I opened a ticket there but this module seems abandoned, https://github.com/havard/node-openid/issues/175 so I don't think that this will be fixed there, soon.
Unfortunately there is no openid version (not even v2) that has this fixed, so I don't know how this could be fixed with passport-openid (maybe depend on a different module, other than openid ? )
Hello,
right now passport-openid depends on openid module -> depends on request@^2.61.0 which has a memory leak vulnerability (https://github.com/request/request/issues/2938) .
I opened a ticket there but this module seems abandoned, https://github.com/havard/node-openid/issues/175 so I don't think that this will be fixed there, soon. Unfortunately there is no openid version (not even v2) that has this fixed, so I don't know how this could be fixed with passport-openid (maybe depend on a different module, other than openid ? )
Thank you