chore: upgrade jsonwebtoken from 8.5.1 to 9.0.0

[twilio-product-security]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Fixes #846

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	671/1000 Why? Recently disclosed, Has a fix available, CVSS 7.7	Improper Input Validation SNYK-JS-JSONWEBTOKEN-3180020	Yes	No Known Exploit
	611/1000 Why? Recently disclosed, Has a fix available, CVSS 6.5	Improper Authentication SNYK-JS-JSONWEBTOKEN-3180022	Yes	No Known Exploit
	611/1000 Why? Recently disclosed, Has a fix available, CVSS 6.5	Improper Restriction of Security Token Assignment SNYK-JS-JSONWEBTOKEN-3180024	Yes	No Known Exploit
	526/1000 Why? Recently disclosed, Has a fix available, CVSS 4.8	Use of a Broken or Risky Cryptographic Algorithm SNYK-JS-JSONWEBTOKEN-3180026	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: jsonwebtoken

The new version differs by 17 commits.

• e1fa9dc Merge pull request from GHSA-8cf7-32gw-wr33
• 5eaedbf chore(ci): remove github test actions job (fix: done only gets called one in each #861)
• cd4163e chore(ci): configure Github Actions jobs for Tests & Security Scanning (feat: Include comment in node twiml XML #856)
• ecdf6cc fix!: Prevent accidental use of insecure key sizes & misconfiguration of secrets (chore: fix SMS messaging parse error #852)
• 8345030 fix(sign&verify)!: Remove default `none` support from `sign` and `verify` methods, and require it to be explicitly configured (chore: upgrade GitHub Actions dependencies #851)
• 7e6a86b Upload OpsLevel YAML (chore: touch up request validator #849)
• 74d5719 docs: update references vercel/ms references (feat: migrate subdomain shortcuts (#752) #770)
• d71e383 docs: document "invalid token" error
• 3765003 docs: fix spelling in README.md: Peak -> Peek (feat: generate Twilio.ts file #754)
• a46097e docs: make decode impossible to discover before verify
• 15a1bc4 refactor: make decode non-enumerable
• 5f10bf9 docs: add jwtid to options of jwt.verify (fix: git log retrieval issues #704)
• 88cb9df Replace tilde-indexOf with includes (Latest messages not available in messages.list #647)
• a6235fa Adds not to README on decoded payload validation (The requested resource /Services/VAXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX/VerificationCheck was not found" #646)
• 5ed1f06 docs: fix tiny style change in readme (fix: remove request auth headers from debug logging #622)
• 9fb90ca style: add missing semicolon (Twilio Verify: Email - Dynamic Template Data #641)
• a9e38b8 ci: use circleci (feat: add fax capability to deserialized phone number capabilities #589)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Use of a Broken or Risky Cryptographic Algorithm

[Siddhant-K-code]

@childish-sambino Let's create a new release (version bump) 😄

[childish-sambino]

@Siddhant-K-code New release here: https://github.com/twilio/twilio-node/releases/tag/4.0.0-rc.4