[8.6] Upgrade jsonwebtoken from 8 to 9 (#148128) (#149519)

# Backport

This will backport the following commits from `main` to `8.6`:
- [Upgrade jsonwebtoken from 8 to 9
(#148128)](https://github.com/elastic/kibana/pull/148128)

<!--- Backport version: 8.9.7 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT
[{"author":{"name":"Kurt","email":"kc13greiner@users.noreply.github.com"},"sourceCommit":{"committedDate":"2023-01-24T17:32:44Z","message":"Upgrade
jsonwebtoken from 8 to 9 (#148128)\n\n## Summary\r\n\r\nUpgrading the
`jsonwebtoken` library used in\r\n`cloud_integration/cloud_chat` plugin
from v8.5 to v9.0\r\n\r\n## Migration\r\nAfter reviewing the affected
code it looks like this upgrade shouldn't\r\ncause any breaking changes.
Please see the v8 --> v9 migration
guide\r\n[here](https://github.com/auth0/node-jsonwebtoken/wiki/Migration-Notes:-v8-to-v9)\r\n\r\n##
Questions for reviewers\r\n- What is the size and type of `secret` that
we are passing into\r\n`generateSignedJwt`?\r\n\r\nCo-authored-by:
kibanamachine
<42973632+kibanamachine@users.noreply.github.com>\r\nCo-authored-by:
Clint Andrew Hall
<clint.hall@elastic.co>","sha":"de4e53d712ed8d31ad2bee4065f54d472055511d","branchLabelMapping":{"^v8.7.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["Team:Security","release_note:skip","backport:all-open","ci:cloud-deploy","v8.7.0","v8.6.1"],"number":148128,"url":"https://github.com/elastic/kibana/pull/148128","mergeCommit":{"message":"Upgrade
jsonwebtoken from 8 to 9 (#148128)\n\n## Summary\r\n\r\nUpgrading the
`jsonwebtoken` library used in\r\n`cloud_integration/cloud_chat` plugin
from v8.5 to v9.0\r\n\r\n## Migration\r\nAfter reviewing the affected
code it looks like this upgrade shouldn't\r\ncause any breaking changes.
Please see the v8 --> v9 migration
guide\r\n[here](https://github.com/auth0/node-jsonwebtoken/wiki/Migration-Notes:-v8-to-v9)\r\n\r\n##
Questions for reviewers\r\n- What is the size and type of `secret` that
we are passing into\r\n`generateSignedJwt`?\r\n\r\nCo-authored-by:
kibanamachine
<42973632+kibanamachine@users.noreply.github.com>\r\nCo-authored-by:
Clint Andrew Hall
<clint.hall@elastic.co>","sha":"de4e53d712ed8d31ad2bee4065f54d472055511d"}},"sourceBranch":"main","suggestedTargetBranches":["8.6"],"targetPullRequestStates":[{"branch":"main","label":"v8.7.0","labelRegex":"^v8.7.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/148128","number":148128,"mergeCommit":{"message":"Upgrade
jsonwebtoken from 8 to 9 (#148128)\n\n## Summary\r\n\r\nUpgrading the
`jsonwebtoken` library used in\r\n`cloud_integration/cloud_chat` plugin
from v8.5 to v9.0\r\n\r\n## Migration\r\nAfter reviewing the affected
code it looks like this upgrade shouldn't\r\ncause any breaking changes.
Please see the v8 --> v9 migration
guide\r\n[here](https://github.com/auth0/node-jsonwebtoken/wiki/Migration-Notes:-v8-to-v9)\r\n\r\n##
Questions for reviewers\r\n- What is the size and type of `secret` that
we are passing into\r\n`generateSignedJwt`?\r\n\r\nCo-authored-by:
kibanamachine
<42973632+kibanamachine@users.noreply.github.com>\r\nCo-authored-by:
Clint Andrew Hall
<clint.hall@elastic.co>","sha":"de4e53d712ed8d31ad2bee4065f54d472055511d"}},{"branch":"8.6","label":"v8.6.1","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

package.json

@@ -541,7 +541,7 @@
     "json-stable-stringify": "^1.0.1",
     "json-stringify-pretty-compact": "1.2.0",
     "json-stringify-safe": "5.0.1",
-    "jsonwebtoken": "^8.3.0",
+    "jsonwebtoken": "^9.0.0",
     "jsts": "^1.6.2",
     "kea": "^2.4.2",
     "launchdarkly-js-client-sdk": "^2.22.1",
@@ -864,7 +864,7 @@
     "@types/json-schema": "^7",
     "@types/json-stable-stringify": "^1.0.32",
     "@types/json5": "^2.2.0",
-    "@types/jsonwebtoken": "^8.5.6",
+    "@types/jsonwebtoken": "^9.0.0",
     "@types/license-checker": "15.0.0",
     "@types/listr": "^0.14.0",
     "@types/loader-utils": "^2.0.3",

