build(jwt-cli): removing problematic package

thomasleplus · thomasleplus · commit facd00bb4851 · 2025-11-10T22:11:00.000+01:00
jwt-cli has issues running headless in docker (see troyharvey/jwt-cli#37) and it pulls fast-jwt 1.5.1 which has two medium vulnerabilities (see https://osv.dev/GHSA-c2ff-88x2-x9pg and https://osv.dev/GHSA-gm45-q3v2-6cf8). Let's remove it for now unless someone asks for it.
diff --git a/json/docker-compose.test.yml b/json/docker-compose.test.yml
@@ -25,7 +25,6 @@ services:
         jq --version # jq
         npx jslint --version # jslint
         npx jsonlint --help # jsonlint
-        echo 'eyJhbGciOiJub25lIn0.e30.' | npx jwt-cli # checkov:skip=CKV_SECRET_9: [JSON Web Token]: not a real secret # jwt-cli
         mlr --version # miller
         npm --version # npm
         openssl --version # openssl
diff --git a/json/package-lock.json b/json/package-lock.json
diff --git a/json/package.json b/json/package.json
@@ -4,7 +4,6 @@
   "dependencies": {
     "jslint": "0.12.1",
     "jsonpath-plus": "10.3.0",
-    "jwt-cli": "2.0.0",
     "prettier": "3.6.2",
     "prettyjson": "1.2.5",
     "v8r": "5.1.0"
