[BB2-1670] Bump jwcrypto version to 1.4.x to mediate H vuln #1052
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
JIRA Ticket:
BB2-1670
User Story or Bug Summary:
Resolve HIGH vulnerability from SNYK report:
https://app.snyk.io/org/bluebutton-oeda/project/8713e682-ab82-4e90-957c-4940c9210e66
Fix: Upgrade jwcrypto to version 1.4
Dependabot PR: #1048
AC:
Upgrade jwcrypto version to address HIGH vulnerability per SNYK.
What Does This PR Do?
Bump the version of jwcrypto to 1.4.X to mediate a High vulnerability.
What Should Reviewers Watch For?
If you're reviewing this PR, please check these things, in particular:
What Security Implications Does This PR Have?
Submitters should complete the following questionnaire:
What Needs to Be Merged and Deployed Before this PR?
This PR cannot be either merged or deployed until the following pre-requisite changes have been fully deployed:
Any Migrations?
Submitter Checklist
I have gone through and verified that...:
README
updates and changelog / release notes entries.TODO
and/orFIXME
comments, which include a JIRA ticket ID for any items that require urgent attention.