You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I uninstalled the old passport-twitter module, and am now using @passport-js/passport-twitter@1.0.7
I thought this would resolve the npm audit issue, but when I ran npm audit again, it still lists xmldom as an issue, now pointing at @passport-js/xtraverse.
xmldom *
Severity: critical
xmldom allows multiple root nodes in a DOM - https://github.com/advisories/GHSA-crh6-fp67-6883
Misinterpretation of malicious XML input - https://github.com/advisories/GHSA-5fg8-2547-mr8q
No fix available
node_modules/xmldom
@passport-js/xtraverse *
Depends on vulnerable versions of xmldom
node_modules/@passport-js/xtraverse
@passport-js/passport-twitter *
Depends on vulnerable versions of @passport-js/xtraverse
node_modules/@passport-js/passport-twitter
Is this a false positive or has it yet to be fixed?
Could anyone clear this up?
The text was updated successfully, but these errors were encountered:
I'm trying to resolve the issue mentioned here: jaredhanson/passport-twitter#107
I uninstalled the old passport-twitter module, and am now using
@passport-js/passport-twitter@1.0.7
I thought this would resolve the npm audit issue, but when I ran npm audit again, it still lists
xmldom
as an issue, now pointing at@passport-js/xtraverse
.Is this a false positive or has it yet to be fixed?
Could anyone clear this up?
The text was updated successfully, but these errors were encountered: