Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Deprecated dependencies #12

Open
stephenhand opened this issue Apr 12, 2022 · 1 comment
Open

Deprecated dependencies #12

stephenhand opened this issue Apr 12, 2022 · 1 comment

Comments

@stephenhand
Copy link

First of all, thanks for building this!

Unfortunately since it was last updated, there are some known security vulnerabilities in it's dependencies. It depends directly, and transitively via twit on request, which has been fully deprecated since 2020. Now the last version of request has a version of json-schema in it's tree that has a known vuln.

Since request and twit are the 2 most critical dependencies of twittersignin I appreciate it would take a major effort to rework it to remove them, but just wanted to make the maintainer(s) aware
@shalvah
Copy link
Owner

shalvah commented Apr 17, 2022

Yeah, it would be a lot of effort. I doubt this library is actually affected by the vulnerabilities, since it uses a very specific set of functionality. But it would definitely be comforting to end-users; however, I don't have the time. Best solution would probably be to get rid of those deps and just reimplement everything here. Some day (or someone's PR...).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@stephenhand @shalvah