Security: Please update dependency firebase/php-jwt

[mikkeschiren]

firebase/php-jwt has a low rated CVE in version 6.10.1, the CVE:s itslef is disputed, but package should be upgraded to a version that doesn't have the issue - which would be 7.0.0.

Information:
https://nvd.nist.gov/vuln/detail/CVE-2025-45769

[sgiehl]

@mikkeschiren This is (still) a disputed record, and I'm by now not aware of any evidence that this affects Matomo at all.
Also please note, that version 7 requires PHP 8, so we can't update it easily, without dropping support for PHP 7.2/7.4 in this plugin.
If this issue turns out to be exploitable, we might look for a custom solution to fix this, otherwise it might get postponed to the next major release of Matomo, where we likely will drop support for PHP < 8 anyway.