fix: CVE 2024 34273 (#418)

OKTA-731002 chore: bumps njwt version
okta · Jun 17, 2024 · fc90ccf · fc90ccf
1 parent afe225c
commit fc90ccf
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 8 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,11 @@
 # Okta Node SDK Changelog
 
+# 7.1.1
+
+### Fixes
+
+- [#418](https://github.com/okta/okta-sdk-nodejs/pull/418) fix: upgrades `njwt` version to `2.0.1` to pull in [CVE-2024-34273](https://www.cve.org/CVERecord?id=CVE-2024-34273) resolution
+
 # 7.1.0
 
 ### Features

diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@okta/okta-sdk-nodejs",
-  "version": "7.1.0",
+  "version": "7.1.1",
   "description": "Okta API wrapper for Node.js",
   "engines": {
     "node": ">=14.0"
@@ -40,7 +40,7 @@
     "https-proxy-agent": "^5.0.0",
     "js-yaml": "^4.1.0",
     "lodash": "^4.17.20",
-    "njwt": "^1.0.0",
+    "njwt": "^2.0.1",
     "node-fetch": "^2.6.7",
     "parse-link-header": "^2.0.0",
     "rasha": "^1.2.5",

diff --git a/yarn.lock b/yarn.lock
@@ -3670,14 +3670,14 @@ nise@^5.1.0:
     just-extend "^4.0.2"
     path-to-regexp "^1.7.0"
 
-njwt@^1.0.0:
-  version "1.1.0"
-  resolved "https://registry.yarnpkg.com/njwt/-/njwt-1.1.0.tgz#9ae48b96df915dced5c2f49caebdd93c0950d708"
-  integrity sha512-lL9oQIc9GYy9ILyHpSTSEhcZHiB0yvCDBWf9EDGLYo2D+8oSZwzhIV5WV0bFEfIqmCIL720ZQyDCXyJM6YrpaQ==
+njwt@^2.0.1:
+  version "2.0.1"
+  resolved "https://registry.yarnpkg.com/njwt/-/njwt-2.0.1.tgz#21a224c33ab1468f903210b1f45a20181adb6600"
+  integrity sha512-HwFeZsPJ1aOhIjMjqT9Qv7BOsQbkxjRVPPSdFXNOTEkfKpr9+O6OX+dSN6TxxIErSYSqrmlDR4H2zOGOpEbZLA==
   dependencies:
     "@types/node" "^15.0.1"
     ecdsa-sig-formatter "^1.0.5"
-    uuid "^3.3.2"
+    uuid "^8.3.2"
 
 node-fetch@^2.6.0, node-fetch@^2.6.1, node-fetch@^2.6.7:
   version "2.6.7"
@@ -4806,7 +4806,7 @@ [email protected], uuid@^8.3.2:
   resolved "https://registry.yarnpkg.com/uuid/-/uuid-8.3.2.tgz#80d5b5ced271bb9af6c445f21a1a04c606cefbe2"
   integrity sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==
 
-uuid@^3.3.2, uuid@^3.3.3:
+uuid@^3.3.3:
   version "3.4.0"
   resolved "https://registry.yarnpkg.com/uuid/-/uuid-3.4.0.tgz#b23e4358afa8a202fe7a100af1f5f883f02007ee"
   integrity sha512-HjSDRw6gZE5JMggctHBcjVak08+KEVhSIiDzFnT9S9aegmp85S/bReBVTb4QTFaRNptJ9kuYaNhnbNEOkbKb/A==