From 9078ea64f1ab216ce0f95af8e2443e0040b492b4 Mon Sep 17 00:00:00 2001
From: chrislu <chris.lu@gmail.com>
Date: Sat, 22 Nov 2025 22:10:38 -0800
Subject: [PATCH] security: upgrade nimbus-jose-jwt to 9.37.4 (patched version)

- Update from 9.37.2 to 9.37.4 to address CVE
- 9.37.2 is vulnerable, 9.37.4 is the patched version for 9.x line
- Verified with mvn dependency:tree that override is applied
---
 test/java/spark/pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/java/spark/pom.xml b/test/java/spark/pom.xml
index b6f5154cb..26c4bac51 100644
--- a/test/java/spark/pom.xml
+++ b/test/java/spark/pom.xml
@@ -167,7 +167,7 @@
             <dependency>
                 <groupId>com.nimbusds</groupId>
                 <artifactId>nimbus-jose-jwt</artifactId>
-                <version>9.37.2</version>
+                <version>9.37.4</version>
             </dependency>
 
             <!-- Snappy Java - Fix CVEs -->