Migrate off passport-twitter

YasharF commented 1 year ago

https://www.npmjs.com/package/passport-twitter is unmaintained. The last update was 7 years ago.
It is using a dependency that has a critical vulnerability
There are on-going twitter API changes that may warrant additional changes.

RE: security issue

xmldom  *
Severity: critical
Misinterpretation of malicious XML input - https://github.com/advisories/GHSA-5fg8-2547-mr8q
Misinterpretation of malicious XML input - https://github.com/advisories/GHSA-h6q6-9hqw-rwfv
xmldom allows multiple root nodes in a DOM - https://github.com/advisories/GHSA-crh6-fp67-6883
fix available via `npm audit fix --force`
Will install passport-twitter@0.1.5, which is a breaking change
node_modules/xmldom
  jxon  *
  Depends on vulnerable versions of xmldom
  node_modules/jxon
  xtraverse  *
  Depends on vulnerable versions of xmldom
  node_modules/xtraverse
    passport-twitter  >=1.0.0
    Depends on vulnerable versions of xtraverse
    node_modules/passport-twitter

YasharF commented 1 year ago

In the recent months Twitter API has got much more restrictive as well and the original API example is no longer going to be viable because apps can no longer read tweets for free. https://developer.twitter.com/en/docs/twitter-api/getting-started/about-twitter-api

YasharF commented 1 year ago

Fixed by https://github.com/sahat/hackathon-starter/commit/b734b033626cbe5e0800a017c55af98df6e0fb53

sahat / hackathon-starter

Migrate off passport-twitter #1228