Move @types/jsonwebtoken to devDependencies

[bickelj]

By submitting a PR to this repository, you agree to the terms within the Auth0 Code of Conduct. Please see the contributing guidelines for how to create and submit a high-quality PR for this repo.

Description

This prevents dependencies (the usual non-dev dependencies) in downstream TypeScript projects from getting polluted with compile-time-only @types. It should fix #323 without impacting anything else. The build succeeds and passes.

References

#323

Testing

1. Create a TypeScript project that uses express-jwt in production dependencies and @types/jsonwebtoken in devDependencies.
2. npm install. Note that there are now @types in prod dependencies by examining package-lock.json.
3. Try the same again with the changes and note that fewer @types arrive in prod.

• This change adds test coverage for new/changed/fixed functionality

Checklist

• I have added documentation for new/changed functionality in this PR or in auth0.com/docs
• All active GitHub checks for tests, formatting, and security are passing
• The correct base branch is being used, if not the default branch

[felixmosh]

Any update on this one?

[bickelj]

@felixmosh 🤷

I see I only did 2 of 4 tasks, but I don't know what documentation or tests would need to change, which is why I left them undone.