diff --git a/package-lock.json b/package-lock.json index 122a2990a8..fa76698e12 100644 --- a/package-lock.json +++ b/package-lock.json @@ -54,7 +54,7 @@ "jsesc": "^3.0.2", "json5": "^2.2.3", "jsonpath-plus": "^8.0.0", - "jsonwebtoken": "^9.0.0", + "jsonwebtoken": "8.5.1", "jsqr": "^1.4.0", "jsrsasign": "^11.1.0", "kbpgp": "2.1.15", @@ -9712,9 +9712,9 @@ } }, "node_modules/jsonwebtoken": { - "version": "9.0.2", - "resolved": "https://registry.npmjs.org/jsonwebtoken/-/jsonwebtoken-9.0.2.tgz", - "integrity": "sha512-PRp66vJ865SSqOlgqS8hujT5U4AOgMfhrwYIuIhfKaoSCZcirrmASQr8CX7cUg+RMih+hgznrjp99o+W4pJLHQ==", + "version": "8.5.1", + "resolved": "https://registry.npmjs.org/jsonwebtoken/-/jsonwebtoken-8.5.1.tgz", + "integrity": "sha512-XjwVfRS6jTMsqYs0EsuJ4LGxXV14zQybNd4L2r0UvbVnSF9Af8x7p5MzbJ90Ioz/9TI41/hTCvznF/loiSzn8w==", "dependencies": { "jws": "^3.2.2", "lodash.includes": "^4.3.0", @@ -9725,43 +9725,21 @@ "lodash.isstring": "^4.0.1", "lodash.once": "^4.0.0", "ms": "^2.1.1", - "semver": "^7.5.4" - }, - "engines": { - "node": ">=12", - "npm": ">=6" - } - }, - "node_modules/jsonwebtoken/node_modules/lru-cache": { - "version": "6.0.0", - "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz", - "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==", - "dependencies": { - "yallist": "^4.0.0" + "semver": "^5.6.0" }, "engines": { - "node": ">=10" + "node": ">=4", + "npm": ">=1.4.28" } }, "node_modules/jsonwebtoken/node_modules/semver": { - "version": "7.6.0", - "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.0.tgz", - "integrity": "sha512-EnwXhrlwXMk9gKu5/flx5sv/an57AkRplG3hTK68W7FRDN+k+OWBj65M7719OkA82XLBxrcX0KSHj+X5COhOVg==", - "dependencies": { - "lru-cache": "^6.0.0" - }, + "version": "5.7.1", + "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz", + "integrity": "sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==", "bin": { - "semver": "bin/semver.js" - }, - "engines": { - "node": ">=10" + "semver": "bin/semver" } }, - "node_modules/jsonwebtoken/node_modules/yallist": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz", - "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==" - }, "node_modules/jsqr": { "version": "1.4.0", "license": "Apache-2.0" diff --git a/package.json b/package.json index 6e2965f0bb..64e6d5d9b5 100644 --- a/package.json +++ b/package.json @@ -135,7 +135,7 @@ "jsesc": "^3.0.2", "json5": "^2.2.3", "jsonpath-plus": "^8.0.0", - "jsonwebtoken": "^9.0.0", + "jsonwebtoken": "8.5.1", "jsqr": "^1.4.0", "jsrsasign": "^11.1.0", "kbpgp": "2.1.15", diff --git a/src/core/operations/JWTSign.mjs b/src/core/operations/JWTSign.mjs index e4756c2b58..af46908e66 100644 --- a/src/core/operations/JWTSign.mjs +++ b/src/core/operations/JWTSign.mjs @@ -50,12 +50,7 @@ class JWTSign extends Operation { try { return jwt.sign(input, key, { - algorithm: algorithm === "None" ? "none" : algorithm, - - // To utilize jsonwebtoken 9+ library and maintain backwards compatibility for regression tests - // This could be turned into operation args in a future PR - allowInsecureKeySizes: true, - allowInvalidAsymmetricKeyTypes: true + algorithm: algorithm === "None" ? "none" : algorithm }); } catch (err) { throw new OperationError(`Error: Have you entered the key correctly? The key should be either the secret for HMAC algorithms or the PEM-encoded private key for RSA and ECDSA.