Snyk Reported issue with @okta/jwt-verifier@3.0.0 > njwt@2.0.0

[RGanni49]

the package @okta/jwt-verifier@3.0.0 is having njwt@2.0.0 as a dependency\

https://www.npmjs.com/package/@okta/jwt-verifier?activeTab=dependencies

snyk has reported an issue with njwt@2.0.0

https://security.snyk.io/vuln/SNYK-JS-NJWT-6861582.

please check the attached image to view the issue reported by snyk.

is there an update that can resolve the issue for okta/jwt-verifier

[dansternfeld1]

Looks like @jaredperreault-okta is addressing this in #107
Thank you, Jared!

[nattap0l]

Hi i found error when start application

njwt@2.0.1 is new version update i found error this below from @okta/jwt-verifier@3.0.1

/var/www/engine/project/node_modules/@okta/jwt-verifier/lib.js:241 
jwt[methodName] = method.bind({ body: jwtBodyProxy })
TypeError: Cannot assign to read only property 'setClaim' of object '[object Object]'
at /var/www/engine/project/node_modules/@okta/jwt-verifier/lib.js:241:29

Node.js v18.x.x

@dansternfeld1

[dansternfeld1]

Hi i found error when start application

njwt@2.0.1 is new version update i found error this below from @okta/jwt-verifier@3.0.1

/var/www/engine/project/node_modules/@okta/jwt-verifier/lib.js:241  jwt[methodName] = method.bind({ body: jwtBodyProxy }) TypeError: Cannot assign to read only property 'setClaim' of object '[object Object]' at /var/www/engine/project/node_modules/@okta/jwt-verifier/lib.js:241:29

Node.js v18.x.x

@dansternfeld1

cc @jaredperreault-okta -- see above

[jaredperreault-okta]

@nattap0l This has been addressed in @okta/jwt-verifier package directly in version 3.2.1. 3.2.2 was also just released, which includes a fix for the CVE