Switch to locally maintained passport-twitter to address security issue

2022-07-19 11:39:58 +01:00 · 2022-07-19 11:39:58 +01:00 · 23a513b38a
parent 351d52c1f8
commit 23a513b38a
2 changed files with 34 additions and 30 deletions
--- a/package-lock.json
+++ b/package-lock.json
@ -16,7 +16,7 @@
        "passport-github2": "^0.1.12",
        "passport-google-oauth20": "^2.0.0",
        "passport-oauth2": "^1.6.1",
-        "passport-twitter": "^1.0.4",
+        "passport-twitter": "github:paul90/passport-twitter#48b52556f48e4e8f7c55288baaf3ba3076eeba16",
        "persona-pass": "^0.2.1",
        "qs": "^6.7.0",
        "whatwg-fetch": "^3.2.0"
@ -4953,14 +4953,27 @@
    },
    "node_modules/passport-twitter": {
      "version": "1.0.4",
-      "resolved": "https://registry.npmjs.org/passport-twitter/-/passport-twitter-1.0.4.tgz",
-      "integrity": "sha512-qvdauqCqCJJci82mJ9hZZQ6nAv7aSHV31svL8+9H7mRlDdXCdfU6AARQrmmJu3DRmv9fvIebM7zzxR7mVufN3A==",
+      "resolved": "git+ssh://git@github.com/paul90/passport-twitter.git#48b52556f48e4e8f7c55288baaf3ba3076eeba16",
+      "integrity": "sha512-WbbNRO2MNa4bBCanq76s5Gh00y+ZacMHJPy+y8MQ0ddu+lb+sVdOghWHwcjSQp2M7fJMTVejxKTTbkuTdv2azw==",
+      "license": "MIT",
      "dependencies": {
        "passport-oauth1": "1.x.x",
-        "xtraverse": "0.1.x"
+        "xtraverse": "github:paul90/node-xtraverse#3eab06b77d3fa7eff2cc7f25b639cfee7d678d06"
      },
      "engines": {
        "node": ">= 0.4.0"
+      },
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/jaredhanson"
+      }
+    },
+    "node_modules/passport-twitter/node_modules/@xmldom/xmldom": {
+      "version": "0.8.2",
+      "resolved": "https://registry.npmjs.org/@xmldom/xmldom/-/xmldom-0.8.2.tgz",
+      "integrity": "sha512-+R0juSseERyoPvnBQ/cZih6bpF7IpCXlWbHRoCRzYzqpz6gWHOgf8o4MOEf6KBVuOyqU+gCNLkCWVIJAro8XyQ==",
+      "engines": {
+        "node": ">=10.0.0"
      }
    },
    "node_modules/passport-twitter/node_modules/oauth": {
@ -5001,21 +5014,12 @@
        "node": ">= 0.4.0"
      }
    },
-    "node_modules/passport-twitter/node_modules/xmldom": {
-      "version": "0.1.31",
-      "resolved": "https://registry.npmjs.org/xmldom/-/xmldom-0.1.31.tgz",
-      "integrity": "sha512-yS2uJflVQs6n+CyjHoaBmVSqIDevTAWrzMmjG1Gc7h1qQ7uVozNhEPJAwZXWyGQ/Gafo3fCwrcaokezLPupVyQ==",
-      "deprecated": "Deprecated due to CVE-2021-21366 resolved in 0.5.0",
-      "engines": {
-        "node": ">=0.1"
-      }
-    },
    "node_modules/passport-twitter/node_modules/xtraverse": {
      "version": "0.1.0",
-      "resolved": "https://registry.npmjs.org/xtraverse/-/xtraverse-0.1.0.tgz",
-      "integrity": "sha512-MANQdlG2hl1nQobxz1Rv8hsS1RuBS0C1N6qTOupv+9vmfrReePdxhmB2ecYjvsp4stJ80HD7erjkoF1Hd/FK9A==",
+      "resolved": "git+ssh://git@github.com/paul90/node-xtraverse.git#3eab06b77d3fa7eff2cc7f25b639cfee7d678d06",
+      "integrity": "sha512-2SuOgxSVcwgRxIKNX8GOl7MLGiMdari+CKZ3nfgihFtany19d85HrrH/pItSMiMX9DxEpouDQVa2yqba3AhhJQ==",
      "dependencies": {
