Upgrade nimbus-jose-jwt to 10.0.2

[arnzel]

Hi can the nimbus-jose-jwt library be updated to 10.0.2 to resolve https://access.redhat.com/security/cve/CVE-2025-53864

[snieguu]

I will add additional context here. As mentioned above, we should update to at least version 10.0.2. See: https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/583/parsing-must-reject-deeply-nested-json

The vulnerability lies within Gson. However, it's not possible to simply force a specific Gson version because it is shaded into nimbus-jose-jwt.

I am currently checking (in my project) the possibility of forcing an updated version of nimbus-jose-jwt.

Related/Similar issues:
#13843
#14245
#15951