npm audit failures due to jsonwebtoken

### Is this a feature request or a bug?

bug

### What is the current behavior?

`npm audit` in a package that depends on `"web-ext": "7.4.0"` fails due to vulnerable dependencies:

```
# npm audit report

jsonwebtoken  <=8.5.1
Severity: high
jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC - https://github.com/advisories/GHSA-hjrf-2m68-5959
jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify() - https://github.com/advisories/GHSA-qwph-4952-7xr6
jsonwebtoken unrestricted key type could lead to legacy keys usage  - https://github.com/advisories/GHSA-8cf7-32gw-wr33
jsonwebtoken has insecure input validation in jwt.verify function - https://github.com/advisories/GHSA-27h2-hvpr-p74q
fix available via `npm audit fix --force`
Will install web-ext@0.0.1, which is a breaking change
node_modules/jsonwebtoken
  sign-addon  *
  Depends on vulnerable versions of jsonwebtoken
  node_modules/sign-addon
    web-ext  >=1.0.0
    Depends on vulnerable versions of sign-addon
    node_modules/web-ext

3 vulnerabilities (2 moderate, 1 high)
```

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

npm audit failures due to jsonwebtoken #2578

Is this a feature request or a bug?

What is the current behavior?

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

npm audit failures due to jsonwebtoken #2578

Description

Is this a feature request or a bug?

What is the current behavior?

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions