[8.12] Update dependency jsonwebtoken to ^9.0.2 (main) (#173219) (#17…

…3242)

# Backport

This will backport the following commits from `main` to `8.12`:
- [Update dependency jsonwebtoken to ^9.0.2 (main)
(#173219)](#173219)

<!--- Backport version: 8.9.7 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT
[{"author":{"name":"renovate[bot]","email":"29139614+renovate[bot]@users.noreply.github.com"},"sourceCommit":{"committedDate":"2023-12-13T08:12:07Z","message":"Update
dependency jsonwebtoken to ^9.0.2 (main)
(#173219)\n\n[![Mend\r\nRenovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)\r\n\r\nThis
PR contains the following updates:\r\n\r\n| Package | Change | Age |
Adoption | Passing | Confidence |\r\n|---|---|---|---|---|---|\r\n|
[jsonwebtoken](https://togithub.com/auth0/node-jsonwebtoken)
|\r\n[`^9.0.0`
->\r\n`^9.0.2`](https://renovatebot.com/diffs/npm/jsonwebtoken/9.0.0/9.0.2)
|\r\n[![age](https://developer.mend.io/api/mc/badges/age/npm/jsonwebtoken/9.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/jsonwebtoken/9.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/jsonwebtoken/9.0.0/9.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/jsonwebtoken/9.0.0/9.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n\r\n---\r\n\r\n###
Release Notes\r\n\r\n<details>\r\n<summary>auth0/node-jsonwebtoken
(jsonwebtoken)</summary>\r\n\r\n###\r\n[`v9.0.2`](https://togithub.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#902---2023-08-30)\r\n\r\n[Compare\r\nSource](https://togithub.com/auth0/node-jsonwebtoken/compare/v9.0.1...v9.0.2)\r\n\r\n-
security: updating semver to 7.5.4 to resolve CVE-2022-25883,
closes\r\n[#&#8203;921](https://togithub.com/auth0/node-jsonwebtoken/issues/921).\r\n-
refactor: reduce library size by using lodash specific
dependencies,\r\ncloses\r\n[#&#8203;878](https://togithub.com/auth0/node-jsonwebtoken/issues/878).\r\n\r\n###\r\n[`v9.0.1`](https://togithub.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#901---2023-07-05)\r\n\r\n[Compare\r\nSource](https://togithub.com/auth0/node-jsonwebtoken/compare/v9.0.0...v9.0.1)\r\n\r\n-
fix(stubs): allow decode method to be
stubbed\r\n\r\n</details>\r\n\r\n---\r\n\r\n### Configuration\r\n\r\n📅
**Schedule**: Branch creation - At any time (no schedule
defined),\r\nAutomerge - At any time (no schedule defined).\r\n\r\n🚦
**Automerge**: Disabled by config. Please merge this manually once
you\r\nare satisfied.\r\n\r\n♻ **Rebasing**: Whenever PR becomes
conflicted, or you tick the\r\nrebase/retry checkbox.\r\n\r\n🔕
**Ignore**: Close this PR and you won't be reminded about this
update\r\nagain.\r\n\r\n---\r\n\r\n- [ ] <!-- rebase-check -->If you
want to rebase/retry this PR, check\r\nthis box\r\n\r\n---\r\n\r\nThis
PR has been generated by
[Mend\r\nRenovate](https://www.mend.io/free-developer-tools/renovate/).
View\r\nrepository job
log\r\n[here](https://developer.mend.io/github/elastic/kibana).\r\n\r\n<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy44Ny4yIiwidXBkYXRlZEluVmVyIjoiMzcuODcuMiIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->\r\n\r\nCo-authored-by:
renovate[bot]
<29139614+renovate[bot]@users.noreply.github.com>","sha":"7978d199101767a167b70f324ecf394efec37996","branchLabelMapping":{"^v8.13.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","backport:all-open","v8.13.0"],"number":173219,"url":"https://github.com/elastic/kibana/pull/173219","mergeCommit":{"message":"Update
dependency jsonwebtoken to ^9.0.2 (main)
(#173219)\n\n[![Mend\r\nRenovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)\r\n\r\nThis
PR contains the following updates:\r\n\r\n| Package | Change | Age |
Adoption | Passing | Confidence |\r\n|---|---|---|---|---|---|\r\n|
[jsonwebtoken](https://togithub.com/auth0/node-jsonwebtoken)
|\r\n[`^9.0.0`
->\r\n`^9.0.2`](https://renovatebot.com/diffs/npm/jsonwebtoken/9.0.0/9.0.2)
|\r\n[![age](https://developer.mend.io/api/mc/badges/age/npm/jsonwebtoken/9.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/jsonwebtoken/9.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/jsonwebtoken/9.0.0/9.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/jsonwebtoken/9.0.0/9.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n\r\n---\r\n\r\n###
Release Notes\r\n\r\n<details>\r\n<summary>auth0/node-jsonwebtoken
(jsonwebtoken)</summary>\r\n\r\n###\r\n[`v9.0.2`](https://togithub.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#902---2023-08-30)\r\n\r\n[Compare\r\nSource](https://togithub.com/auth0/node-jsonwebtoken/compare/v9.0.1...v9.0.2)\r\n\r\n-
security: updating semver to 7.5.4 to resolve CVE-2022-25883,
closes\r\n[#&#8203;921](https://togithub.com/auth0/node-jsonwebtoken/issues/921).\r\n-
refactor: reduce library size by using lodash specific
dependencies,\r\ncloses\r\n[#&#8203;878](https://togithub.com/auth0/node-jsonwebtoken/issues/878).\r\n\r\n###\r\n[`v9.0.1`](https://togithub.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#901---2023-07-05)\r\n\r\n[Compare\r\nSource](https://togithub.com/auth0/node-jsonwebtoken/compare/v9.0.0...v9.0.1)\r\n\r\n-
fix(stubs): allow decode method to be
stubbed\r\n\r\n</details>\r\n\r\n---\r\n\r\n### Configuration\r\n\r\n📅
**Schedule**: Branch creation - At any time (no schedule
defined),\r\nAutomerge - At any time (no schedule defined).\r\n\r\n🚦
**Automerge**: Disabled by config. Please merge this manually once
you\r\nare satisfied.\r\n\r\n♻ **Rebasing**: Whenever PR becomes
conflicted, or you tick the\r\nrebase/retry checkbox.\r\n\r\n🔕
**Ignore**: Close this PR and you won't be reminded about this
update\r\nagain.\r\n\r\n---\r\n\r\n- [ ] <!-- rebase-check -->If you
want to rebase/retry this PR, check\r\nthis box\r\n\r\n---\r\n\r\nThis
PR has been generated by
[Mend\r\nRenovate](https://www.mend.io/free-developer-tools/renovate/).
View\r\nrepository job
log\r\n[here](https://developer.mend.io/github/elastic/kibana).\r\n\r\n<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy44Ny4yIiwidXBkYXRlZEluVmVyIjoiMzcuODcuMiIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->\r\n\r\nCo-authored-by:
renovate[bot]
<29139614+renovate[bot]@users.noreply.github.com>","sha":"7978d199101767a167b70f324ecf394efec37996"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v8.13.0","labelRegex":"^v8.13.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/173219","number":173219,"mergeCommit":{"message":"Update
dependency jsonwebtoken to ^9.0.2 (main)
(#173219)\n\n[![Mend\r\nRenovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)\r\n\r\nThis
PR contains the following updates:\r\n\r\n| Package | Change | Age |
Adoption | Passing | Confidence |\r\n|---|---|---|---|---|---|\r\n|
[jsonwebtoken](https://togithub.com/auth0/node-jsonwebtoken)
|\r\n[`^9.0.0`
->\r\n`^9.0.2`](https://renovatebot.com/diffs/npm/jsonwebtoken/9.0.0/9.0.2)
|\r\n[![age](https://developer.mend.io/api/mc/badges/age/npm/jsonwebtoken/9.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/jsonwebtoken/9.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/jsonwebtoken/9.0.0/9.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/jsonwebtoken/9.0.0/9.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n\r\n---\r\n\r\n###
Release Notes\r\n\r\n<details>\r\n<summary>auth0/node-jsonwebtoken
(jsonwebtoken)</summary>\r\n\r\n###\r\n[`v9.0.2`](https://togithub.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#902---2023-08-30)\r\n\r\n[Compare\r\nSource](https://togithub.com/auth0/node-jsonwebtoken/compare/v9.0.1...v9.0.2)\r\n\r\n-
security: updating semver to 7.5.4 to resolve CVE-2022-25883,
closes\r\n[#&#8203;921](https://togithub.com/auth0/node-jsonwebtoken/issues/921).\r\n-
refactor: reduce library size by using lodash specific
dependencies,\r\ncloses\r\n[#&#8203;878](https://togithub.com/auth0/node-jsonwebtoken/issues/878).\r\n\r\n###\r\n[`v9.0.1`](https://togithub.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#901---2023-07-05)\r\n\r\n[Compare\r\nSource](https://togithub.com/auth0/node-jsonwebtoken/compare/v9.0.0...v9.0.1)\r\n\r\n-
fix(stubs): allow decode method to be
stubbed\r\n\r\n</details>\r\n\r\n---\r\n\r\n### Configuration\r\n\r\n📅
**Schedule**: Branch creation - At any time (no schedule
defined),\r\nAutomerge - At any time (no schedule defined).\r\n\r\n🚦
**Automerge**: Disabled by config. Please merge this manually once
you\r\nare satisfied.\r\n\r\n♻ **Rebasing**: Whenever PR becomes
conflicted, or you tick the\r\nrebase/retry checkbox.\r\n\r\n🔕
**Ignore**: Close this PR and you won't be reminded about this
update\r\nagain.\r\n\r\n---\r\n\r\n- [ ] <!-- rebase-check -->If you
want to rebase/retry this PR, check\r\nthis box\r\n\r\n---\r\n\r\nThis
PR has been generated by
[Mend\r\nRenovate](https://www.mend.io/free-developer-tools/renovate/).
View\r\nrepository job
log\r\n[here](https://developer.mend.io/github/elastic/kibana).\r\n\r\n<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy44Ny4yIiwidXBkYXRlZEluVmVyIjoiMzcuODcuMiIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->\r\n\r\nCo-authored-by:
renovate[bot]
<29139614+renovate[bot]@users.noreply.github.com>","sha":"7978d199101767a167b70f324ecf394efec37996"}}]}]
BACKPORT-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

