diff --git a/CHANGELOG.md b/CHANGELOG.md
index a07436a..ac59b4b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,9 @@
+# 3.2.1
+
+### Fixes
+
+- [45](https://github.com/okta/okta-jwt-verifier-js/pull/45) - freezes `njwt` version
+
 # 3.2.0
 
 ### Features
diff --git a/package.json b/package.json
index 221e955..dca9110 100644
--- a/package.json
+++ b/package.json
@@ -1,7 +1,7 @@
 {
   "name": "@okta/jwt-verifier",
   "private": true,
-  "version": "3.2.0",
+  "version": "3.2.1",
   "description": "Easily validate Okta access tokens",
   "repository": "https://github.com/okta/okta-jwt-verifier-js",
   "homepage": "https://github.com/okta/okta-jwt-verifier-js",
@@ -38,7 +38,7 @@
   "license": "Apache-2.0",
   "dependencies": {
     "jwks-rsa": "^3.1.0",
-    "njwt": "^2.0.0"
+    "njwt": "2.0.0"
   },
   "resolutions": {
     "minimist": "^1.2.6",
diff --git a/yarn.lock b/yarn.lock
index a1a5fb7..915bff2 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -2843,7 +2843,7 @@ nice-try@^1.0.4:
   resolved "https://registry.yarnpkg.com/nice-try/-/nice-try-1.0.5.tgz#a3378a7696ce7d223e88fc9b764bd7ef1089e366"
   integrity sha512-1nh45deeb5olNY7eX82BkPO7SSxR5SSYJiPTrTdFUVYwAl8CKMA5N9PjTYkHiRjisVcxcQ1HXdLhx2qxxJzLNQ==
 
-njwt@^2.0.0:
+njwt@2.0.0:
   version "2.0.0"
   resolved "https://registry.yarnpkg.com/njwt/-/njwt-2.0.0.tgz#da8b7ad995980de67b8069dad63949d2bd5df27d"
   integrity sha512-1RcqirhCqThBEe4KO83pFg0wPBa1c9NiXNCrocD2EbZqb6ksWWDVnp/w/p0gsyUcVa05PhhaaPjs9rc/GLmdxQ==