Update dependency jwt-decode to v4 (bcgov#3196)

Co-authored-by: Renovate Bot <[email protected]>
Co-authored-by: Conor Brady <[email protected]>

.github/workflows/integration.yml

@@ -180,7 +180,7 @@ jobs:
     runs-on: ubuntu-22.04
     strategy:
       matrix:
-        node-version: [16.x]
+        node-version: [18.x]
     steps:
       - name: Checkout repo
         uses: actions/checkout@v4

.github/workflows/post_merge_integration.yml

@@ -175,7 +175,7 @@ jobs:
     runs-on: ubuntu-22.04
     strategy:
       matrix:
-        node-version: [16.x]
+        node-version: [18.x]
     steps:
       - name: Checkout repo
         uses: actions/checkout@v4

Dockerfile.web

@@ -9,7 +9,7 @@ ARG NODE_OPTIONS="--v8-pool-size=4"
 # Pull from local registry - we can't pull from docker due to limits.
 # see https://catalog.redhat.com/software/containers/ubi8/nodejs-14/5ed7887dd70cc50e69c2fabb for
 # details
-FROM registry.access.redhat.com/ubi8/nodejs-16 as static
+FROM registry.access.redhat.com/ubi8/nodejs-18 as static
 
 # Switch to root user for package installs
 USER 0

web/Dockerfile

@@ -1,4 +1,4 @@
-FROM node:19
+FROM node:18
 
 # Set working directory
 WORKDIR /app

web/package.json

@@ -38,7 +38,7 @@
     "eslint-plugin-react": "^7.29.4",
     "esri-leaflet": "3.0.11",
     "filefy": "^0.1.11",
-    "jwt-decode": "^3.1.2",
+    "jwt-decode": "^4.0.0",
     "keycloak-js": "^22.0.0",
     "leaflet": "^1.7.1",
     "lodash": "^4.17.21",

web/src/features/auth/components/MoreCast2AuthWrapper.tsx

@@ -1,4 +1,4 @@
-import * as jwtDecode from 'jwt-decode'
+import { jwtDecode } from 'jwt-decode'
 import React, { useEffect, useState } from 'react'
 import { useDispatch, useSelector } from 'react-redux'
 import { AppDispatch } from 'app/store'
@@ -38,7 +38,7 @@ const MoreCast2AuthWrapper = ({ children }: Props) => {
       if (window.location.href?.includes('access_token')) {
         const wf1Token = window.location.href.split('#access_token=')[1].split('&')[0]
         try {
-          jwtDecode.default(wf1Token)
+          jwtDecode(wf1Token)
           dispatch(wf1Authenticate(wf1Token))
           setRenderChildren(true)
         } catch (e) {

web/src/features/auth/slices/authenticationSlice.test.ts

@@ -11,7 +11,7 @@ import authReducer, {
   decodeIdir
 } from 'features/auth/slices/authenticationSlice'
 import sinon from 'sinon'
-import * as jwtDecode from 'jwt-decode'
+import * as jwt from 'jwt-decode'
 import { ROLES } from 'features/auth/roles'
 
