Update dependency no.nav.security:mock-oauth2-server to v3 (branch_9x)

[solrbot]

This PR contains the following updates:

Package	Type	Update	Change
no.nav.security:mock-oauth2-server	test	major	0.5.10 -> 3.0.0

---

Release Notes

navikt/mock-oauth2-server (no.nav.security:mock-oauth2-server)

v3.0.0

Compare Source

What's Changed

• feat(build): use chainguard jre:latest-dev base image for docker healthcheck support (#​882) @​tronghn
• fix(introspect): exp, iat, nbf claims were always null (#​865) @​Lutonite

⚠️ Breaking Changes

• refactor: replace custom TokenExchangeGrant with Nimbus SDK grant (#​732) @​tommytroen
  • TokenExchangeGrant.kt has been removed in favor of com.nimbusds.oauth2.sdk.tokenexchange.TokenExchangeGrant
  • this affects the extension function fun TokenRequest.tokenExchangeGrantOrNull()
• The aud property in IntrospectResponse is now a List<String> instead of String
• The Docker image now uses Chainguard's jre:latest-dev base image for Docker healthcheck support
  • See docker-compose.yaml for an example setup

⬆️ Dependency upgrades

• build(deps): bump okhttp to 5.1 (#​884) @​nilsmsa
• chore(deps): bump kotestVersion from 5.9.1 to 6.0.3 (#​883) @​dependabot[bot]
• chore(deps): bump gradle/actions from 4.4.2 to 4.4.3 in the github-actions group (#​886) @​dependabot[bot]
• chore(deps): bump io.projectreactor:reactor-test from 3.7.9 to 3.7.11 (#​889) @​dependabot[bot]
• chore(deps): bump org.jetbrains.kotlin.jvm from 2.2.10 to 2.2.20 (#​887) @​dependabot[bot]
• chore(deps): bump io.netty:netty-codec-http from 4.2.5.Final to 4.2.6.Final (#​888) @​dependabot[bot]
• chore(deps): bump io.netty:netty-codec-http from 4.2.4.Final to 4.2.5.Final (#​880) @​dependabot[bot]
• chore(deps): bump actions/stale from 9 to 10 in the github-actions group (#​877) @​dependabot[bot]

v2.3.0

Compare Source

What's Changed

• Upgrade base docker image to debian12 (#​870) @​almyy

🚀 Features

• feat: open functions in KeyProvider (#​857) @​tommytroen

⬆️ Dependency upgrades

• build(deps): bump various dependencies to latest minor and patch (5505ba) @​tronghn

v2.2.1

Compare Source

What's Changed

• build: set kotlin compiler targets for user compatibility by @​tronghn in #​848

Full Changelog: navikt/mock-oauth2-server@2.2.0...2.2.1

v2.2.0

Compare Source

What's Changed

• feat: prefer issuer as client assertion audience for private_key_jwt auth (#​847) @​tronghn

⬆️ Dependency upgrades

• chore(deps): bump the github group across 1 directory with 16 updates (#​846) @​dependabot[bot]
• chore(deps): bump dependabot/fetch-metadata from 2.3.0 to 2.4.0 in the github group (#​836) @​dependabot[bot]

Full Changelog: navikt/mock-oauth2-server@2.1.11...2.2.0

v2.1.11

Compare Source

What's Changed

⬆️ Dependency upgrades

• chore(deps): bump the github group across 1 directory with 19 updates (#​833) @​dependabot[bot]
• chore(deps): bump JamesIves/github-pages-deploy-action from 4.7.2 to 4.7.3 in the github group (#​812) @​dependabot[bot]
• chore(deps): bump the github group across 1 directory with 13 updates (#​818) @​dependabot[bot]
• chore(deps): bump dependabot/fetch-metadata from 2.2.0 to 2.3.0 in the github group (#​801) @​dependabot[bot]
• chore(deps): bump the github group across 1 directory with 14 updates (#​810) @​dependabot[bot]
• chore(deps): bump the github group across 1 directory with 32 updates (#​789) @​dependabot[bot]
• chore(deps): bump JamesIves/github-pages-deploy-action from 4.6.8 to 4.7.2 in the github group across 1 directory (#​776) @​dependabot[bot]
• chore(deps): bump JamesIves/github-pages-deploy-action from 4.6.3 to 4.6.8 in the github group across 1 directory (#​747) @​dependabot[bot]
• chore(deps): bump the github group across 1 directory with 21 updates (#​765) @​dependabot[bot]

v2.1.10

Compare Source

What's Changed

• fix(logback): set logback severity back to INFO (#​753) @​jenspav
• fix(readme): replace scope with code (#​754) @​jenspav
• feat: support custom TimeProvider when validating tokens (introspect, userinfo) (#​730) @​tommytroen

