BE: Remove nimbus-jose-jwt overwrite

Author: yeikel

api/build.gradle

@@ -14,12 +14,7 @@ dependencies {
     implementation project(":contract")
     implementation project(":serde-api")
     implementation libs.spring.starter.webflux
-    implementation(libs.spring.starter.security){
-        exclude group: 'com.nimbusds', module: 'nimbus-jose-jwt' because("Temporary overwrite to fix CVE-2025-53864. See https://avd.aquasec.com/nvd/2025/cve-2025-53864/")
-    }
-    implementation(libs.nimbus.jose.jwt){
-        because("Fixes CVE-2025-5386. See https://avd.aquasec.com/nvd/2025/cve-2025-53864/")
-    }
+    implementation(libs.spring.starter.security)
     implementation libs.spring.starter.actuator
     implementation libs.spring.starter.logging
     implementation libs.spring.starter.oauth2.client

gradle/libs.versions.toml

@@ -1,6 +1,5 @@
 [versions]
 spring-boot = '3.5.6'
-nimbus-jose-jwt = '10.0.2'
 
 aws-msk-auth = '2.3.0'
 azure-identity = '1.15.4'
@@ -55,8 +54,6 @@ spring-starter-actuator = { module = 'org.springframework.boot:spring-boot-start
 spring-starter-test = { module = 'org.springframework.boot:spring-boot-starter-test', version.ref = 'spring-boot' }
 spring-starter-webflux = { module = 'org.springframework.boot:spring-boot-starter-webflux', version.ref = 'spring-boot' }
 spring-starter-security = { module = 'org.springframework.boot:spring-boot-starter-security', version.ref = 'spring-boot' }
-# Temporary overwrite to fix CVE-2025-53864
-nimbus-jose-jwt = { module = 'com.nimbusds:nimbus-jose-jwt', version.ref = 'nimbus-jose-jwt' }
 spring-starter-validation = { module = 'org.springframework.boot:spring-boot-starter-validation', version.ref = 'spring-boot' }
 spring-starter-oauth2-client = { module = 'org.springframework.boot:spring-boot-starter-oauth2-client', version.ref = 'spring-boot' }
 spring-starter-logging = { module = 'org.springframework.boot:spring-boot-starter-logging', version.ref = 'spring-boot' }