passport-twitter icon indicating copy to clipboard operation
passport-twitter copied to clipboard

Published 20 hours ago verified publisher icon jaredhanson

Dependency problem: 3 vulnerabilities (2 moderate, 1 critical)

Open amochkin opened this issue 1 year ago • 3 comments

Dependency warning upon installation of passport-twitter.

Expected behavior

No warnings.

Actual behavior

$ npm i passport-twitter
3 vulnerabilities (2 moderate, 1 critical)

$ npm audit
node_modules/xmldom
  xtraverse  *
  Depends on vulnerable versions of xmldom
  node_modules/xtraverse
    passport-twitter  >=1.0.0
    Depends on vulnerable versions of xtraverse
    node_modules/passport-twitter

Steps to reproduce

$ npm i passport-twitter

Environment

  • Operating System: MacOS
  • Node version: 20
  • passport version: 0.6.0
  • passport-twitter version: 1.0.4

amochkin avatar Feb 12 '24 17:02 amochkin

Need to bump those deps. Thanks!

amochkin avatar Feb 12 '24 17:02 amochkin

any solution about those 3 vulnerabilites? One of those being critical!

Squishey avatar Apr 21 '24 00:04 Squishey

I noticed there is a PR that fixes this problem with some simple changes to the code. To use this version instead, just run: npm i https://github.com/ncluer/passport-twitter.git

That will install directly from the repository with the needed fixes. PR is here: https://github.com/jaredhanson/passport-twitter/pull/124

Olliebrown avatar Jul 29 '24 17:07 Olliebrown