package.json

@@ -970,7 +970,7 @@
     "json-stable-stringify": "^1.0.1",
     "json-stringify-pretty-compact": "1.2.0",
     "json-stringify-safe": "5.0.1",
-    "jsonwebtoken": "^9.0.0",
+    "jsonwebtoken": "^9.0.2",
     "jsts": "^1.6.2",
     "kea": "^2.6.0",
     "langchain": "^0.0.186",

yarn.lock

@@ -20630,15 +20630,21 @@ jsonpointer@^5.0.1:
   resolved "https://registry.yarnpkg.com/jsonpointer/-/jsonpointer-5.0.1.tgz#2110e0af0900fd37467b5907ecd13a7884a1b559"
   integrity sha512-p/nXbhSEcu3pZRdkW1OfJhpsVtW1gd4Wa1fnQc9YLiTfAjn0312eMKimbdIQzuZl9aa9xUGaRlP9T/CJE/ditQ==
 
-jsonwebtoken@^9.0.0:
-  version "9.0.0"
-  resolved "https://registry.yarnpkg.com/jsonwebtoken/-/jsonwebtoken-9.0.0.tgz#d0faf9ba1cc3a56255fe49c0961a67e520c1926d"
-  integrity sha512-tuGfYXxkQGDPnLJ7SibiQgVgeDgfbPq2k2ICcbgqW8WxWLBAxKQM/ZCu/IT8SOSwmaYl4dpTFCW5xZv7YbbWUw==
+jsonwebtoken@^9.0.2:
+  version "9.0.2"
+  resolved "https://registry.yarnpkg.com/jsonwebtoken/-/jsonwebtoken-9.0.2.tgz#65ff91f4abef1784697d40952bb1998c504caaf3"
+  integrity sha512-PRp66vJ865SSqOlgqS8hujT5U4AOgMfhrwYIuIhfKaoSCZcirrmASQr8CX7cUg+RMih+hgznrjp99o+W4pJLHQ==
   dependencies:
     jws "^3.2.2"
-    lodash "^4.17.21"
+    lodash.includes "^4.3.0"
+    lodash.isboolean "^3.0.3"
+    lodash.isinteger "^4.0.4"
+    lodash.isnumber "^3.0.3"
+    lodash.isplainobject "^4.0.6"
+    lodash.isstring "^4.0.1"
+    lodash.once "^4.0.0"
     ms "^2.1.1"
-    semver "^7.3.8"
+    semver "^7.5.4"
 
 jsprim@^2.0.2:
   version "2.0.2"
@@ -21212,6 +21218,16 @@ lodash.get@^4.4.2:
   resolved "https://registry.yarnpkg.com/lodash.get/-/lodash.get-4.4.2.tgz#2d177f652fa31e939b4438d5341499dfa3825e99"
   integrity sha1-LRd/ZS+jHpObRDjVNBSZ36OCXpk=
 
