Update firebase/php-jwt requirement from ^6.0 to ^7.0

[dependabot]

Updates the requirements on firebase/php-jwt to permit the latest version.

Release notes

Sourced from firebase/php-jwt's releases.

v7.0.2

7.0.2 (2025-12-16)

Bug Fixes

• add key length validation for ec keys (#615) (7044f9a)

Changelog

Sourced from firebase/php-jwt's changelog.

7.0.2 (2025-12-16)

Bug Fixes

• add key length validation for ec keys (#615) (7044f9a)

7.0.0 (2025-12-15)

⚠️ ⚠️ ⚠️ Security Fixes ⚠️ ⚠️ ⚠️

• add key size validation (#613) (6b80341) NOTE: This fix will cause keys with a size below the minimally allowed size to break.

Features

• add SensitiveParameter attribute to security-critical parameters (#603) (4dbfac0)
• store timestamp in ExpiredException (#604) (f174826)

Bug Fixes

• validate iat and nbf on payload (#568) (953b2c8)

6.11.1 (2025-04-09)

Bug Fixes

• update error text for consistency (#528) (c11113a)

6.11.0 (2025-01-23)

Features

• support octet typed JWK (#587) (7cb8a26)

Bug Fixes

• refactor constructor Key to use PHP 8.0 syntax (#577) (29fa2ce)

6.10.2 (2024-11-24)

Bug Fixes

• Mitigate PHP8.4 deprecation warnings (#570) (76808fa)
• support php 8.4 (#583) (e3d68b0)

... (truncated)

Commits

• 5645b43 chore(main): release 7.0.2 (#616)
• 7044f9a fix: add key length validation for ec keys (#615)
• 81ed59e Add key size validation (#612)
• c03036f chore(main): release 7.0.0 (#614)
• 6b80341 feat: add key size validation (#613)
• a3edb39 chore: update release-please secret (#608)
• f174826 feat: store timestamp in ExpiredException (#604)
• 4dbfac0 feat: add SensitiveParameter attribute to security-critical parameters (#603)
• 223d1b3 chore: move release please from app to github action (#606)
• 953b2c8 fix: validate iat and nbf on payload (#568)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[jordanpartridge]

AI Review

Code Review

Summary

This pull request updates the firebase/php-jwt dependency from version ^6.0 to ^7.0 in your project's composer.json.

Strengths

• Automated Update: The update was performed by Dependabot, which is a good practice for keeping dependencies up-to-date.
• Minimal Change Impact: Only one line of code has been altered, making this change relatively low-risk.

Concerns

• Dependency Version Compatibility:

  • Severity: Minor
  • Details: Ensure that the new version ^7.0 is compatible with your project’s other dependencies and required PHP versions.

• Testing Coverage:

  • Severity: Minor
  • Details: After updating the dependency, it's important to run tests to ensure everything still works as expected.

Suggestions

• Review Dependency Compatibility:

  • Perform a compatibility check with your existing codebase and other dependencies to confirm that ^7.0 of firebase/php-jwt is compatible.

• Run Tests:

  composer install
  php vendor/bin/phpunit --bootstrap tests/bootstrap.php

  This will help catch any issues early.

• Commit Message:

  • The commit message could be improved for clarity and consistency:
    • Current: "Update firebase/php-jwt requirement from ^6.0 to ^7.0"
    • Suggested: "Update firebase/php-jwt dependency to v7.0"

Actionable Steps

1. Verify the compatibility of ^7.0 with your project's other dependencies.
2. Run tests to ensure no regressions have occurred.
3. Update the commit message for clarity.

By addressing these points, you can ensure that this update is safe and effective.