diff --git a/build.sbt b/build.sbt
index 8b245e58ac..1685858df0 100644
--- a/build.sbt
+++ b/build.sbt
@@ -429,12 +429,15 @@ lazy val runSteward = taskKey[Unit]("")
 runSteward := Def.taskDyn {
   val home = System.getenv("HOME")
   val projectDir = (LocalRootProject / baseDirectory).value
+  // val ghAppDir = projectDir.getParentFile / "gh-app"
   val args = Seq(
     Seq("--workspace", s"$projectDir/workspace"),
     Seq("--repos-file", s"$projectDir/repos.md"),
     Seq("--git-author-email", s"me@$projectName.org"),
     Seq("--forge-login", projectName),
     Seq("--git-ask-pass", s"$home/.github/askpass/$projectName.sh"),
+    // Seq("--github-app-id", IO.read(ghAppDir / "scala-steward.app-id.txt").trim),
+    // Seq("--github-app-key-file", s"$ghAppDir/scala-steward.private-key.pem"),
     Seq("--whitelist", s"$home/.cache/coursier"),
     Seq("--whitelist", s"$home/.cache/JNA"),
     Seq("--whitelist", s"$home/.cache/mill"),
diff --git a/modules/core/src/main/scala/org/scalasteward/core/forge/github/GitHubAuthAlg.scala b/modules/core/src/main/scala/org/scalasteward/core/forge/github/GitHubAuthAlg.scala
index 0dcc6d3b7c..8ffbb10f37 100644
--- a/modules/core/src/main/scala/org/scalasteward/core/forge/github/GitHubAuthAlg.scala
+++ b/modules/core/src/main/scala/org/scalasteward/core/forge/github/GitHubAuthAlg.scala
@@ -19,14 +19,13 @@ package org.scalasteward.core.forge.github
 import better.files.File
 import cats.effect.Sync
 import cats.implicits._
-import io.jsonwebtoken.{Jwts, SignatureAlgorithm}
-import org.bouncycastle.jce.provider.BouncyCastleProvider
-import org.bouncycastle.util.io.pem.PemReader
-
+import io.jsonwebtoken.Jwts
 import java.io.FileReader
 import java.security.spec.PKCS8EncodedKeySpec
 import java.security.{KeyFactory, PrivateKey, Security}
 import java.util.Date
+import org.bouncycastle.jce.provider.BouncyCastleProvider
+import org.bouncycastle.util.io.pem.PemReader
 import scala.concurrent.duration.FiniteDuration
 import scala.util.Using
 
@@ -72,13 +71,13 @@ object GitHubAuthAlg {
           val signingKey = readPrivateKey(app.keyFile)
           val builder = Jwts
             .builder()
-            .setIssuedAt(now)
-            .setIssuer(app.id.toString)
-            .signWith(signingKey, SignatureAlgorithm.RS256)
+            .issuedAt(now)
+            .issuer(app.id.toString)
+            .signWith(signingKey, Jwts.SIG.RS256)
           if (ttlMillis > 0) {
             val expMillis = nowMillis + ttlMillis
             val exp = new Date(expMillis)
-            builder.setExpiration(exp)
+            builder.expiration(exp)
           }
           builder.compact()
         }
diff --git a/project/Dependencies.scala b/project/Dependencies.scala
index 9a5b043e42..819b7993c0 100644
--- a/project/Dependencies.scala
+++ b/project/Dependencies.scala
@@ -30,7 +30,7 @@ object Dependencies {
   val http4sJdkhttpClient = "org.http4s" %% "http4s-jdk-http-client" % "1.0.0-M9"
   val log4catsSlf4j = "org.typelevel" %% "log4cats-slf4j" % "2.6.0"
   val logbackClassic = "ch.qos.logback" % "logback-classic" % "1.4.14"
-  val jjwtApi = "io.jsonwebtoken" % "jjwt-api" % "0.11.5"
+  val jjwtApi = "io.jsonwebtoken" % "jjwt-api" % "0.12.3"
   val jjwtImpl = "io.jsonwebtoken" % "jjwt-impl" % jjwtApi.revision
   val jjwtJackson = "io.jsonwebtoken" % "jjwt-jackson" % jjwtApi.revision
   val millScriptVersion = "0.11.0-M10"