Bump express-jwt from 6.1.1 to 7.5.0

[dependabot]

Bumps express-jwt from 6.1.1 to 7.5.0.

Changelog

Sourced from express-jwt's changelog.

7.5.0 - 2022-04-25

• export TokenGetter (eb7479b834fb0e052ffad4279394ce353bb13770)
• improve readme and some types. Closes #283 (1a67f69c8781179d3ce7e5f3de8ece40d31c1772), closes #283
• restore requestProperty (bf143d07497046b3e7921d3dd4bcbc18e2daeb67)

7.4.3 - 2022-04-21

• improve readme (bd2515bec698604c645decd5be93e4f401263662)

7.4.2 - 2022-04-20

• include '/dist' in package, closes #280 (cf2665d5581e76ed5742e7c2f34b8d05f91cfd18), closes #280

7.4.1 - 2022-04-20

• fix readme definition for revoked and secret callbacks (9015cf729cfbbf1b28a9646cccbf26d523dce1de)
• update changelog (05d7a78baaf76a2a881a95666b0ec7349729d957)

7.4.0 - 2022-04-20

• handle authorization header in cors when is upper cased. fixes #180, #173 (ab0ee806416e3a5a48ef8a1017a298e1a666b17a), closes #180 #173

7.3.0 - 2022-04-20

• add support for capital Authorization header. closes #200 (6c0698b513e11ff1d4b152e070a627f5092be801), closes #200

7.2.0 - 2022-04-20

• Add example on how to enable jwt for specific path (280511342522f11a90da93187a44af1a1b3cf5eb)
• Fix link to auth0.com (b04cb9dea9a9fb2dc999a8dbf30ba6f204f50d15)
• remove travis badge (a854342c28f7186ec70e298124b4d650a26767b2)
• Update docs to continue error handling on mismatch (627b358d07b19d299964a5ef18a772db9b6426e2)
• Update README.md (8d7af267189a49f42b88807d236647bd7398fde3)

7.1.0 - 2022-04-20

• add support for async, closes #249 (72236ec1cfb0e7847351c83908be1d84141e30f1), closes #249
• update changelog (cb50ed43b2de9ae9be8643e7834640fa912ef367)

7.0.0 - 2022-04-20

• Convert the project to typescript and improve typescript (2b43ccb7252f2cc2fb3c2655a252fd7ae58ce0dd)

6.1.2 - 2022-04-20

• fix: package.json & package-lock.json to reduce vulnerabilities (c7881ad378063236d85b1e1b0f4a252b63b8e75b)

Commits

• ab80afe 7.5.0
• 1a67f69 improve readme and some types. Closes #283
• bf143d0 restore requestProperty
• eb7479b export TokenGetter
• 65457ac 7.4.3
• bd2515b improve readme
• 6f8f56c 7.4.2
• cf2665d include '/dist' in package, closes #280
• ef6d488 7.4.1
• 9015cf7 fix readme definition for revoked and secret callbacks
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dfellis]

@dependabot rebase

[dfellis]

This PR is blocked on auth0/node-jwks-rsa#297 being merged and we upgrade both of those simultaneously.

[dfellis]

So, putting this PR on hold for now because it blew up staging. It appears the req.user type has changed, too, and our dashboard goes into an infinite loop of errors because of it.

We need to wait for @types/express-jwt to be updated, too, to get this PR over the line.

[dependabot]

A newer version of express-jwt exists, but since this PR has been edited by someone other than Dependabot I haven't updated it. You'll get a PR for the updated version as normal once this PR is merged.

[dfellis]

Attempted to tackle this again, but stuck on the Request type being incorrect, also it looks like express-jwt@7.x no longer has the req.user type, but req.auth so I am weary of upgrading without type safety here and opened an issue: auth0/express-jwt#298

[dfellis]

@dependabot recreate

[dependabot]

Looks like express-jwt is updatable in another way, so this is no longer needed.