[Snyk] Security upgrade jsonwebtoken from 8.5.1 to 9.0.0

[benjie]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • packages/graphile-build-pg/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	671/1000 Why? Recently disclosed, Has a fix available, CVSS 7.7	Improper Input Validation SNYK-JS-JSONWEBTOKEN-3180020	Yes	No Known Exploit
	611/1000 Why? Recently disclosed, Has a fix available, CVSS 6.5	Improper Authentication SNYK-JS-JSONWEBTOKEN-3180022	Yes	No Known Exploit
	611/1000 Why? Recently disclosed, Has a fix available, CVSS 6.5	Improper Restriction of Security Token Assignment SNYK-JS-JSONWEBTOKEN-3180024	Yes	No Known Exploit
	526/1000 Why? Recently disclosed, Has a fix available, CVSS 4.8	Use of a Broken or Risky Cryptographic Algorithm SNYK-JS-JSONWEBTOKEN-3180026	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: jsonwebtoken

The new version differs by 17 commits.

• e1fa9dc Merge pull request from GHSA-8cf7-32gw-wr33
• 5eaedbf chore(ci): remove github test actions job (#861)
• cd4163e chore(ci): configure Github Actions jobs for Tests & Security Scanning (chore: add node specifier to assert import #856)
• ecdf6cc fix!: Prevent accidental use of insecure key sizes & misconfiguration of secrets (sponsorship: update sponsors 🙏 #852)
• 8345030 fix(sign&verify)!: Remove default `none` support from `sign` and `verify` methods, and require it to be explicitly configured (Remove indcheckxmin check #851)
• 7e6a86b Upload OpsLevel YAML (Provide a type guard to distinguish between ResolveTree and FieldsByTypeName #849)
• 74d5719 docs: update references vercel/ms references (polish: improve error message when enum creation fails #770)
• d71e383 docs: document "invalid token" error
• 3765003 docs: fix spelling in README.md: Peak -> Peek (chore(deps): Bump tar from 4.4.15 to 4.4.19 #754)
• a46097e docs: make decode impossible to discover before verify
• 15a1bc4 refactor: make decode non-enumerable
• 5f10bf9 docs: add jwtid to options of jwt.verify (feat(enum): enum views #704)
• 88cb9df Replace tilde-indexOf with includes (chore(deps): bump tree-kill from 1.2.1 to 1.2.2 #647)
• a6235fa Adds not to README on decoded payload validation (makeExtendSchemaPlugin resolver doesn't recognize nodeId. #646)
• 5ed1f06 docs: fix tiny style change in readme (TypeScript error on fieldsByTypeName of parseResolveInfo #622)
• 9fb90ca style: add missing semicolon (Root field for custom query returning connection should not be non-nullable #641)
• a9e38b8 ci: use circleci (chore(tests): use Jest GraphQL schema serializer #589)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Use of a Broken or Risky Cryptographic Algorithm

[benjie]

Fixed in #823