Snyk Reported issue with @okta/[email protected] > [email protected]

[RGanni49]

the package @okta/[email protected] is having [email protected] as a dependency\

https://www.npmjs.com/package/@okta/jwt-verifier?activeTab=dependencies

snyk has reported an issue with [email protected]

https://security.snyk.io/vuln/SNYK-JS-NJWT-6861582.

please check the attached image to view the issue reported by snyk.

is there an update that can resolve the issue for okta/jwt-verifier

[dansternfeld1]

Looks like @jaredperreault-okta is addressing this in #107
Thank you, Jared!

[nattap0l]

Hi i found error when start application

[email protected] is new version update i found error this below from @okta/[email protected]

/var/www/engine/project/node_modules/@okta/jwt-verifier/lib.js:241 
jwt[methodName] = method.bind({ body: jwtBodyProxy })
TypeError: Cannot assign to read only property 'setClaim' of object '[object Object]'
at /var/www/engine/project/node_modules/@okta/jwt-verifier/lib.js:241:29

Node.js v18.x.x

@dansternfeld1

[dansternfeld1]

Hi i found error when start application

[email protected] is new version update i found error this below from @okta/[email protected]

/var/www/engine/project/node_modules/@okta/jwt-verifier/lib.js:241  jwt[methodName] = method.bind({ body: jwtBodyProxy }) TypeError: Cannot assign to read only property 'setClaim' of object '[object Object]' at /var/www/engine/project/node_modules/@okta/jwt-verifier/lib.js:241:29

Node.js v18.x.x

@dansternfeld1

cc @jaredperreault-okta -- see above

[jaredperreault-okta]

@nattap0l This has been addressed in @okta/jwt-verifier package directly in version 3.2.1. 3.2.2 was also just released, which includes a fix for the CVE