Fix Required: jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC #133

There is an library which need dependency jsonwebtoken as below.

@energyweb/origin-backend/11.0.2-alpha.1634225870.0_swagger-ui-express@4.1.6 => @nestjs/jwt/8.0.0_@nestjs+common@7.6.18 => jsonwebtoken/8.5.1
@energyweb/origin-backend/11.0.2-alpha.1634225870.0_swagger-ui-express@4.1.6 => passport-jwt/4.0.0 => jsonwebtoken/8.5.1
passport-jwt/4.0.1 => jsonwebtoken/9.0.2

[!NOTE] We have already upgraded the jsonwebtoken to the patched version >=9.0.0. But @energyweb/origin-backend library is not compatible with this.

So We need to resolve it only when the @energyweb/origin-backend library releases which is compatible with jsonwebtoken@9.0.0.

d-rec / drec-origin

Fix Required: jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC #133 #338