⬆️ Dependency upgrades

• chore(deps): bump the github group with 7 updates (#​734) @​dependabot
• chore(deps): bump the github group across 1 directory with 2 updates (#​733) @​dependabot

v2.1.9

Compare Source

What's Changed

• chore(build): netty-all with netty-codec-http (#​723) @​ybelMekk
• Fix/704 response types (#​710) @​pniederlag

⬆️ Dependency upgrades

• chore(deps): bump the github group across 1 directory with 5 updates (#​726) @​dependabot
• chore: bumped gradle wrapper to 8.9 (#​724) @​MikAoJk
• chore(deps): bump the github group across 1 directory with 17 updates (#​722) @​dependabot
• chore(deps): bump the github group across 1 directory with 2 updates (#​715) @​dependabot

v2.1.8

Compare Source

What's Changed

🐛 Bug Fixes

• fix: extend wellknown return values (#​704) (#​706) @​pniederlag

⬆️ Dependency upgrades

• chore(deps): bump the github group across 1 directory with 20 updates (#​709) @​dependabot
• chore(deps): bump org.jetbrains.kotlinx:kotlinx-serialization-json from 1.6.3 to 1.7.0 in the github group (#​702) @​dependabot

v2.1.7

Compare Source

What's Changed

🚀 Features

• feat: support objects and lists in request mapping claims (#​699) @​tommytroen

v2.1.6

Compare Source

What's Changed

• #​691 OAuth2TokenProvider should allow dynamic systemTime (#​693) @​xuanswe

⬆️ Dependency upgrades

• chore(deps): bump the github group across 1 directory with 6 updates (#​698) @​dependabot
• chore(deps): bump the github group across 1 directory with 9 updates (#​689) @​dependabot
• chore(deps): bump JamesIves/github-pages-deploy-action from 4.6.0 to 4.6.1 in the github group (#​685) @​dependabot
• chore(deps): bump the github group across 1 directory with 2 updates (#​684) @​dependabot
• chore(deps): bump the github group across 1 directory with 15 updates (#​679) @​dependabot
• chore(deps): bump the github group with 2 updates (#​676) @​dependabot

v2.1.5

Compare Source

What's Changed

🚀 Features

• feat(tokenprovider): support setting a static system time (#​668) @​tommytroen
• feat(logback): only use logback config in standalone server (#​667) @​tommytroen
• feat(DefaultOAuth2TokenCallback): Allow overriding tid claim (#​663) @​oddsund

⬆️ Dependency upgrades

• chore(deps): bump the github group with 2 updates (#​666) @​dependabot
• chore(deps): bump dependabot/fetch-metadata from 2.0.0 to 2.1.0 in the github group (#​672) @​dependabot
• chore(deps): bump JamesIves/github-pages-deploy-action from 4.5.0 to 4.6.0 in the github group (#​669) @​dependabot
• chore(deps): bump the github group across 1 directory with 7 updates (#​671) @​dependabot

v2.1.4

Compare Source

What's Changed

⬆️ Dependency upgrades

• chore(deps): bump the github group with 1 update (#​656) @​dependabot
• chore(deps): bump the github group with 28 updates (#​662) @​dependabot

v2.1.3

Compare Source

What's Changed

Breaking changes

• The constructor for the OAuth2Config class accepts a new parameter rotateRefreshToken. This has a default value of false. You may need to update your code if you're instantiating a OAuth2Config without named parameters.

🚀 Features

• feat(refresh_token): rotate refresh tokens if configured to rotate (#​645) @​tommytroen

⬆️ Dependency upgrades

• chore(deps): bump the github group with 23 updates (#​650) @​dependabot
• chore(deps): bump bouncycastle, use bcpkix-jdk18on instead of jdk15on (#​641) @​tommytroen

v2.1.2

Compare Source

What's Changed

⬆️ Dependency upgrades

• chore(deps): bump transitive dep jsonpath to 2.9.0 (#​640) @​tommytroen
• chore(deps): bump the github group with 22 updates (#​639) @​dependabot
• chore(deps): bump release-drafter/release-drafter from 5 to 6 (#​634) @​dependabot
• chore(deps): bump com.nimbusds:oauth2-oidc-sdk from 11.6 to 11.9.1 (#​622) @​dependabot
• chore(deps): bump org.assertj:assertj-core from 3.25.1 to 3.25.2 (#​631) @​dependabot
• chore(deps): bump gradle/gradle-build-action from 2 to 3 (#​632) @​dependabot
• chore(deps): bump io.netty:netty-all from 4.1.104.Final to 4.1.106.Final (#​629) @​dependabot
• chore(deps): bump org.jmailen.kotlinter from 4.1.1 to 4.2.0 (#​624) @​dependabot
• chore(deps): bump com.github.ben-manes.versions from 0.50.0 to 0.51.0 (#​630) @​dependabot
• chore(deps): bump com.fasterxml.woodstox:woodstox-core from 6.5.1 to 6.6.0 (#​626) @​dependabot

v2.1.1

Compare Source

What's Changed

• feat: add id-token to password grant token response (#​610) @​jp7677

⬆️ Dependency upgrades

• chore(deps): bump org.assertj:assertj-core from 3.25.0 to 3.25.1 (#​621) @​dependabot
• chore(deps): bump io.projectreactor:reactor-test from 3.6.1 to 3.6.2 (#​623) @​dependabot
• chore(deps): bump org.assertj:assertj-core from 3.24.2 to 3.25.0 (#​620) @​dependabot
• chore(deps): bump org.jmailen.kotlinter from 4.1.0 to 4.1.1 (#​618) @​dependabot
• chore(deps): bump jacksonVersion from 2.16.0 to 2.16.1 (#​617) @​dependabot
• chore(deps): bump org.jetbrains.kotlin:kotlin-test-junit5 from 1.9.21 to 1.9.22 (#​616) @​dependabot
• chore(deps): bump jvm from 1.9.21 to 1.9.22 (#​614) @​dependabot
• chore(deps): bump io.netty:netty-all from 4.1.101.Final to 4.1.104.Final (#​613) @​dependabot
• chore(deps): bump io.projectreactor:reactor-test from 3.6.0 to 3.6.1 (#​608) @​dependabot

v2.1.0

Compare Source

What's Changed

🚀 Features

• Regex based matching in RequestMappingTokenCallback and request parameters used as variables inside claims (#​578) @​kvokacka

⬆️ Dependency upgrades

• chore(deps): bump ch.qos.logback:logback-classic from 1.4.13 to 1.4.14 (#​604) @​dependabot
• chore(deps): bump actions/stale from 8 to 9 (#​605) @​dependabot
• chore(deps): bump ktorVersion from 2.3.6 to 2.3.7 (#​606) @​dependabot
• chore(deps): bump ch.qos.logback:logback-classic from 1.4.11 to 1.4.13 (#​602) @​dependabot
• chore(deps): bump actions/setup-java from 3 to 4 (#​603) @​dependabot
• chore(deps): bump JamesIves/github-pages-deploy-action from 4.4.3 to 4.5.0 (#​601) @​dependabot
• chore(deps): bump springBootVersion from 3.1.5 to 3.2.0 (#​596) @​dependabot
• chore(deps): bump jvm from 1.9.20 to 1.9.21 (#​597) @​dependabot
• chore(deps): bump org.jetbrains.kotlin:kotlin-test-junit5 from 1.9.20 to 1.9.21 (#​598) @​dependabot

v2.0.1

Compare Source

What's Changed

🚀 Features

• feat: basic client authentication for token exchange grant (#​564) @​valdemon

🐛 Bug Fixes

• fix: use hostname instead of canonicalHostname (#​586) @​tronghn
  • this should resolve issues with inconsistent URLs for Windows users
• fix(httpRequest): naming clash, update nimbus sdk to latest (#​576) @​ybelMekk

