security issue python-jose Odoo 12 to Odoo 15

[mathben]

Is your feature request related to a problem?
Security issue about python-jose. Last version 3.3.0 - 4 june 2021
Depend on pycrypto (>=2.6.0,<2.7.0), a deprecated library with security issue.
https://www.cvedetails.com/cve/CVE-2009-0544/
mpdavis/python-jose#310

Describe the solution you'd like
python-jose is use into module auth_oidc

from jose import jwt
[...]
    def _parse_id_token(self, id_token, access_token):
        self.ensure_one()
        res = {}
        header = jwt.get_unverified_header(id_token)
        res.update(
            jwt.decode(
                id_token,
                self._get_key(header.get("kid")),
                algorithms=["RS256"],
                audience=self.client_id,
                access_token=access_token,
            )
        )

        res.update(self._map_token_values(res))
        return res

Describe alternatives you've considered
Do we have an alternative, is it a real security issue? Or we can ignore it?
Thanks