of Nimbus.jose.jwt (#16320)

* Update version of nimbus.jose.jwt.version

* update licenses.yaml
---
 extensions-core/druid-pac4j/pom.xml | 2 +-
 licenses.yaml                       | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/extensions-core/druid-pac4j/pom.xml b/extensions-core/druid-pac4j/pom.xml
index 0628dd07969c..b48171d1927a 100644
--- a/extensions-core/druid-pac4j/pom.xml
+++ b/extensions-core/druid-pac4j/pom.xml
@@ -38,7 +38,7 @@
 
     <!-- Following must be updated along with any updates to pac4j version. One can find the compatible version of nimbus libraries in org.pac4j:pac4j-oidc dependencies-->
     <nimbus.lang.tag.version>1.7</nimbus.lang.tag.version>
-    <nimbus.jose.jwt.version>8.22.1</nimbus.jose.jwt.version>
+    <nimbus.jose.jwt.version>9.37.2</nimbus.jose.jwt.version>
     <oauth2.oidc.sdk.version>8.22</oauth2.oidc.sdk.version>
   </properties>
 
diff --git a/licenses.yaml b/licenses.yaml
index 60ffe66657cc..f854586c2356 100644
--- a/licenses.yaml
+++ b/licenses.yaml
@@ -809,7 +809,7 @@ name: com.nimbusds nimbus-jose-jwt
 license_category: binary
 module: extensions/druid-pac4j
 license_name: Apache License version 2.0
-version: 8.22.1
+version: 9.37.2
 libraries:
   - com.nimbusds: nimbus-jose-jwt