Update dependency jsonwebtoken to v9

[mend-for-github-com]

This PR contains the following updates:

Package	Type	Update	Change
jsonwebtoken	dependencies	major	^8.5.1 → ^9.0.0

By merging this PR, the issue #6 will be automatically resolved and closed:

Severity	CVSS Score	Vulnerability	Reachability
High	7.5	CVE-2025-65945	Unreachable
Medium	6.4	CVE-2022-23540	Unreachable
Medium	5.9	CVE-2022-23539	Unreachable
Medium	5.3	CVE-2022-25883	Unreachable
Medium	5.0	CVE-2022-23541	Unreachable

---

Release Notes

auth0/node-jsonwebtoken (jsonwebtoken)

v9.0.0

Compare Source

Breaking changes: See Migration from v8 to v9

Breaking changes

• Removed support for Node versions 11 and below.
• The verify() function no longer accepts unsigned tokens by default. ([8345030]8345030)
• RSA key size must be 2048 bits or greater. ([ecdf6cc]ecdf6cc)
• Key types must be valid for the signing / verification algorithm

Security fixes

• security: fixes Arbitrary File Write via verify function - CVE-2022-23529
• security: fixes Insecure default algorithm in jwt.verify() could lead to signature validation bypass - CVE-2022-23540
• security: fixes Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC - CVE-2022-23541
• security: fixes Unrestricted key type could lead to legacy keys usage - CVE-2022-23539

---

• If you want to rebase/retry this PR, check this box