-        "xmldom": "0.1.x"
+        "@xmldom/xmldom": "^0.8.2"
      },
      "engines": {
        "node": ">= 0.4.0"
@ -9161,14 +9165,19 @@
      }
    },
    "passport-twitter": {
-      "version": "1.0.4",
-      "resolved": "https://registry.npmjs.org/passport-twitter/-/passport-twitter-1.0.4.tgz",
-      "integrity": "sha512-qvdauqCqCJJci82mJ9hZZQ6nAv7aSHV31svL8+9H7mRlDdXCdfU6AARQrmmJu3DRmv9fvIebM7zzxR7mVufN3A==",
+      "version": "git+ssh://git@github.com/paul90/passport-twitter.git#48b52556f48e4e8f7c55288baaf3ba3076eeba16",
+      "integrity": "sha512-WbbNRO2MNa4bBCanq76s5Gh00y+ZacMHJPy+y8MQ0ddu+lb+sVdOghWHwcjSQp2M7fJMTVejxKTTbkuTdv2azw==",
+      "from": "passport-twitter@paul90/passport-twitter#48b52556f48e4e8f7c55288baaf3ba3076eeba16",
      "requires": {
        "passport-oauth1": "1.x.x",
-        "xtraverse": "0.1.x"
+        "xtraverse": "github:paul90/node-xtraverse#3eab06b77d3fa7eff2cc7f25b639cfee7d678d06"
      },
      "dependencies": {
+        "@xmldom/xmldom": {
+          "version": "0.8.2",
+          "resolved": "https://registry.npmjs.org/@xmldom/xmldom/-/xmldom-0.8.2.tgz",
+          "integrity": "sha512-+R0juSseERyoPvnBQ/cZih6bpF7IpCXlWbHRoCRzYzqpz6gWHOgf8o4MOEf6KBVuOyqU+gCNLkCWVIJAro8XyQ=="
+        },
        "oauth": {
          "version": "0.9.15",
          "resolved": "https://registry.npmjs.org/oauth/-/oauth-0.9.15.tgz",
@ -9194,17 +9203,12 @@
          "resolved": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz",
          "integrity": "sha512-pMZTvIkT1d+TFGvDOqodOclx0QWkkgi6Tdoa8gC8ffGAAqz9pzPTZWAybbsHHoED/ztMtkv/VoYTYyShUn81hA=="
        },
-        "xmldom": {
-          "version": "0.1.31",
-          "resolved": "https://registry.npmjs.org/xmldom/-/xmldom-0.1.31.tgz",
-          "integrity": "sha512-yS2uJflVQs6n+CyjHoaBmVSqIDevTAWrzMmjG1Gc7h1qQ7uVozNhEPJAwZXWyGQ/Gafo3fCwrcaokezLPupVyQ=="
-        },
        "xtraverse": {
-          "version": "0.1.0",
-          "resolved": "https://registry.npmjs.org/xtraverse/-/xtraverse-0.1.0.tgz",
-          "integrity": "sha512-MANQdlG2hl1nQobxz1Rv8hsS1RuBS0C1N6qTOupv+9vmfrReePdxhmB2ecYjvsp4stJ80HD7erjkoF1Hd/FK9A==",
+          "version": "git+ssh://git@github.com/paul90/node-xtraverse.git#3eab06b77d3fa7eff2cc7f25b639cfee7d678d06",
+          "integrity": "sha512-2SuOgxSVcwgRxIKNX8GOl7MLGiMdari+CKZ3nfgihFtany19d85HrrH/pItSMiMX9DxEpouDQVa2yqba3AhhJQ==",
+          "from": "xtraverse@github:paul90/node-xtraverse#3eab06b77d3fa7eff2cc7f25b639cfee7d678d06",
          "requires": {
-            "xmldom": "0.1.x"
+            "@xmldom/xmldom": "^0.8.2"
          }
        }
      }
--- a/package.json
+++ b/package.json
@ -12,7 +12,7 @@
    "passport-github2": "^0.1.12",
    "passport-google-oauth20": "^2.0.0",
    "passport-oauth2": "^1.6.1",
-    "passport-twitter": "^1.0.4",
+    "passport-twitter": "github:paul90/passport-twitter#48b52556f48e4e8f7c55288baaf3ba3076eeba16",
    "persona-pass": "^0.2.1",
    "qs": "^6.7.0",
    "whatwg-fetch": "^3.2.0"