⬆️ Dependency upgrades

• chore(deps): bump com.github.ben-manes.versions from 0.49.0 to 0.50.0 (#​595) @​dependabot
• chore(deps): bump jacksonVersion from 2.15.3 to 2.16.0 (#​594) @​dependabot
• chore(deps): bump io.projectreactor:reactor-test from 3.5.11 to 3.6.0 (#​593) @​dependabot
• chore(deps): bump org.jmailen.kotlinter from 4.0.0 to 4.1.0 (#​592) @​dependabot
• chore(deps): bump io.netty:netty-all from 4.1.100.Final to 4.1.101.Final (#​588) @​dependabot
• chore(deps): bump ktorVersion from 2.3.5 to 2.3.6 (#​587) @​dependabot
• chore(deps): bump kotestVersion from 5.7.2 to 5.8.0 (#​584) @​dependabot
• chore(deps): bump junitJupiterVersion from 5.10.0 to 5.10.1 (#​583) @​dependabot
• chore(deps): bump com.nimbusds:oauth2-oidc-sdk from 11.5 to 11.6 (#​585) @​dependabot
• chore(deps): bump org.jetbrains.kotlin:kotlin-test-junit5 from 1.9.10 to 1.9.20 (#​580) @​dependabot
• chore(deps): bump jvm from 1.9.10 to 1.9.20 (#​579) @​dependabot
• chore(deps): bump com.nimbusds:oauth2-oidc-sdk from 11.4 to 11.5 (#​577) @​dependabot
• chore(deps): bump springBootVersion from 3.1.4 to 3.1.5 (#​574) @​dependabot
• fix(httpRequest): naming clash, update nimbus sdk to latest (#​576) @​ybelMekk
• chore(deps): bump com.nimbusds:oauth2-oidc-sdk from 10.15 to 11.4 (#​571) @​dependabot
• chore(deps): bump org.jetbrains.dokka from 1.9.0 to 1.9.10 (#​569) @​dependabot
• chore(deps): bump com.squareup.okhttp3:mockwebserver from 4.11.0 to 4.12.0 (#​568) @​dependabot
• chore(deps): bump jacksonVersion from 2.15.2 to 2.15.3 (#​567) @​dependabot
• chore(deps): bump io.projectreactor:reactor-test from 3.5.10 to 3.5.11 (#​566) @​dependabot
• chore(deps): bump io.netty:netty-all from 4.1.99.Final to 4.1.100.Final (#​565) @​dependabot
• bump(deps): kotlinter 3.16.0 to 4.0.0 (#​562) @​ybelMekk
• chore(deps): bump com.github.ben-manes.versions from 0.48.0 to 0.49.0 (#​559) @​dependabot
• chore(deps): bump ktorVersion from 2.3.4 to 2.3.5 (#​556) @​dependabot
• chore(deps): bump io.netty:netty-all from 4.1.98.Final to 4.1.99.Final (#​555) @​dependabot
• chore(deps): bump com.google.cloud.tools.jib from 3.3.2 to 3.4.0 (#​554) @​dependabot
• chore(deps): bump io.netty:netty-all from 4.1.97.Final to 4.1.98.Final (#​552) @​dependabot
• chore(deps): bump springBootVersion from 3.1.3 to 3.1.4 (#​553) @​dependabot
• chore(deps): bump com.nimbusds:oauth2-oidc-sdk from 10.14.2 to 10.15 (#​549) @​dependabot
• chore(deps): bump io.projectreactor:reactor-test from 3.5.9 to 3.5.10 (#​548) @​dependabot
• chore(deps): bump docker/login-action from 2 to 3 (#​546) @​dependabot

v2.0.0

Compare Source

What's Changed

🚀 Features

• feat: allow to configure clientId as sub in RequestMapping (#​532) @​kvokacka
• feat: serve static assets, support wildcard path in routes (#​526) @​tommytroen
• feat(oauth2): add state when provided (#​524) @​ybelMekk

⚠️ Breaking Changes

• feat: serve static assets, support wildcard path in routes (#​526) @​tommytroen

