security(deps): fix vulnerabilities by upgrading java-common, nimbus, jersey, bcpkix, and logback

Upgraded multiple dependencies to patched versions to address known CVEs
and keep the stack on maintained releases.

- authlete-java-common: 4.19 → 4.21
- jersey.version: 2.30.1 → 2.34
- com.nimbusds:oauth2-oidc-sdk: 9.22 → 9.43.4 (removed jdk8 classifier)
- org.bouncycastle:bcpkix-jdk18on: 1.78 → 1.78.1
- ch.qos.logback:logback-classic: 1.2.13 → 1.3.15

Author: Antoine Resenterra

pom.xml

@@ -12,11 +12,11 @@
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 
-    <authlete.java.common.version>4.19</authlete.java.common.version>
+    <authlete.java.common.version>4.21</authlete.java.common.version>
     <authlete.java.jaxrs.version>2.86</authlete.java.jaxrs.version>
     <authlete.cbor.version>1.18</authlete.cbor.version>
     <javax.servlet-api.version>3.0.1</javax.servlet-api.version>
-    <jersey.version>2.30.1</jersey.version>
+    <jersey.version>2.34</jersey.version>
     <jetty.version>9.4.27.v20200227</jetty.version>
     <maven.compiler.plugin.version>3.10.1</maven.compiler.plugin.version>
     <maven.war.plugin.version>3.3.2</maven.war.plugin.version>
@@ -114,14 +114,13 @@
     <dependency>
         <groupId>org.bouncycastle</groupId>
         <artifactId>bcpkix-jdk18on</artifactId>
-        <version>1.78</version>
+        <version>1.78.1</version>
     </dependency>
 
     <dependency>
       <groupId>com.nimbusds</groupId>
       <artifactId>oauth2-oidc-sdk</artifactId>
-      <classifier>jdk8</classifier>
-      <version>9.22</version>
+      <version>9.43.4</version>
     </dependency>
 
     <dependency>
@@ -133,7 +132,7 @@
     <dependency>
       <groupId>ch.qos.logback</groupId>
       <artifactId>logback-classic</artifactId>
-      <version>1.2.13</version>
+      <version>1.3.15</version>
     </dependency>
 
     <dependency>