Bump node-jose from 0.9.5 to 2.2.0

[dependabot[bot]]

Bumps node-jose from 0.9.5 to 2.2.0.

Changelog

Sourced from node-jose's changelog.

Release Notes

2.0.1 (2021-11-15)

The changes in this release are only dependency updates.

Update

• update dependencies using minor releases for buffer, and lodash
• updated devDependencies using minor releases for bowser, browserify-istanbul, chai, gulp-eslint, gulp-istanbul, gulp-rename, json-loader, karma, karma-chrome-launcher, karma-coverage, karma-firefox-launcher, karma-mocha-reporter, karma-safari-applescript-launcher, karma-sauce-launcher, karma-sourcemap-loader, mocha, run-sequence, webpack-stream, and yargs
• updated devDependencies use major release for webpack, and karma-webpack

2.0.0 (2020-09-20)

While all of the changes in this release are only dependency updates and otherwise patch-level changes, it does break compatibility with versions of node.js older than version 10.

Update

• switch to karma-safari-applescript-launcher for improved local Safari testing (a0db723)
• update dependencies for karma, karma-mocha, mocha, webpack-stream, and yargs (96ee8ff)
• update node-forge to latest (shahar-h)(277aab5)
• cherry-pick lodash modules to effect smaller footprint (tychenjianjun)(003ef1c)
• replace browserify-zlib with pako (taymoork2)(85610d6)

1.1.4 (2020-03-26)

Bug Fixes

• fixed issues when used in react-native (8126622)
• fixed incorrect usage of node-forge buffers (7e46c1f) (4014f5c)
• updated dependencies.

Style

• avoid using var shorthands for UglifyJS's sake (44edb0a)

1.1.3 (2019-03-18)

• fail to verify PS signatures with incorrect padding in node (93399b6)

1.1.2 (2019-02-28)

• replaced outdated vulnerable lodash dependencies (b9c4f0e)

... (truncated)

Commits

• 4d78fe8 2.2.0
• 992c1cb build(deps-dev): bump mocha from 10.1.0 to 10.2.0 (#411)
• 901d915 Merge pull request from GHSA-5h4j-qrvg-9xhw
• e95481a Merge pull request #398 from batrudinych/alg-doc-fix
• a27dd90 Fix tests (#409)
• 61655ad Dependency updates (2/n) (#408)
• 2f9d052 .github: Add CodeQL workflow (#407)
• 9a2d404 build(deps): bump uuid from 8.3.2 to 9.0.0 (#392)
• 6649d96 build(deps-dev): bump karma from 6.4.0 to 6.4.1 (#393)
• 88b5e6d build(deps): bump long from 5.2.0 to 5.2.1 (#401)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by justaugustus, a new releaser for node-jose since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/ONSdigital/eq-survey-runner/network/alerts).

[dependabot[bot]]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.