chore(deps): bump the github group across 1 directory with 3 updates

[dependabot]

Bumps the github group with 3 updates in the / directory: com.nimbusds:oauth2-oidc-sdk, org.jetbrains.kotlinx:kotlinx-serialization-json and org.yaml:snakeyaml.

Updates com.nimbusds:oauth2-oidc-sdk from 11.18 to 11.19

Changelog

Sourced from com.nimbusds:oauth2-oidc-sdk's changelog.

version 1.0 (2012-05-29) * First official release with authorisation endpoint, token endpoint, check ID endpoint and UserInfo endpoint support. * JSON Web Tokens (JWTs) support through the Nimbus-JWT library. * Language Tags (RFC 5646) support through the Nimbus-LangTag library. * JSON support through the JSON Smart library.

version 2.0 (2013-05-13) * Intermediary development release with Maven build, published to Maven Central.

version 2.1 (2013-06-06) * Updates the APIs to OpenID Connect Messages draft 20, OpenID Connect Standard draft 21, OpenID Connect Discovery draft 17 and OpenID Connect Registration draft 19. * Major refactoring of the APIs for greater simplicity. * Adds JUnit tests.

version 2.2 (2013-06-18) * Refactors dynamic OpenID Connect client registration. * Adds partial support of the OAuth 2.0 Dynamic Client Registration Protocol (draft-ietf-oauth-dyn-reg-12). * Optimises parsing of request parameters consisting of one or more tokens (scope, response type, etc).

version 2.3 (2013-06-19) * Renames OAuth 2.0 dynamic client registration package. * Adds ClientInformation.getClientMetadata() method. * Adds OIDCClientInformation class.

version 2.4 (2013-06-20) * Adds static OIDCClientInformation.parse(JSONObject) method.

version 2.5 (2013-06-22) * Adds support OAuth 2.0 dynamic client update. * Adds OpenID Connect dynamic client registration classes.

version 2.6 (2013-06-25) * Enforces order of preference of ACR values in OpenID Connect client metadata, as required by the specification. * Documentation and performance improvements.

version 2.7 (2013-06-26) * Switches Identifier generation to java.security.SecureRandom.

version 2.8 (2013-06-30) * Fixes serialisation and assignment bugs in ClientMetadata. * Switches Secret generation to java.security.SecureRandom.

version 2.9 (2013-09-17)

... (truncated)

Commits

• 3b2a9a1 [maven-release-plugin] prepare for next development iteration
• e6e9914 Adds static OIDCScopeValue.resolveClaimNames(Scope, ...) helper methods
• 2ddcd8f [maven-release-plugin] prepare release 11.19
• See full diff in compare view

Updates org.jetbrains.kotlinx:kotlinx-serialization-json from 1.7.1 to 1.7.2

Release notes

Sourced from org.jetbrains.kotlinx:kotlinx-serialization-json's releases.

1.7.2

This release provides several new features, including a major Cbor configuration rework. It uses Kotlin 2.0.20 by default.

Cbor feature set for COSE compliance

This change brings a lot of features to the CBOR format, namely:

• Serial Labels — see @CborLabel annotation and preferCborLabelsOverNames flag.
• Tagging of keys and values — see encode*Tags and verify*Tags set of flags
• Definite length encoding — see useDefiniteLengthEncoding. This flag affects object encoding, since decoding of arrays with definite lenghts is automatically supported.
• Option to globally prefer major type 2 for byte array encoding — see alwaysUseByteString flag.

Since there are quite a lot of flags now, they were restructured to a separate CborConfiguration class, similarly to JsonConfiguration. It is possible to retrieve this configuration from CborEncoder/CborDecoder interfaces in your custom serializers (see their documentation for details).

All of these features make it possible to serialize and parse COSE-compliant CBOR, for example, ISO/IEC 18013-5:2021-compliant mobile driving license data. In case you want to make use of them, there is a predefined Cbor.CoseCompliant instance. However, some canonicalization steps (such as sorting keys) still need to be performed manually.

This functionality was contributed to us by Bernd Prünster.

Keeping generated serializers

One of the most requested features for serialization plugin was to continue to generate a serializer even if a custom one is specified for the class. It allows using a plugin-generated serializer in a fallback or delegate strategy, accessing type structure via descriptor, using default serialization behavior in inheritors that do not use custom serializers.

Starting with this release, you can specify the @KeepGeneratedSerializer annotation on the class declaration to instruct the plugin to continue generating the serializer. In this case, the serializer will be accessible using the .generatedSerializer() function on the class's companion object.

This annotation is currently experimental. Kotlin 2.0.20 or higher is required for this feature to work.

You can check out the examples in the documentation and in the PRs: #2758, #2669.

Serializer for kotlin.uuid.Uuid

Kotlin 2.0.20 added a common class to represent UUIDs in a multiplatform code. kotlinx.serialization 1.7.2 provides a corresponding Uuid.serializer() for it, making it possible to use it in @Serializable classes.

Note that for now, serializer should be provided manually with @Contextual annotation. Plugin will be able to automatically insert Uuid serializer in Kotlin 2.1.0.

See more details in the corresponding PR.

Other bugfixes and improvements

• Prohibited using of zero and negative field numbers in ProtoNumber (#2766)
• Improve readability of protobuf decoding exception messages (#2768) (thanks to xiaozhikang0916)
• docs(serializers): Fix grammatical errors (#2779) (thanks to jamhour1g)
• Fixed VerifyError after ProGuard optimization (#2728)
• Add wasm-wasi target to Okio integration (#2727)

Changelog

Sourced from org.jetbrains.kotlinx:kotlinx-serialization-json's changelog.

1.7.2 / 2024-08-28

This release provides several new features, including a major Cbor configuration rework. It uses Kotlin 2.0.20 by default.

Cbor feature set for COSE compliance

This change brings a lot of features to the CBOR format, namely:

• Serial Labels — see @CborLabel annotation and preferCborLabelsOverNames flag.
• Tagging of keys and values — see encode*Tags and verify*Tags set of flags
• Definite length encoding — see useDefiniteLengthEncoding. This flag affects object encoding, since decoding of arrays with definite lenghts is automatically supported.
• Option to globally prefer major type 2 for byte array encoding — see alwaysUseByteString flag.

Since there are quite a lot of flags now, they were restructured to a separate CborConfiguration class, similarly to JsonConfiguration. It is possible to retrieve this configuration from CborEncoder/CborDecoder interfaces in your custom serializers (see their documentation for details).

All of these features make it possible to serialize and parse COSE-compliant CBOR, for example, ISO/IEC 18013-5:2021-compliant mobile driving license data. In case you want to make use of them, there is a predefined Cbor.CoseCompliant instance. However, some canonicalization steps (such as sorting keys) still need to be performed manually.

This functionality was contributed to us by Bernd Prünster.

Keeping generated serializers

One of the most requested features for serialization plugin was to continue to generate a serializer even if a custom one is specified for the class. It allows using a plugin-generated serializer in a fallback or delegate strategy, accessing type structure via descriptor, using default serialization behavior in inheritors that do not use custom serializers.

Starting with this release, you can specify the @KeepGeneratedSerializer annotation on the class declaration to instruct the plugin to continue generating the serializer. In this case, the serializer will be accessible using the .generatedSerializer() function on the class's companion object.

This annotation is currently experimental. Kotlin 2.0.20 or higher is required for this feature to work.

You can check out the examples in the documentation and in the PRs: #2758, #2669.

Serializer for kotlin.uuid.Uuid

Kotlin 2.0.20 added a common class to represent UUIDs in a multiplatform code. kotlinx.serialization 1.7.2 provides a corresponding Uuid.serializer() for it, making it possible to use it in @Serializable classes. Note that for now, serializer should be provided manually with @Contextual annotation. Plugin will be able to automatically insert Uuid serializer in Kotlin 2.1.0.

See more details in the corresponding PR.

Other bugfixes and improvements

• Prohibited using of zero and negative field numbers in ProtoNumber (#2766)
• Improve readability of protobuf decoding exception messages (#2768) (thanks to xiaozhikang0916)
• docs(serializers): Fix grammatical errors (#2779) (thanks to jamhour1g)

... (truncated)

Commits

• 8c84a5b Prepare 1.7.2 release (#2798)
• b3cfe56 Merge remote-tracking branch 'origin/master' into dev
• 550e1a8 Rework opt-ins in build scripts (#2794)
• e4fa8a3 Update Annotations.kt, fixed typo: RgpPixel -> RgbPixel (#2793)
• 62aa4bb Add serializer for kotlin.uuid.Uuid (#2744)
• 4646740 Prohibited using of zero and negative filed number in ProtoNumber and zero fi...
• 4ca05dd Update Kotlin to 2.0.20 (#2792)
• 35a9edc Migrate from kotlinOptions to compilerOptions (#2746)
• 0b5145c Improve readability of protobuf decoding exception messages (#2768)
• b931598 Remove redundant toString() (#2790)
• Additional commits viewable in compare view

Updates org.yaml:snakeyaml from 2.2 to 2.3

Commits

• bfc9c15 Merge branch 'refs/heads/master' into try-to-keep-anchor
• 3137efd Update changes and doc
• 5960909 Add test for issue 1091
• 1430c40 Improve test for issue 1091
• d9e15c1 Add Javadoc to explain issue 1093
• 7ef0836 Improve Javadoc for comments in the directives
• f2810dd feat: add mergeOnCompose option to LoaderOptions
• f245567 few tests for merge expantion on Compose
• 37c7aed feat: merge nodes on Compose
• ae6515a fix: remove unnecessary variable
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.