From c9b3fa1d0f4393e593277734f78b55276797113e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E0=A4=95=E0=A4=BE=E0=A4=B0=E0=A4=A4=E0=A5=8B=E0=A4=AB?= =?UTF-8?q?=E0=A5=8D=E0=A4=AB=E0=A5=87=E0=A4=B2=E0=A4=B8=E0=A5=8D=E0=A4=95?= =?UTF-8?q?=E0=A5=8D=E0=A4=B0=E0=A4=BF=E0=A4=AA=E0=A5=8D=E0=A4=9F=E2=84=A2?= Date: Tue, 12 Mar 2024 17:22:31 +0100 Subject: [PATCH] fix(core): Remove jwks-rsa/jose to address CVE-2024-28176 (no-changelog) (#8868) --- packages/cli/package.json | 1 - pnpm-lock.yaml | 40 +-------------------------------------- 2 files changed, 1 insertion(+), 40 deletions(-) diff --git a/packages/cli/package.json b/packages/cli/package.json index e338827891..592d5dd5b7 100644 --- a/packages/cli/package.json +++ b/packages/cli/package.json @@ -134,7 +134,6 @@ "json-diff": "1.0.6", "jsonschema": "1.4.1", "jsonwebtoken": "9.0.0", - "jwks-rsa": "3.0.1", "ldapts": "4.2.6", "lodash": "4.17.21", "luxon": "3.3.0", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 0c57d2d5e1..c56d7765e7 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -521,9 +521,6 @@ importers: jsonwebtoken: specifier: 9.0.0 version: 9.0.0 - jwks-rsa: - specifier: 3.0.1 - version: 3.0.1 ldapts: specifier: 4.2.6 version: 4.2.6 @@ -10354,6 +10351,7 @@ packages: resolution: {integrity: sha512-c5ltxazpWabia/4UzhIoaDcIza4KViOQhdbjRlfcIGVnsE3c3brkz9Z+F/EeJIECOQP7W7US2hNE930cWWkPiw==} dependencies: '@types/node': 18.16.16 + dev: true /@types/linkify-it@3.0.2: resolution: {integrity: sha512-HZQYqbiFVWufzCwexrvh694SOim8z2d+xJl5UNamcvQFejLY/2YUtzXHYi3cHdI7PMlS8ejH2slRAOJQ32aNbA==} @@ -18373,10 +18371,6 @@ packages: resolution: {integrity: sha512-bF7vcQxbODoGK1imE2P9GS9aw4zD0Sd+Hni68IMZLj7zRnquH7dXUmMw9hDI5S/Jzt7q+IyTXN0rSg2GI0IKhQ==} dev: false - /jose@4.11.4: - resolution: {integrity: sha512-94FdcR8felat4vaTJyL/WVdtlWLlsnLMZP8v+A0Vru18K3bQ22vn7TtpVh3JlgBFNIlYOUlGqwp/MjRPOnIyCQ==} - dev: false - /js-base64@3.7.2: resolution: {integrity: sha512-NnRs6dsyqUXejqk/yv2aiXlAvOs56sLkX6nUdeaNezI5LFFLlsZjOThmwnrcwh5ZZRwZlCMnVAY3CvhIhoVEKQ==} dev: false @@ -18788,20 +18782,6 @@ packages: safe-buffer: 5.2.1 dev: false - /jwks-rsa@3.0.1: - resolution: {integrity: sha512-UUOZ0CVReK1QVU3rbi9bC7N5/le8ziUj0A2ef1Q0M7OPD2KvjEYizptqIxGIo6fSLYDkqBrazILS18tYuRc8gw==} - engines: {node: '>=14'} - dependencies: - '@types/express': 4.17.21 - '@types/jsonwebtoken': 9.0.1 - debug: 4.3.4(supports-color@8.1.1) - jose: 4.11.4 - limiter: 1.1.5 - lru-memoizer: 2.1.4 - transitivePeerDependencies: - - supports-color - dev: false - /jws@3.2.2: resolution: {integrity: sha512-YHlZCB6lMTllWDtSPHz/ZXTsi8S00usEV6v1tjq8tOUZzw7DpSDWVXjXDre6ed1w/pd495ODpHZYSdkRTsa0HA==} dependencies: @@ -19281,10 +19261,6 @@ packages: engines: {node: '>=14'} dev: true - /limiter@1.1.5: - resolution: {integrity: sha512-FWWMIEOxz3GwUI4Ts/IvgVy6LPvoMPgjMdQ185nN6psJyBJ4yOpzqm695/h5umdLJg2vW3GR5iG11MAkR2AzJA==} - dev: false - /lines-and-columns@1.2.4: resolution: {integrity: sha512-7ylylesZQ/PV29jhEDl3Ufjo6ZX7gCqJr5F7PKrqc93v7fzSymt1BpwEU8nAUXs8qzzvqhbjhK5QZg6Mt/HkBg==} dev: true @@ -19543,13 +19519,6 @@ packages: dependencies: tslib: 2.6.1 - /lru-cache@4.0.2: - resolution: {integrity: sha512-uQw9OqphAGiZhkuPlpFGmdTU2tEuhxTourM/19qGJrxBPHAr/f8BT1a0i/lOclESnGatdJG/UCkP9kZB/Lh1iw==} - dependencies: - pseudomap: 1.0.2 - yallist: 2.1.2 - dev: false - /lru-cache@4.1.5: resolution: {integrity: sha512-sWZlbEP2OsHNkXrMl5GYk/jKk70MBng6UU4YI/qGDYbgf6YbP4EvmqISbXCoJiRKs+1bSpFHVgQxvJ17F2li5g==} dependencies: @@ -19577,13 +19546,6 @@ packages: resolution: {integrity: sha512-ERJq3FOzJTxBbFjZ7iDs+NiK4VI9Wz+RdrrAB8dio1oV+YvdPzUEE4QNiT2VD51DkIbCYRUUzCRkssXCHqSnKQ==} engines: {node: 14 || >=16.14} - /lru-memoizer@2.1.4: - resolution: {integrity: sha512-IXAq50s4qwrOBrXJklY+KhgZF+5y98PDaNo0gi/v2KQBFLyWr+JyFvijZXkGKjQj/h9c0OwoE+JZbwUXce76hQ==} - dependencies: - lodash.clonedeep: 4.5.0 - lru-cache: 4.0.2 - dev: false - /lunr@2.3.9: resolution: {integrity: sha512-zTU3DaZaF3Rt9rhN3uBMGQD3dD2/vFQqnvZCDv4dl5iOzq2IZQqTxu90r4E5J+nP70J3ilqVCrbho2eWaeW8Ow==} dev: true