update lru memoizer v2

[isidrok]

By submitting a PR to this repository, you agree to the terms within the Auth0 Code of Conduct. Please see the contributing guidelines for how to create and submit a high-quality PR for this repo.

Description

This library is using an outdated version of lru-memoizer, which in turn has a dependency on lru-cache. The lru-cache version it is using is pretty outdated and is no longer compatible with new versions, as a result applications depending on packages that use different versions break when bundling them.

References

Fixes #424

Testing

This should be covered by existing tests

Checklist

• I have added documentation for new/changed functionality in this PR or in auth0.com/docs
• All active GitHub checks for tests, formatting, and security are passing
• The correct base branch is being used, if not the default branch

[cschetan77]

@isidrok
Thanks for updating the PR — the changes look good to me overall.

The only concern I have is around node versions supported by lru-cache@11.
This version of lru-cache declares support for Node.js >=20, while the SDK still supports Node >=14.

At the moment, I don’t see any issues, our CI is passing on Node 14, 16, and 18, and nothing appears to be breaking. However, this does seems to introduce a real future risk. Patch releases of lru-cache@11 could start relying on newer Node APIs that aren’t available in older Node versions, which could lead to unexpected breakage for users.

Additionally, some environments enforce strict engine checks, which could cause CI or installs to fail even if the code itself still works.