renovate.json

@@ -225,6 +225,36 @@
       "labels": ["Team: AWP: Visualization", "release_note:skip", "backport:skip"],
       "enabled": true,
       "prCreation": "immediate"
+    },
+    {
+      "groupName": "Cloud Defend",
+      "matchPackageNames": ["monaco-yaml"],
+      "reviewers": ["team:sec-cloudnative-integrations"],
+      "matchBaseBranches": ["main"],
+      "labels": ["Team: Cloud Native Integrations", "release_note:skip", "backport:skip"],
+      "enabled": true,
+      "prCreation": "immediate"
+    },
+    {
+      "groupName": "JSON Web Token",
+      "matchPackageNames": ["jsonwebtoken"],
+      "reviewers": [
+        "team:response-ops",
+        "team:kibana-core"
+      ],
+      "matchBaseBranches": ["main"],
+      "labels": ["release_note:skip", "backport:all-open"],
+      "enabled": true
+    },
+    {
+      "groupName": "XState",
+      "matchPackageNames": ["xstate"],
+      "matchPackagePrefixes": ["@xstate/"],
+      "reviewers": ["team:infra-monitoring-ui"],
+      "matchBaseBranches": ["main"],
+      "labels": ["Team:Infra Monitoring UI", "release_note:skip"],
+      "enabled": true,
+      "prCreation": "immediate"
     }
   ]
 }

yarn.lock

@@ -6928,10 +6928,10 @@
   dependencies:
     json5 "*"
 
-"@types/jsonwebtoken@^8.5.6":
-  version "8.5.6"
-  resolved "https://registry.yarnpkg.com/@types/jsonwebtoken/-/jsonwebtoken-8.5.6.tgz#1913e5a61e70a192c5a444623da4901a7b1a9d42"
-  integrity sha512-+P3O/xC7nzVizIi5VbF34YtqSonFsdnbXBnWUCYRiKOi1f9gA4sEFvXkrGr/QVV23IbMYvcoerI7nnhDUiWXRQ==
+"@types/jsonwebtoken@^9.0.0":
+  version "9.0.0"
+  resolved "https://registry.yarnpkg.com/@types/jsonwebtoken/-/jsonwebtoken-9.0.0.tgz#4db9bfaf276ef4fdc3608194fab8b8f2fd1c44f9"
+  integrity sha512-mM4TkDpA9oixqg1Fv2vVpOFyIVLJjm5x4k0V+K/rEsizfjD7Tk7LKk3GTtbB7KCfP0FEHQtsZqFxYA0+sijNVg==
   dependencies:
     "@types/node" "*"
 
@@ -17885,21 +17885,15 @@ jsonparse@^1.2.0:
   resolved "https://registry.yarnpkg.com/jsonparse/-/jsonparse-1.3.1.tgz#3f4dae4a91fac315f71062f8521cc239f1366280"
   integrity sha1-P02uSpH6wxX3EGL4UhzCOfE2YoA=
 
-jsonwebtoken@^8.3.0:
-  version "8.5.1"
-  resolved "https://registry.yarnpkg.com/jsonwebtoken/-/jsonwebtoken-8.5.1.tgz#00e71e0b8df54c2121a1f26137df2280673bcc0d"
-  integrity sha512-XjwVfRS6jTMsqYs0EsuJ4LGxXV14zQybNd4L2r0UvbVnSF9Af8x7p5MzbJ90Ioz/9TI41/hTCvznF/loiSzn8w==
+jsonwebtoken@^9.0.0:
+  version "9.0.0"
+  resolved "https://registry.yarnpkg.com/jsonwebtoken/-/jsonwebtoken-9.0.0.tgz#d0faf9ba1cc3a56255fe49c0961a67e520c1926d"
+  integrity sha512-tuGfYXxkQGDPnLJ7SibiQgVgeDgfbPq2k2ICcbgqW8WxWLBAxKQM/ZCu/IT8SOSwmaYl4dpTFCW5xZv7YbbWUw==
   dependencies:
     jws "^3.2.2"
-    lodash.includes "^4.3.0"
-    lodash.isboolean "^3.0.3"
-    lodash.isinteger "^4.0.4"
-    lodash.isnumber "^3.0.3"
-    lodash.isplainobject "^4.0.6"
-    lodash.isstring "^4.0.1"
-    lodash.once "^4.0.0"
+    lodash "^4.17.21"
     ms "^2.1.1"
-    semver "^5.6.0"
+    semver "^7.3.8"
 
 jsprim@^1.2.2:
   version "1.4.1"
@@ -18441,16 +18435,6 @@ lodash.get@^4.4.2:
   resolved "https://registry.yarnpkg.com/lodash.get/-/lodash.get-4.4.2.tgz#2d177f652fa31e939b4438d5341499dfa3825e99"
   integrity sha1-LRd/ZS+jHpObRDjVNBSZ36OCXpk=
 
-lodash.includes@^4.3.0:
-  version "4.3.0"
-  resolved "https://registry.yarnpkg.com/lodash.includes/-/lodash.includes-4.3.0.tgz#60bb98a87cb923c68ca1e51325483314849f553f"
-  integrity sha1-YLuYqHy5I8aMoeUTJUgzFISfVT8=
-
-lodash.isboolean@^3.0.3:
-  version "3.0.3"
-  resolved "https://registry.yarnpkg.com/lodash.isboolean/-/lodash.isboolean-3.0.3.tgz#6c2e171db2a257cd96802fd43b01b20d5f5870f6"
-  integrity sha1-bC4XHbKiV82WgC/UOwGyDV9YcPY=
-
 lodash.isempty@^4.4.0:
   version "4.4.0"
   resolved "https://registry.yarnpkg.com/lodash.isempty/-/lodash.isempty-4.4.0.tgz#6f86cbedd8be4ec987be9aaf33c9684db1b31e7e"
@@ -18466,16 +18450,6 @@ lodash.isfunction@^3.0.9:
   resolved "https://registry.yarnpkg.com/lodash.isfunction/-/lodash.isfunction-3.0.9.tgz#06de25df4db327ac931981d1bdb067e5af68d051"
   integrity sha512-AirXNj15uRIMMPihnkInB4i3NHeb4iBtNg9WRWuK2o31S+ePwwNmDPaTL3o7dTJ+VXNZim7rFs4rxN4YU1oUJw==
 
-lodash.isinteger@^4.0.4:
-  version "4.0.4"
-  resolved "https://registry.yarnpkg.com/lodash.isinteger/-/lodash.isinteger-4.0.4.tgz#619c0af3d03f8b04c31f5882840b77b11cd68343"
-  integrity sha1-YZwK89A/iwTDH1iChAt3sRzWg0M=
-
-lodash.isnumber@^3.0.3:
-  version "3.0.3"
-  resolved "https://registry.yarnpkg.com/lodash.isnumber/-/lodash.isnumber-3.0.3.tgz#3ce76810c5928d03352301ac287317f11c0b1ffc"
-  integrity sha1-POdoEMWSjQM1IwGsKHMX8RwLH/w=
-
 lodash.isobject@^3.0.2:
   version "3.0.2"
   resolved "https://registry.yarnpkg.com/lodash.isobject/-/lodash.isobject-3.0.2.tgz#3c8fb8d5b5bf4bf90ae06e14f2a530a4ed935e1d"
@@ -18501,7 +18475,7 @@ lodash.merge@4.6.2, lodash.merge@^4.6.2:
   resolved "https://registry.yarnpkg.com/lodash.merge/-/lodash.merge-4.6.2.tgz#558aa53b43b661e1925a0afdfa36a9a1085fe57a"
   integrity sha512-0KpjqXRVvrYyCsX1swR/XTK0va6VQkQM6MNo7PqW77ByjAhoARA8EfrP1N4+KlKj8YS0ZUCtRT/YUuhyYDujIQ==
 
-lodash.once@^4.0.0, lodash.once@^4.1.1:
+lodash.once@^4.1.1:
   version "4.1.1"
   resolved "https://registry.yarnpkg.com/lodash.once/-/lodash.once-4.1.1.tgz#0dd3971213c7c56df880977d504c88fb471a97ac"
   integrity sha1-DdOXEhPHxW34gJd9UEyI+0cal6w=
@@ -24023,6 +23997,13 @@ semver@^7.2.1, semver@^7.3.0, semver@^7.3.2, semver@^7.3.4, semver@^7.3.5, semve
   dependencies:
     lru-cache "^6.0.0"
 
+semver@^7.3.8:
+  version "7.3.8"
+  resolved "https://registry.yarnpkg.com/semver/-/semver-7.3.8.tgz#07a78feafb3f7b32347d725e33de7e2a2df67798"
+  integrity sha512-NB1ctGL5rlHrPJtFDVIVzTyQylMLu9N9VICA6HSFJo8MCGVTMW6gfpicwKmmK/dAjTOrqu5l63JJOpDSrAis3A==
+  dependencies:
+    lru-cache "^6.0.0"
+
 send@0.17.2:
   version "0.17.2"
   resolved "https://registry.yarnpkg.com/send/-/send-0.17.2.tgz#926622f76601c41808012c8bf1688fe3906f7820"