codeql/javascript/old-change-notes/2020-11-09-jwt.md

lgtm,codescanning

• The security queries now track taint through JWT decoding, and warns about hard-coded JWT signing keys. Affected packages are jsonwebtoken and jwt-decode