fix(security): patch express-jwt to stable candidate

[Thenkei]

Definition of Done

General

• [ ] Write an explicit title for the Pull Request, following Conventional Commits specification
• [ ] Test manually the implemented changes
• [ ] Validate the code quality (indentation, syntax, style, simplicity, readability)

Security

• [ ] Consider the security impact of the changes made

[Thenkei]

Remaining high vulnerabilities.

[Thenkei]

Looking at the dependencies I see the following ones that shouldn't be there and moved to devDependencies.

@babel/runtime base32-encode bitwise-xor otplib

[arnaudbesnier]

What is the ClickUp task related to this contribution? Can we have some context about this intent?

[codeclimate[bot]]

Code Climate has analyzed commit 30bb0be0 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (70% is the threshold).

This pull request will bring the total coverage in the repository to 60.1%.

View more on Code Climate.

[forest-bot]

Task linked: CU-28z7uf2 🔥🔥🔥 P1 - Docker compose and alpine

[Thenkei]

What is the ClickUp task related to this contribution? Can we have some context about this intent?

Some client are having issue due to the non-conventional express-jwt we were using (recent regression to fix security issues).

Another related issue: https://community.forestadmin.com/t/unable-to-install-express-jwt-as-dependency-package-after-updating-forest-express-sequelize-package-to-latest-version-i-e-8-5-4/4598

[forest-bot]

Task linked: CU-28ze01f 🔥🔥 P2 - forest-espress - Unable to install express-jwt as dependency package

[forest-bot]

:tada: This PR is included in version 9.4.7 :tada:

The release is available on:

• npm package (@latest dist-tag)
• GitHub release
• v9.4.7

Your semantic-release bot :package::rocket: