You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Unfortunately since it was last updated, there are some known security vulnerabilities in it's dependencies. It depends directly, and transitively via twit on request, which has been fully deprecated since 2020. Now the last version of request has a version of json-schema in it's tree that has a known vuln.
Since request and twit are the 2 most critical dependencies of twittersignin I appreciate it would take a major effort to rework it to remove them, but just wanted to make the maintainer(s) aware
The text was updated successfully, but these errors were encountered:
Yeah, it would be a lot of effort. I doubt this library is actually affected by the vulnerabilities, since it uses a very specific set of functionality. But it would definitely be comforting to end-users; however, I don't have the time. Best solution would probably be to get rid of those deps and just reimplement everything here. Some day (or someone's PR...).
First of all, thanks for building this!
Unfortunately since it was last updated, there are some known security vulnerabilities in it's dependencies. It depends directly, and transitively via
twit
onrequest
, which has been fully deprecated since 2020. Now the last version ofrequest
has a version ofjson-schema
in it's tree that has a known vuln.Since
request
andtwit
are the 2 most critical dependencies oftwittersignin
I appreciate it would take a major effort to rework it to remove them, but just wanted to make the maintainer(s) awareThe text was updated successfully, but these errors were encountered: