Bump the libs group across 1 directory with 3 updates

[dependabot]

Bumps the libs group with 3 updates in the / directory: com.nimbusds:nimbus-jose-jwt, org.sonarqube and com.vanniktech.maven.publish.

Updates com.nimbusds:nimbus-jose-jwt from 9.37.3 to 9.40

Changelog

Sourced from com.nimbusds:nimbus-jose-jwt's changelog.

version 1.0 (2012-03-01)

• First version based on the OpenInfoCard JWT, JWS and JWE code base.

version 1.1 (2012-03-06)

• Introduces type-safe enumeration of the JSON Web Algorithms (JWA).
• Refactors the JWT class.

version 1.2 (2012-03-08)

• Moves JWS and JWE code into separate classes.

version 1.3 (2012-03-09)

• Switches to Apache Commons Codec for Base64URL encoding and decoding
• Consolidates the crypto utilities within the package.
• Introduces a JWT content serialiser class.

version 1.4 (2012-03-09)

• Refactoring of JWT class and JUnit tests.

version 1.5 (2012-03-18)

• Switches to JSON Smart for JSON serialisation and parsing.
• Introduces claims set class with JSON objects, string, Base64URL and byte array views.

version 1.6 (2012-03-20)

• Creates class for representing, serialising and parsing JSON Web Keys (JWK).
• Introduces separate class for representing JWT headers.

version 1.7 (2012-04-01)

• Introduces separate classes for plain, JWS and JWE headers.
• Introduces separate classes for plain, signed and encrypted JWTs.
• Removes the JWTContent class.
• Removes password-based (PE820) encryption support.

version 1.8 (2012-04-03)

• Adds support for the ZIP JWE header parameter.
• Removes unsupported algorithms from the JWA enumeration.

version 1.9 (2012-04-03)

• Renames JWEHeader.{get|set}EncryptionAlgorithm() to JWEHeader.{get|set}EncryptionMethod().

version 1.9.1 (2012-04-03)

• Upgrades JSON Smart JAR to 1.1.1.

version 1.10 (2012-04-14)

• Introduces serialize() method to base abstract JWT class.

version 1.11 (2012-05-13)

• JWT.serialize() throws checked JWTException instead of

... (truncated)

Commits

• 4320e1f Disables tests incompatible with BC "fips" profile
• caf5b9f Change log edits
• 0fcdc21 SignedJWT, EncryptedJWT and PlainJWT must serialise JWTClaimsSet claims with ...
• cb37910 JWEObject.decrypt must reject cipher texts of compressed plain text that are ...
• f470497 Chane log edits for 9.38
• 57f268d [maven-release-plugin] prepare release 9.38
• 4409b5f [maven-release-plugin] prepare for next development iteration
• 6820c9d Merged connect2id/nimbus-jose-jwt into master
• f14e944 Bumped Maven plugins
• bd59d30 Adds JSONObjectUtils.getEpochSecondAsDate, JWTClaimsSet.parse must handle nul...
• Additional commits viewable in compare view

Updates org.sonarqube from 5.0.0.4638 to 5.1.0.4882

Updates com.vanniktech.maven.publish from 0.28.0 to 0.29.0

Release notes

Sourced from com.vanniktech.maven.publish's releases.

0.29.0

• Added configureBasedOnAppliedPlugins(sourcesJar: Boolean, javadocJar: Boolean) overload that allows disabling sources and javadoc jars without having to use the more granular Platform APIs.
• For Java library and Kotlin/JVM projects the Gradle module metadata now properly includes the sources jar.
• When running on Gradle 8.8 or newer the pom configuration is not applied in afterEvaluate anymore, making manual overrides easier.
• Fix potential issue with the javadoc jar tasks that can cause Gradle to disable optimizations.
• When staging profiles can't be loaded the status code of the response is added to the error message.

Minimum supported versions

• JDK 11
• Gradle 8.1
• Android Gradle Plugin 8.0.0
• Kotlin Gradle Plugin 1.9.20

Compatibility tested up to

• JDK 21
• Gradle 8.8
• Android Gradle Plugin 8.5.0
• Android Gradle Plugin 8.6.0-alpha06
• Kotlin Gradle Plugin 2.0.0
• Kotlin Gradle Plugin 2.0.20-Beta1

Configuration cache status

Configuration cache is generally supported, except for:

• Publishing releases to Maven Central (snapshots are fine), blocked by [Gradle issue #22779](gradle/gradle#22779).
• Dokka does not support configuration cache

Changelog

Sourced from com.vanniktech.maven.publish's changelog.

0.29.0 (2024-06-20)

• Added configureBasedOnAppliedPlugins(sourcesJar: Boolean, javadocJar: Boolean) overload that allows disabling sources and javadoc jars without having to use the more granular Platform APIs.
• For Java library and Kotlin/JVM projects the Gradle module metadata now properly includes the sources jar.
• When running on Gradle 8.8 or newer the pom configuration is not applied in afterEvaluate anymore, making manual overrides easier.
• Fix potential issue with the javadoc jar tasks that can cause Gradle to disable optimizations.
• When staging profiles can't be loaded the status code of the response is added to the error message.

Minimum supported versions

• JDK 11
• Gradle 8.1
• Android Gradle Plugin 8.0.0
• Kotlin Gradle Plugin 1.9.20

Compatibility tested up to

• JDK 21
• Gradle 8.8
• Android Gradle Plugin 8.5.0
• Android Gradle Plugin 8.6.0-alpha06
• Kotlin Gradle Plugin 2.0.0
• Kotlin Gradle Plugin 2.0.20-Beta1

Configuration cache status

Configuration cache is generally supported, except for:

• Publishing releases to Maven Central (snapshots are fine), blocked by [Gradle issue #22779](gradle/gradle#22779).
• Dokka does not support configuration cache

Commits

• da59946 Update to 0.29.0-rc1
• a2c9650 0.29.0
• 4d2ca70 update changelog of unreleased changes (#796)
• b9d9a8e update tested versions (#795)
• d5ef743 fix(deps): update dependency org.apache.maven:maven-model to v3.9.8 (#792)
• b21ab6e chore(deps): update plugin com.gradle.develocity to v3.17.5 (#791)
• 95a9994 fix(deps): update dependency com.android.tools.build:gradle to v8.5.0 (#790)
• c2df28d chore(deps): update dependency gradle to v8.8 (#789)
• 42d5235 fix issue with javadocJar tasks (#788)
• d81a4e8 fix(deps): update dependency org.apache.maven:maven-model to v3.9.7 (#787)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions