[Snyk] Fix for 1 vulnerabilities

[ajaypandey5]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @loopback/authentication-jwt

The new version differs by 250 commits.

• 06cbcba chore: publish release
• d1d1044 chore: update dependency @ commitlint/cli to ^17.4.1
• 447efda chore: update dependency puppeteer to ^19.5.0
• 375ed36 chore: update dependency casbin to ^5.20.2
• 5a5d7dc chore: update dependency @ types/passport-local to ^1.0.35
• 575fac0 chore: update dependency bson to v4.7.1
• cf47971 chore: update lerna monorepo to ^6.4.0
• 25d3710 chore: update actions/setup-node action to v3.6.0
• 0c83c8c chore: update actions/checkout action to v3.3.0
• ca6ed72 chore: update commitlint monorepo to ^17.4.0
• 810cd2c chore: update dependency ajv to ^8.12.0
• 1a2ca10 chore: do not cache Eslint
• 9975dd9 chore: update dependency write-file-atomic to v5
• 66d242a chore: update dependency testcontainers to v9
• 2382d74 chore: update dependency validate-npm-package-name to v5
• 0557132 chore: update dependency husky to ^8.0.3
• 35d0f5d chore: update dependency @ types/express-serve-static-core to ^4.17.32
• 505950c chore: update dependency http-status to ^1.6.1
• 08d65d1 chore: update dependency prom-client to ^14.1.1
• d681114 chore: update dependency @ types/morgan to ^1.9.4
• 4690117 chore: update dependency casbin to ^5.20.1
• fc29246 chore: update dependency json5 to ^2.2.3
• 1eb0e09 test: license year changes with the new year
• bb0c419 chore: update dependency casbin to ^5.20.0

See the full diff

Package name: jsonwebtoken

The new version differs by 17 commits.

• e1fa9dc Merge pull request from GHSA-8cf7-32gw-wr33
• 5eaedbf chore(ci): remove github test actions job (#861)
• cd4163e chore(ci): configure Github Actions jobs for Tests & Security Scanning (#856)
• ecdf6cc fix!: Prevent accidental use of insecure key sizes & misconfiguration of secrets (#852)
• 8345030 fix(sign&verify)!: Remove default `none` support from `sign` and `verify` methods, and require it to be explicitly configured (#851)
• 7e6a86b Upload OpsLevel YAML (#849)
• 74d5719 docs: update references vercel/ms references (#770)
• d71e383 docs: document "invalid token" error
• 3765003 docs: fix spelling in README.md: Peak -> Peek (#754)
• a46097e docs: make decode impossible to discover before verify
• 15a1bc4 refactor: make decode non-enumerable
• 5f10bf9 docs: add jwtid to options of jwt.verify (#704)
• 88cb9df Replace tilde-indexOf with includes (#647)
• a6235fa Adds not to README on decoded payload validation (#646)
• 5ed1f06 docs: fix tiny style change in readme (#622)
• 9fb90ca style: add missing semicolon (#641)
• a9e38b8 ci: use circleci (#589)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)