The nimbus-jose-jwt dependency is at version 5.4. Versions before 7.9 have known security vulnerabilities. See [here]( https://nvd.nist.gov/vuln/detail/CVE-2019-17195) for the list.
