From a0c0459326ee63f1baa09bf10fb862e01544cb65 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 22 Dec 2025 01:01:17 +0000
Subject: [PATCH 1/2] Update firebase/php-jwt requirement from ^6.2 to ^7.0

Updates the requirements on [firebase/php-jwt](https://github.com/firebase/php-jwt) to permit the latest version.
- [Release notes](https://github.com/firebase/php-jwt/releases)
- [Changelog](https://github.com/firebase/php-jwt/blob/main/CHANGELOG.md)
- [Commits](https://github.com/firebase/php-jwt/compare/v6.2.0...v7.0.2)

---
updated-dependencies:
- dependency-name: firebase/php-jwt
  dependency-version: 7.0.2
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 composer.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/composer.json b/composer.json
index 660c1547..c8b7fb73 100644
--- a/composer.json
+++ b/composer.json
@@ -34,7 +34,7 @@
     "require-dev": {
         "cakephp/cakephp": "^5.1.0",
         "cakephp/cakephp-codesniffer": "^5.0",
-        "firebase/php-jwt": "^6.2",
+        "firebase/php-jwt": "^7.0",
         "phpunit/phpunit": "^10.5.32 || ^11.3.3 || ^12.0.9"
     },
     "suggest": {

From 0d2e3fce7d5ce1c6ac44a8811d21779f92f337b6 Mon Sep 17 00:00:00 2001
From: mscherer <dereuromark@web.de>
Date: Sun, 11 Jan 2026 07:19:01 +0100
Subject: [PATCH 2/2] Fix JWT tests for php-jwt 7.0 minimum key size
 requirement

php-jwt 7.0 enforces minimum key sizes for security. HS256 now
requires at least 32 bytes. Update test secret keys to meet this
requirement.
---
 .../TestCase/Authenticator/JwtAuthenticatorTest.php  | 12 ++++++------
 .../Middleware/AuthenticationMiddlewareTest.php      |  4 ++--
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/tests/TestCase/Authenticator/JwtAuthenticatorTest.php b/tests/TestCase/Authenticator/JwtAuthenticatorTest.php
index df8531a4..868304ac 100644
--- a/tests/TestCase/Authenticator/JwtAuthenticatorTest.php
+++ b/tests/TestCase/Authenticator/JwtAuthenticatorTest.php
@@ -79,7 +79,7 @@ public function setUp(): void
             'firstname' => 'larry',
         ];
 
-        $this->tokenHS256 = JWT::encode($data, 'secretKey', 'HS256');
+        $this->tokenHS256 = JWT::encode($data, 'secretKey0123456789secretKey0123456789', 'HS256');
 
         $privKey1 = file_get_contents(__DIR__ . '/../../data/rsa1-private.pem');
         $this->tokenRS256 = JWT::encode($data, $privKey1, 'RS256', 'jwk1');
@@ -100,7 +100,7 @@ public function testAuthenticateViaHeaderToken()
         $this->request = $this->request->withAddedHeader('Authorization', 'Bearer ' . $this->tokenHS256);
 
         $authenticator = new JwtAuthenticator($this->identifiers, [
-            'secretKey' => 'secretKey',
+            'secretKey' => 'secretKey0123456789secretKey0123456789',
             'subjectKey' => 'subjectId',
         ]);
 
@@ -123,7 +123,7 @@ public function testAuthenticateViaQueryParamToken()
         );
 
         $authenticator = new JwtAuthenticator($this->identifiers, [
-            'secretKey' => 'secretKey',
+            'secretKey' => 'secretKey0123456789secretKey0123456789',
             'subjectKey' => 'subjectId',
         ]);
 
@@ -159,7 +159,7 @@ public function testAuthenticationViaIdentifierAndSubject()
             ]));
 
         $authenticator = new JwtAuthenticator($this->identifiers, [
-            'secretKey' => 'secretKey',
+            'secretKey' => 'secretKey0123456789secretKey0123456789',
             'returnPayload' => false,
             'subjectKey' => 'subjectId',
         ]);
@@ -242,7 +242,7 @@ public function testInvalidToken()
         );
 
         $authenticator = new JwtAuthenticator($this->identifiers, [
-            'secretKey' => 'secretKey',
+            'secretKey' => 'secretKey0123456789secretKey0123456789',
         ]);
 
         $result = $authenticator->authenticate($this->request);
@@ -268,7 +268,7 @@ public function testGetPayloadHS256()
         );
 
         $authenticator = new JwtAuthenticator($this->identifiers, [
-            'secretKey' => 'secretKey',
+            'secretKey' => 'secretKey0123456789secretKey0123456789',
         ]);
 
         $result = $authenticator->getPayload();
diff --git a/tests/TestCase/Middleware/AuthenticationMiddlewareTest.php b/tests/TestCase/Middleware/AuthenticationMiddlewareTest.php
index 8c11ef61..ae94841e 100644
--- a/tests/TestCase/Middleware/AuthenticationMiddlewareTest.php
+++ b/tests/TestCase/Middleware/AuthenticationMiddlewareTest.php
@@ -576,13 +576,13 @@ public function testJwtTokenAuthorizationThroughTheMiddlewareStack()
             'firstname' => 'larry',
         ];
 
-        $token = JWT::encode($data, 'secretKey', 'HS256');
+        $token = JWT::encode($data, 'secretKey0123456789secretKey0123456789', 'HS256');
 
         $this->service = new AuthenticationService([
             'authenticators' => [
                 'Authentication.Form' => ['identifier' => 'Authentication.Password'],
                 'Authentication.Jwt' => [
-                    'secretKey' => 'secretKey',
+                    'secretKey' => 'secretKey0123456789secretKey0123456789',
                     'identifier' => 'Authentication.JwtSubject',
                 ],
             ],