Use the parent pom 2.6 to avoid the potential CVE issue with arquillian

pom.xml

@@ -19,7 +19,7 @@
     <parent>
         <groupId>org.eclipse.microprofile</groupId>
         <artifactId>microprofile-parent</artifactId>
-        <version>2.4</version>
+        <version>2.6</version>
     </parent>
 
     <groupId>org.eclipse.microprofile.jwt</groupId>
@@ -36,7 +36,7 @@
         <version.microprofile.config>3.0</version.microprofile.config>
         <version.jose4j>0.7.9</version.jose4j>
         <version.osgi.versioning>1.1.0</version.osgi.versioning>
-
+        <version.microprofile.tck.bom>2.6</version.microprofile.tck.bom>
         <inceptionYear>2017</inceptionYear>
     </properties>
 

tck/pom.xml

@@ -25,6 +25,18 @@
     <artifactId>microprofile-jwt-auth-tck</artifactId>
     <name>MicroProfile JWT Auth TCK</name>
 
+    <dependencyManagement>
+        <dependencies>
+            <dependency>
+                <groupId>org.eclipse.microprofile</groupId>
+                <artifactId>microprofile-tck-bom</artifactId>
+                <version>${version.microprofile.tck.bom}</version>
+                <type>pom</type>
+                <scope>import</scope>
+            </dependency>
+        </dependencies>
+    </dependencyManagement>
+
     <dependencies>
         <dependency>
             <groupId>org.eclipse.microprofile.jwt</groupId>

tck/src/test/java/org/eclipse/microprofile/jwt/tck/container/jaxrs/jwe/RolesAllowedSignEncryptRsaOaepTest.java

@@ -108,7 +108,6 @@ private static String signEncryptClaimsWithOptionalCty(String jsonResName, boole
         return TokenUtils.signEncryptClaims(signingKey, null, encryptionKey, null, jsonResName, cty);
     }
 
-
     @RunAsClient
     @Test(groups = TEST_GROUP_JAXRS, description = "Validate a request with RSA-OAEP encrypted token succeeds")
     public void callEchoRsaOaep() {