 describe('authenticationSlice', () => {
@@ -33,17 +33,17 @@ describe('authenticationSlice', () => {
     client_roles: []
   }
   it('should return all roles of a user from a token', () => {
-    sandbox.stub(jwtDecode, 'default').returns(decodedAllRoles)
+    sandbox.stub(jwt, 'jwtDecode').returns(decodedAllRoles)
     const roles = decodeRoles(testToken)
     expect(roles).toEqual(Object.values(ROLES.HFI))
   })
   it('should return no roles if user token has none defined', () => {
-    sandbox.stub(jwtDecode, 'default').returns(decodedNoRoles)
+    sandbox.stub(jwt, 'jwtDecode').returns(decodedNoRoles)
     const roles = decodeRoles(testToken)
     expect(roles).toEqual([])
   })
   it('should return idir username from token', () => {
-    sandbox.stub(jwtDecode, 'default').returns(decodedNoRoles)
+    sandbox.stub(jwt, 'jwtDecode').returns(decodedNoRoles)
     const roles = decodeIdir(testToken)
     expect(roles).toEqual(idir_username)
   })
@@ -62,7 +62,7 @@ describe('authenticationSlice', () => {
       })
     })
     it('should set token with roles correctly when authentication finishes', () => {
-      sandbox.stub(jwtDecode, 'default').returns(decodedAllRoles)
+      sandbox.stub(jwt, 'jwtDecode').returns(decodedAllRoles)
       expect(
         authReducer(initialState, authenticateFinished({ isAuthenticated: true, token: testToken, idToken: testToken }))
       ).toEqual({
@@ -76,7 +76,7 @@ describe('authenticationSlice', () => {
       })
     })
     it('should set token without roles correctly when authentication finishes', () => {
-      sandbox.stub(jwtDecode, 'default').returns(decodedNoRoles)
+      sandbox.stub(jwt, 'jwtDecode').returns(decodedNoRoles)
       expect(
         authReducer(initialState, authenticateFinished({ isAuthenticated: true, token: testToken, idToken: testToken }))
       ).toEqual({
@@ -100,7 +100,7 @@ describe('authenticationSlice', () => {
       })
     })
     it('should set state correctly when token refreshes with roles', () => {
-      sandbox.stub(jwtDecode, 'default').returns(decodedAllRoles)
+      sandbox.stub(jwt, 'jwtDecode').returns(decodedAllRoles)
       expect(
         authReducer(initialState, refreshTokenFinished({ tokenRefreshed: true, token: testToken, idToken: testToken }))
       ).toEqual({
@@ -114,7 +114,7 @@ describe('authenticationSlice', () => {
       })
     })
     it('should set state correctly when token refreshes without roles', () => {
-      sandbox.stub(jwtDecode, 'default').returns(decodedNoRoles)
+      sandbox.stub(jwt, 'jwtDecode').returns(decodedNoRoles)
       expect(
         authReducer(initialState, refreshTokenFinished({ tokenRefreshed: true, token: testToken, idToken: testToken }))
       ).toEqual({
@@ -129,7 +129,7 @@ describe('authenticationSlice', () => {
     })
     describe('signout', () => {
       it('should unset isAuthenticated, roles and token states when signout is dispatched ', () => {
-        sandbox.stub(jwtDecode, 'default').returns(decodedAllRoles)
+        sandbox.stub(jwt, 'jwtDecode').returns(decodedAllRoles)
         const signedInState = {
           authenticating: false,
           isAuthenticated: true,
@@ -151,7 +151,7 @@ describe('authenticationSlice', () => {
         })
       })
       it('should unset isAuthenticated, roles, token and set error states when signout is dispatched and fails ', () => {
-        sandbox.stub(jwtDecode, 'default').returns(decodedAllRoles)
+        sandbox.stub(jwt, 'jwtDecode').returns(decodedAllRoles)
         const signedInState = {
           authenticating: false,
           isAuthenticated: true,

web/src/features/auth/slices/authenticationSlice.ts

@@ -1,7 +1,7 @@
 import { createSlice, PayloadAction } from '@reduxjs/toolkit'
 
 import { AppThunk } from 'app/store'
-import * as jwtDecode from 'jwt-decode'
+import { jwtDecode } from 'jwt-decode'
 import { logError } from 'utils/error'
 import { isUndefined } from 'lodash'
 import { TEST_AUTH, KC_AUTH_URL, KC_REALM, SM_LOGOUT_URL, KC_CLIENT } from 'utils/env'
@@ -109,7 +109,7 @@ export const decodeRoles = (token: string | undefined) => {
     return Object.values(ROLES.HFI)
   }
   // eslint-disable-next-line @typescript-eslint/no-explicit-any
-  const decodedToken: any = jwtDecode.default(token)
+  const decodedToken: any = jwtDecode(token)
   try {
     if (!isUndefined(decodedToken.client_roles)) {
       return decodedToken.client_roles
@@ -129,7 +129,7 @@ export const decodeIdir = (token: string | undefined) => {
     return 'test@idir'
   }
   // eslint-disable-next-line @typescript-eslint/no-explicit-any
-  const decodedToken: any = jwtDecode.default(token)
+  const decodedToken: any = jwtDecode(token)
   try {
     return decodedToken.idir_username
   } catch (e) {

web/yarn.lock

@@ -7852,10 +7852,10 @@ just-extend@^4.0.2:
   resolved "https://registry.yarnpkg.com/just-extend/-/just-extend-4.2.1.tgz#ef5e589afb61e5d66b24eca749409a8939a8c744"
   integrity sha512-g3UB796vUFIY90VIv/WX3L2c8CS2MdWUww3CNrYmqza1Fg0DURc2K/O4YrnklBdQarSJ/y8JnJYDGc+1iumQjg==
 
-jwt-decode@^3.1.2:
-  version "3.1.2"
-  resolved "https://registry.yarnpkg.com/jwt-decode/-/jwt-decode-3.1.2.tgz#3fb319f3675a2df0c2895c8f5e9fa4b67b04ed59"
-  integrity sha512-UfpWE/VZn0iP50d8cz9NrZLM9lSWhcJ+0Gt/nm4by88UL+J1SiKN8/5dkjMmbEzwL2CAe+67GsegCbIKtbp75A==
+jwt-decode@^4.0.0:
+  version "4.0.0"
+  resolved "https://registry.yarnpkg.com/jwt-decode/-/jwt-decode-4.0.0.tgz#2270352425fd413785b2faf11f6e755c5151bd4b"
+  integrity sha512-+KJGIyHgkGuIq3IEBNftfhW/LfWhXUIY6OmyVWjliu5KH1y0fw7VQ8YndE2O4qZdMSd9SqbnC8GOcZEy0Om7sA==
 
 keycloak-js@^22.0.0:
   version "22.0.4"