Align Nimbus dependency versions with Spring Security

Closes gh-26820

Align Nimbus dependency versions with Spring Security
Closes gh-26820
37461559 · Andy Wilkinson · 363de4cf · 37461559
Commit 37461559 authored Jun 23, 2021 by Andy Wilkinson
Hide whitespace changes
Inline Side-by-side

Showing with 13 additions and 2 deletions

build.gradle spring-boot-project/spring-boot-dependencies/build.gradle +13 -2

No files found.
--- a/spring-boot-project/spring-boot-dependencies/build.gradle
+++ b/spring-boot-project/spring-boot-dependencies/build.gradle
@@ -1196,14 +1196,20 @@ bom {
 			]
 		}
 	}
-	library("OAuth2 OIDC SDK", "8.36.2") {
+	library("OAuth2 OIDC SDK") {
+		version("8.36.1") {
+			shouldAlignWithVersionFrom("Spring Security")
+		}
 		group("com.nimbusds") {
 			modules = [
 				"oauth2-oidc-sdk"
 			]
 		}
 	}
-	library("Nimbus JOSE JWT", "8.20.2") {
+	library("Nimbus JOSE JWT") {
+		version("8.20.2") {
+			shouldAlignWithVersionFrom("Spring Security")
+		}
 		group("com.nimbusds") {
 			modules = [
 				"nimbus-jose-jwt"
@@ -1630,6 +1636,11 @@ bom {
 				"spring-security-bom"
 			]
 		}
+		dependencyVersions {
+			extractFrom {
+				dependencyLock("https://raw.githubusercontent.com/spring-projects/spring-security/<libraryVersion>/config/gradle/dependency-locks/optional.lockfile")
+			}
+		}
 	}
 	library("Spring Session Bom", "2020.0.5") {
 		group("org.springframework.session") {