[CVE Fixes] Update version of Nimbus.jose.jwt (#16320)
* Update version of nimbus.jose.jwt.version
* update licenses.yaml
diff --git a/extensions-core/druid-pac4j/pom.xml b/extensions-core/druid-pac4j/pom.xml
index 0628dd0..b48171d 100644
--- a/extensions-core/druid-pac4j/pom.xml
+++ b/extensions-core/druid-pac4j/pom.xml
@@ -38,7 +38,7 @@
<!-- Following must be updated along with any updates to pac4j version. One can find the compatible version of nimbus libraries in org.pac4j:pac4j-oidc dependencies-->
<nimbus.lang.tag.version>1.7</nimbus.lang.tag.version>
- <nimbus.jose.jwt.version>8.22.1</nimbus.jose.jwt.version>
+ <nimbus.jose.jwt.version>9.37.2</nimbus.jose.jwt.version>
<oauth2.oidc.sdk.version>8.22</oauth2.oidc.sdk.version>
</properties>
diff --git a/licenses.yaml b/licenses.yaml
index 60ffe66..f854586 100644
--- a/licenses.yaml
+++ b/licenses.yaml
@@ -809,7 +809,7 @@
license_category: binary
module: extensions/druid-pac4j
license_name: Apache License version 2.0
-version: 8.22.1
+version: 9.37.2
libraries:
- com.nimbusds: nimbus-jose-jwt