[Snyk] Security upgrade jsonwebtoken from 8.5.1 to 9.0.0

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	671/1000 Why? Recently disclosed, Has a fix available, CVSS 7.7	Improper Input Validation SNYK-JS-JSONWEBTOKEN-3180020	Yes	No Known Exploit
	611/1000 Why? Recently disclosed, Has a fix available, CVSS 6.5	Improper Authentication SNYK-JS-JSONWEBTOKEN-3180022	Yes	No Known Exploit
	611/1000 Why? Recently disclosed, Has a fix available, CVSS 6.5	Improper Restriction of Security Token Assignment SNYK-JS-JSONWEBTOKEN-3180024	Yes	No Known Exploit
	526/1000 Why? Recently disclosed, Has a fix available, CVSS 4.8	Use of a Broken or Risky Cryptographic Algorithm SNYK-JS-JSONWEBTOKEN-3180026	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: jsonwebtoken

The new version differs by 17 commits.

• e1fa9dc Merge pull request from GHSA-8cf7-32gw-wr33
• 5eaedbf chore(ci): remove github test actions job (#861)
• cd4163e chore(ci): configure Github Actions jobs for Tests & Security Scanning (#856)
• ecdf6cc fix!: Prevent accidental use of insecure key sizes & misconfiguration of secrets (#852)
• 8345030 fix(sign&verify)!: Remove default `none` support from `sign` and `verify` methods, and require it to be explicitly configured (#851)
• 7e6a86b Upload OpsLevel YAML (#849)
• 74d5719 docs: update references vercel/ms references (Build(deps-dev): Bump @typescript-eslint/parser from 5.28.0 to 5.62.0 #770)
• d71e383 docs: document "invalid token" error
• 3765003 docs: fix spelling in README.md: Peak -> Peek (Build(deps-dev): Bump eslint from 8.17.0 to 8.43.0 #754)
• a46097e docs: make decode impossible to discover before verify
• 15a1bc4 refactor: make decode non-enumerable
• 5f10bf9 docs: add jwtid to options of jwt.verify (Build(deps-dev): Bump eslint from 8.17.0 to 8.37.0 #704)
• 88cb9df Replace tilde-indexOf with includes (Build(deps-dev): Bump @typescript-eslint/parser from 5.28.0 to 5.47.1 #647)
• a6235fa Adds not to README on decoded payload validation ([Snyk] Security upgrade jsonwebtoken from 8.5.1 to 9.0.0 #646)
• 5ed1f06 docs: fix tiny style change in readme (Build(deps-dev): Bump eslint from 8.17.0 to 8.28.0 #622)
• 9fb90ca style: add missing semicolon (Build(deps-dev): Bump eslint from 8.17.0 to 8.30.0 #641)
• a9e38b8 ci: use circleci (Build(deps-dev): Bump @types/node from 17.0.43 to 18.8.0 #589)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Use of a Broken or Risky Cryptographic Algorithm

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[sonarqubecloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
0.0% Duplication

[ghost]

Black Duck Security Report

Merging #646 into master will not change security risk.

Added Components

Clean: 4

Removed Components

Clean: 15

Click here to see full report