Pac4j v5.1 and earlier allows (by default) clients to accept and successfully validate ID Tokens with "none" algorithm. This is insecure because it disables signature validation:
Update Pac4j from 5.1.4 to 5.2.1.
Also update RMB 33.2.3 to 33.2.4 (this bumps log4j from 2.17.0 to 2.17.1).
And update vertx-pac4j from 6.0.0-FOLIO.1 to 6.0.0.