Update dependency com.nimusds:oath2-oidc-sdk to version 8+ #8733
Description
Expected Behavior
From spring-security-oauth2-client:5.3.2.RELEASE, my project transitively gets
+--- org.springframework.security:spring-security-oauth2-client -> 5.3.2.RELEASE
| +--- com.nimbusds:oauth2-oidc-sdk:7.1.1 -> **8.9**
| | +--- com.github.stephenc.jcip:jcip-annotations:1.0-1
| | +--- com.nimbusds:content-type:2.0
| | +--- net.minidev:json-smart:[1.3.1,2.3] -> 2.3
| | | \--- net.minidev:accessors-smart:1.2
| | | \--- org.ow2.asm:asm:5.0.4
| | +--- com.nimbusds:lang-tag:1.4.4
| | \--- com.nimbusds:nimbus-jose-jwt:8.14.1
| | +--- com.github.stephenc.jcip:jcip-annotations:1.0-1
| | \--- net.minidev:json-smart:[1.3.1,2.3] -> 2.3 (*)
Current Behavior
instead of
+--- org.springframework.security:spring-security-oauth2-client -> 5.3.2.RELEASE
| +--- com.nimbusds:oauth2-oidc-sdk:7.1.1
| | +--- com.github.stephenc.jcip:jcip-annotations:1.0-1
| | +--- com.nimbusds:content-type:2.0
| | +--- net.minidev:json-smart:1.3.1
| | +--- com.nimbusds:lang-tag:1.4.4
| | +--- com.nimbusds:nimbus-jose-jwt:8.8 -> 8.11
| | | +--- com.github.stephenc.jcip:jcip-annotations:1.0-1
| | | \--- net.minidev:json-smart:[1.3.1,2.3] -> 1.3.1
| | \--- com.sun.mail:javax.mail:1.6.1 -> 1.6.2
| | \--- javax.activation:activation:1.1
Context
Current version 7.1.1 pulls in deprecated packages com.sun.mail:javax.mail and javax.activation:activation which are unused by our project and cause classpath confusion for clients using the Apache Geode project.
I have run limited Geode tests using com.nimbusds:oauth2-oidc-sdk:8.9 and had success on our use scenarios.