fix: Security upgrade jsonwebtoken to 9.0.0 (#8431)

src/Adapters/Auth/apple.js

@@ -5,6 +5,7 @@ const Parse = require('parse/node').Parse;
 const jwksClient = require('jwks-rsa');
 const util = require('util');
 const jwt = require('jsonwebtoken');
+const authUtils = require('./utils');
 
 const TOKEN_ISSUER = 'https://appleid.apple.com';
 
@@ -30,21 +31,12 @@ const getAppleKeyByKeyId = async (keyId, cacheMaxEntries, cacheMaxAge) => {
   return key;
 };
 
-const getHeaderFromToken = token => {
-  const decodedToken = jwt.decode(token, { complete: true });
-  if (!decodedToken) {
-    throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, `provided token does not decode as JWT`);
-  }
-
-  return decodedToken.header;
-};
-
 const verifyIdToken = async ({ token, id }, { clientId, cacheMaxEntries, cacheMaxAge }) => {
   if (!token) {
     throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, `id token is invalid for this user.`);
   }
 
-  const { kid: keyId, alg: algorithm } = getHeaderFromToken(token);
+  const { kid: keyId, alg: algorithm } = authUtils.getHeaderFromToken(token);
   const ONE_HOUR_IN_MS = 3600000;
   let jwtClaims;