Closed scottdickerson closed 2 years ago
put in this PR to address:
https://github.com/jaredhanson/passport-openidconnect/pull/79
I've decided to remove the discovery and dynamic client registration capabilities from this strategy. These features were never fully baked, and the functionality is best implemented outside of an authentication strategy. As such, this package no longer depends on request.
Closing.
The request package has a dependency on http-signature which has two security exposures:
https://vuln.whitesourcesoftware.com/vulnerability/CVE-2019-20149 https://github.com/jonschlinkert/kind-of/commit/975c13a7cfaf25d811475823824af3a9c04b0ba8
Since request is now deprecated can you move the library to use axios or fetch.