fix(deps): bump the production-dependencies group across 1 directory with 2 updates

[dependabot]

Bumps the production-dependencies group with 2 updates in the / directory: jsonwebtoken and url-join.

Updates jsonwebtoken from 9.0.2 to 9.0.3

Changelog

Sourced from jsonwebtoken's changelog.

9.0.3 - 2025-12-04

• updates jws version to 4.0.1.

Commits

• ed59e76 chore: bump jws to 4.0.1 (#1007)
• See full diff in compare view

Updates url-join from 4.0.1 to 5.0.0

Release notes

Sourced from url-join's releases.

v5.0.0

New Features ✨

• Package is now distributed in the ECMAScript module syntax (see #76).
• Definitions for TypeScript are now included out of the box (see #74).

Enhancements 📝

• The the NPM package size has been reduced (see #65).

Breaking Changes 💥

• Support for all module formats besides ECMAScript modules have been dropped.

Migration 🚚

If you are a user of TypeScript you can remove @types/url-join from your project. The type definitions are now included in the package itself, so it is no longer required to keep a separate dependency around.

npm uninstall @types/url-join

Changelog

Sourced from url-join's changelog.

5.0.0 - 2022-03-23

• Add Dependabot config to keep dependencies up-to-date (#67) (e29fd4c9f6a3a1c29f50262c9323f1a4d8173de4), closes #67
• Add type definitions for TypeScript users (#74) (2cd46bcaff009a6701b33e16b1b9788c9a09130d), closes #74
• Bump mocha from 3.5.3 to 9.2.2 (ab6a39a2170083ebcefecfa0abcf80fc25a103ef)
• Change distributed code to use ECMAScript modules (#76) (caaafed544786b63b8db78d7df6d238ca1f0c6cb), closes #76
• Mark package as free of side-effects (#75) (86eeb03980b166572e02c7bbaf11c98656d04831), closes #75
• Reduce package size by adding "files" field (#65) (be56f575c9b723b83cfb066f5649f2cd83efb137), closes #65
• Regenerate package lockfile (#73) (b85aec29057ba269618781618e48dc173b941f9b), closes #73
• Rename master branch to 'main' (ea22d9342d6ad2de68a0132d176bf332507dc189)
• Replace Travis with Github Actions (#66) (2c0f6951939b86e7d1194fb21cf54cdfb8d9b1cf), closes #66
• update travis file (02991d8d220339d2073b1e5c1bcd069284c5372a)

Commits

• adccb32 5.0.0
• caaafed Change distributed code to use ECMAScript modules (#76)
• 86eeb03 Mark package as free of side-effects (#75)
• be56f57 Reduce package size by adding "files" field (#65)
• 2cd46bc Add type definitions for TypeScript users (#74)
• b85aec2 Regenerate package lockfile (#73)
• eef95f3 Merge pull request #71 from jfromaniello/rename-to-main
• 5a5db30 Bump conventional-changelog from 1.1.24 to 3.1.25
• ab6a39a Bump mocha from 3.5.3 to 9.2.2
• ea22d93 Rename master branch to 'main'
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by jonkoops, a new releaser for url-join since your current version.

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[dependabot]

Dependabot couldn't access the repository. Because of this, Dependabot cannot update this pull request.