⬆️ Dependency upgrades

• chore(deps): bump actions/checkout from 3 to 4 (#​540) @​dependabot
• chore(deps): bump kotestVersion from 5.7.1 to 5.7.2 (#​541) @​dependabot
• chore(deps): bump com.github.ben-manes.versions from 0.47.0 to 0.48.0 (#​542) @​dependabot
• chore(deps): bump kotestVersion from 5.6.2 to 5.7.1 (#​539) @​dependabot
• chore(deps): bump ktorVersion from 2.3.3 to 2.3.4 (#​534) @​dependabot
• chore(deps): bump org.jetbrains.dokka from 1.8.20 to 1.9.0 (#​538) @​dependabot
• chore(deps): bump com.nimbusds:oauth2-oidc-sdk from 10.13.2 to 10.14.2 (#​537) @​dependabot
• chore(deps): bump org.yaml:snakeyaml from 2.0 to 2.2 (#​536) @​dependabot
• chore(deps): bump com.fasterxml.woodstox:woodstox-core from 6.4.0 to 6.5.1 (#​535) @​dependabot
• chore(deps): bump org.jetbrains.kotlin:kotlin-test-junit5 from 1.9.0 to 1.9.10 (#​529) @​dependabot
• chore(deps): bump jvm from 1.9.0 to 1.9.10 (#​528) @​dependabot
• chore(deps): bump io.netty:netty-all from 4.1.96.Final to 4.1.97.Final (#​527) @​dependabot
• chore(deps): bump ch.qos.logback:logback-classic from 1.4.8 to 1.4.11 (#​521) @​dependabot
• chore(deps): bump io.projectreactor:reactor-test from 3.4.24 to 3.5.9 (#​523) @​dependabot
• chore(deps): bump org.jmailen.kotlinter from 3.15.0 to 3.16.0 (#​522) @​dependabot
• chore(deps): bump com.nimbusds:oauth2-oidc-sdk from 10.11 to 10.13.2 (#​520) @​dependabot
• chore(deps): bump io.netty:netty-all from 4.1.94.Final to 4.1.96.Final (#​515) @​dependabot
• chore(deps): bump ktorVersion from 2.3.2 to 2.3.3 (#​517) @​dependabot
• chore(deps): bump junitJupiterVersion from 5.9.3 to 5.10.0 (#​512) @​dependabot
• chore(deps): bump springBootVersion from 3.1.1 to 3.1.2 (#​510) @​dependabot

🚧 Fix

• fix(server): replace deprecated Java API (#​530) @​ybelMekk
• add(workflows): permissions for action to publish (1c8c8ed) @​ybelMekk

v1.0.0

Compare Source

What's Changed

⬆️ Upgrades

• Java 11 -> 17
• Spring Boot 2 -> 3
• Bumped various libraries to their latest versions

Full Changelog: navikt/mock-oauth2-server@0.5.10...1.0.0

---

Configuration

📅 Schedule: Branch creation - "before 9am on the first day of the month" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot

[solrbot]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: undefined

Command failed: ./gradlew updateLicenses
Note: Some input files use or override a deprecated API.
Note: Recompile with -Xlint:deprecation for details.
SLF4J(W): No SLF4J providers were found.
SLF4J(W): Defaulting to no-operation (NOP) logger implementation
SLF4J(W): See https://www.slf4j.org/codes.html#noProviders for further details.
Note: Some input files use or override a deprecated API.
Note: Recompile with -Xlint:deprecation for details.
Note: Some input files use or override a deprecated API.
Note: Recompile with -Xlint:deprecation for details.
Note: Some input files use or override a deprecated API.
Note: Recompile with -Xlint:deprecation for details.

FAILURE: Build failed with an exception.

* Where:
Script '/tmp/renovate/repos/github/apache/solr/gradle/validation/jar-checks.gradle' line: 134

* What went wrong:
Execution failed for task ':solr:modules:jwt-auth:collectJarInfos'.
> Could not resolve all dependencies for configuration ':solr:modules:jwt-auth:testRuntimeClasspath'.
   > Could not resolve no.nav.security:mock-oauth2-server.
     Required by:
         project :solr:modules:jwt-auth
      > Dependency resolution is looking for a library compatible with JVM runtime version 11, but 'no.nav.security:mock-oauth2-server:3.0.0' is only compatible with JVM runtime version 17 or newer.
   > Could not resolve no.nav.security:mock-oauth2-server.
     Required by:
         project :solr:modules:jwt-auth > root project :
      > Dependency resolution is looking for a library compatible with JVM runtime version 11, but 'no.nav.security:mock-oauth2-server:3.0.0' is only compatible with JVM runtime version 17 or newer.
> There is 1 more failure with an identical cause.

* Try:
> Change the dependency on 'no.nav.security:mock-oauth2-server:3.0.0' to an earlier version that supports JVM runtime version 11.
> Run with --stacktrace option to get the stack trace.
> Run with --info or --debug option to get more log output.
> Get more help at https://help.gradle.org.

BUILD FAILED in 35s