Dependency problem: 3 vulnerabilities (2 moderate, 1 critical)

Question

Dependency problem: 3 vulnerabilities (2 moderate, 1 critical)

Opened this issue 9 months ago · 3 comments

Dependency warning upon installation of passport-twitter.

Expected behavior

No warnings.

Actual behavior

$ npm i passport-twitter
3 vulnerabilities (2 moderate, 1 critical)

$ npm audit
node_modules/xmldom
  xtraverse  *
  Depends on vulnerable versions of xmldom
  node_modules/xtraverse
    passport-twitter  >=1.0.0
    Depends on vulnerable versions of xtraverse
    node_modules/passport-twitter

Steps to reproduce

$ npm i passport-twitter

Environment

Operating System: MacOS
Node version: 20
passport version: 0.6.0
passport-twitter version: 1.0.4

Answer 1 · 2024-02-12T17:46:11.000Z

Need to bump those deps. Thanks!

Answer 2 · 2024-04-21T00:10:56.000Z

any solution about those 3 vulnerabilites? One of those being critical!

Answer 3 · 2024-07-29T17:38:41.000Z

I noticed there is a PR that fixes this problem with some simple changes to the code. To use this version instead, just run:
npm i https://github.com/ncluer/passport-twitter.git

That will install directly from the repository with the needed fixes. PR is here: #124