+lodash.includes@^4.3.0:
+  version "4.3.0"
+  resolved "https://registry.yarnpkg.com/lodash.includes/-/lodash.includes-4.3.0.tgz#60bb98a87cb923c68ca1e51325483314849f553f"
+  integrity sha512-W3Bx6mdkRTGtlJISOvVD/lbqjTlPPUDTMnlXZFnVwi9NKJ6tiAk6LVdlhZMm17VZisqhKcgzpO5Wz91PCt5b0w==
+
+lodash.isboolean@^3.0.3:
+  version "3.0.3"
+  resolved "https://registry.yarnpkg.com/lodash.isboolean/-/lodash.isboolean-3.0.3.tgz#6c2e171db2a257cd96802fd43b01b20d5f5870f6"
+  integrity sha512-Bz5mupy2SVbPHURB98VAcw+aHh4vRV5IPNhILUCsOzRmsTmSQ17jIuqopAentWoehktxGd9e/hbIXq980/1QJg==
+
 lodash.isempty@^4.4.0:
   version "4.4.0"
   resolved "https://registry.yarnpkg.com/lodash.isempty/-/lodash.isempty-4.4.0.tgz#6f86cbedd8be4ec987be9aaf33c9684db1b31e7e"
@@ -21227,6 +21243,16 @@ lodash.isfunction@^3.0.9:
   resolved "https://registry.yarnpkg.com/lodash.isfunction/-/lodash.isfunction-3.0.9.tgz#06de25df4db327ac931981d1bdb067e5af68d051"
   integrity sha512-AirXNj15uRIMMPihnkInB4i3NHeb4iBtNg9WRWuK2o31S+ePwwNmDPaTL3o7dTJ+VXNZim7rFs4rxN4YU1oUJw==
 
+lodash.isinteger@^4.0.4:
+  version "4.0.4"
+  resolved "https://registry.yarnpkg.com/lodash.isinteger/-/lodash.isinteger-4.0.4.tgz#619c0af3d03f8b04c31f5882840b77b11cd68343"
+  integrity sha512-DBwtEWN2caHQ9/imiNeEA5ys1JoRtRfY3d7V9wkqtbycnAmTvRRmbHKDV4a0EYc678/dia0jrte4tjYwVBaZUA==
+
+lodash.isnumber@^3.0.3:
+  version "3.0.3"
+  resolved "https://registry.yarnpkg.com/lodash.isnumber/-/lodash.isnumber-3.0.3.tgz#3ce76810c5928d03352301ac287317f11c0b1ffc"
+  integrity sha512-QYqzpfwO3/CWf3XP+Z+tkQsfaLL/EnUlXWVkIk5FUPc4sBdTehEqZONuyRt2P67PXAk+NXmTBcc97zw9t1FQrw==
+
 lodash.isobject@^3.0.2:
   version "3.0.2"
   resolved "https://registry.yarnpkg.com/lodash.isobject/-/lodash.isobject-3.0.2.tgz#3c8fb8d5b5bf4bf90ae06e14f2a530a4ed935e1d"
@@ -21252,10 +21278,10 @@ [email protected], lodash.merge@^4.6.2:
   resolved "https://registry.yarnpkg.com/lodash.merge/-/lodash.merge-4.6.2.tgz#558aa53b43b661e1925a0afdfa36a9a1085fe57a"
   integrity sha512-0KpjqXRVvrYyCsX1swR/XTK0va6VQkQM6MNo7PqW77ByjAhoARA8EfrP1N4+KlKj8YS0ZUCtRT/YUuhyYDujIQ==
 
-lodash.once@^4.1.1:
+lodash.once@^4.0.0, lodash.once@^4.1.1:
   version "4.1.1"
   resolved "https://registry.yarnpkg.com/lodash.once/-/lodash.once-4.1.1.tgz#0dd3971213c7c56df880977d504c88fb471a97ac"
-  integrity sha1-DdOXEhPHxW34gJd9UEyI+0cal6w=
+  integrity sha512-Sb487aTOCr9drQVL8pIxOzVhafOjZN9UU54hiN8PU3uAiSV7lx1yYNpbNmex2PK6dSJoNTSJUUswT651yww3Mg==
 
 lodash.set@^4.3.2:
   version "4.3.2"