Bump com.nimbusds:nimbus-jose-jwt from 9.37.1 to 9.37.2 (opensearch-p…

…roject#3785)

Bumps
[com.nimbusds:nimbus-jose-jwt](https://bitbucket.org/connect2id/nimbus-jose-jwt)
from 9.37.1 to 9.37.2.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt">com.nimbusds:nimbus-jose-jwt's
changelog</a>.</em></p>
<blockquote>
<p>version 1.0 (2012-03-01)</p>
<ul>
<li>First version based on the OpenInfoCard JWT, JWS and JWE code
base.</li>
</ul>
<p>version 1.1 (2012-03-06)</p>
<ul>
<li>Introduces type-safe enumeration of the JSON Web Algorithms
(JWA).</li>
<li>Refactors the JWT class.</li>
</ul>
<p>version 1.2 (2012-03-08)</p>
<ul>
<li>Moves JWS and JWE code into separate classes.</li>
</ul>
<p>version 1.3 (2012-03-09)</p>
<ul>
<li>Switches to Apache Commons Codec for Base64URL encoding and
decoding</li>
<li>Consolidates the crypto utilities within the package.</li>
<li>Introduces a JWT content serialiser class.</li>
</ul>
<p>version 1.4 (2012-03-09)</p>
<ul>
<li>Refactoring of JWT class and JUnit tests.</li>
</ul>
<p>version 1.5 (2012-03-18)</p>
<ul>
<li>Switches to JSON Smart for JSON serialisation and parsing.</li>
<li>Introduces claims set class with JSON objects, string, Base64URL and
byte array views.</li>
</ul>
<p>version 1.6 (2012-03-20)</p>
<ul>
<li>Creates class for representing, serialising and parsing JSON Web
Keys
(JWK).</li>
<li>Introduces separate class for representing JWT headers.</li>
</ul>
<p>version 1.7 (2012-04-01)</p>
<ul>
<li>Introduces separate classes for plain, JWS and JWE headers.</li>
<li>Introduces separate classes for plain, signed and encrypted
JWTs.</li>
<li>Removes the JWTContent class.</li>
<li>Removes password-based (PE820) encryption support.</li>
</ul>
<p>version 1.8 (2012-04-03)</p>
<ul>
<li>Adds support for the ZIP JWE header parameter.</li>
<li>Removes unsupported algorithms from the JWA enumeration.</li>
</ul>
<p>version 1.9 (2012-04-03)</p>
<ul>
<li>Renames JWEHeader.{get|set}EncryptionAlgorithm() to
JWEHeader.{get|set}EncryptionMethod().</li>
</ul>
<p>version 1.9.1 (2012-04-03)</p>
<ul>
<li>Upgrades JSON Smart JAR to 1.1.1.</li>
</ul>
<p>version 1.10 (2012-04-14)</p>
<ul>
<li>Introduces serialize() method to base abstract JWT class.</li>
</ul>
<p>version 1.11 (2012-05-13)</p>
<ul>
<li>JWT.serialize() throws checked JWTException instead of</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/8c8135890907c9b1c0a6ae1633598e91c1a9c726"><code>8c81358</code></a>
[maven-release-plugin] prepare for next development iteration</li>
<li><a
href="https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/3b3b77ec5ec4b16c3fe12d4977c683db845ffde3"><code>3b3b77e</code></a>
The PasswordBasedDecrypter (PBKDF2) must enforce a limit on the maximum
allow...</li>
<li><a
href="https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/e283ea02909e00645a622f16977659f8a7ba5b00"><code>e283ea0</code></a>
[maven-release-plugin] prepare release 9.37.2</li>
<li>See full diff in <a
href="https://bitbucket.org/connect2id/nimbus-jose-jwt/branches/compare/9.37.2..9.37.1">compare
view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.nimbusds:nimbus-jose-jwt&package-manager=gradle&previous-version=9.37.1&new-version=9.37.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)

</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
(cherry picked from commit ad992c5)

build.gradle

@@ -569,7 +569,7 @@ dependencies {
     implementation 'commons-cli:commons-cli:1.6.0'
     implementation "org.bouncycastle:bcprov-jdk15to18:${versions.bouncycastle}"
     implementation 'org.ldaptive:ldaptive:1.2.3'
-    implementation 'com.nimbusds:nimbus-jose-jwt:9.37'
+    implementation 'com.nimbusds:nimbus-jose-jwt:9.37.2'
 
     //JWT
     implementation "io.jsonwebtoken:jjwt-api:${jjwt_version}"