Upgrade `jose` to mitigate dependabot alert

[RaphaelManke]

Checklist

• [X] The issue can be reproduced in the nextjs-auth0 sample app (or N/A).
• [X] I have looked into the Readme, Examples, and FAQ and have not found a suitable solution or answer.
• [X] I have looked into the API documentation and have not found a suitable solution or answer.
• [X] I have searched the issues and have not found a suitable solution or answer.
• [X] I have searched the Auth0 Community forums and have not found a suitable solution or answer.
• [X] I agree to the terms within the Auth0 Code of Conduct.

Description

The currently referenced version of jose should be upgraded to at least 4.15.5 due to a vulnerability. In our (private) repo dependabot alerts on that.

  "jose": "^4.9.2",

Reproduction

https://github.com/advisories/GHSA-hhhv-q57g-882q

Additional context

No response

nextjs-auth0 version

3.5.0

Next.js version

-

Node.js version

20

[manfe]

I think this should be prioritized:

jose  3.0.0 - 4.15.4
Severity: moderate
jose vulnerable to resource exhaustion via specifically crafted JWE with compressed plaintext - https://github.com/advisories/GHSA-hhhv-q57g-882q