A Firefox add-on that restores the original destination of the links (from tweets) that have been shortened by the Twitter servers. It only runs while browsing Twitter's website (twitter.com).
# npm audit report
fast-json-patch <3.1.1
Severity: moderate
Starcounter-Jack JSON-Patch Prototype Pollution vulnerability - https://github.com/advisories/GHSA-8gh8-hqwg-xf34
fix available via `npm audit fix`
node_modules/fast-json-patch
ajv-merge-patch *
Depends on vulnerable versions of fast-json-patch
node_modules/ajv-merge-patch
addons-linter 0.35.0 - 5.26.0
Depends on vulnerable versions of ajv-merge-patch
node_modules/addons-linter
web-ext 1.0.0 - 7.6.0
Depends on vulnerable versions of addons-linter
Depends on vulnerable versions of firefox-profile
Depends on vulnerable versions of sign-addon
node_modules/web-ext
http-cache-semantics <4.1.1
Severity: high
http-cache-semantics vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-rc47-6667-2j5j
fix available via `npm audit fix`
node_modules/http-cache-semantics
jsonwebtoken <=8.5.1
Severity: moderate
jsonwebtoken unrestricted key type could lead to legacy keys usage - https://github.com/advisories/GHSA-8cf7-32gw-wr33
jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC - https://github.com/advisories/GHSA-hjrf-2m68-5959
jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify() - https://github.com/advisories/GHSA-qwph-4952-7xr6
fix available via `npm audit fix`
node_modules/jsonwebtoken
sign-addon *
Depends on vulnerable versions of jsonwebtoken
Depends on vulnerable versions of request
node_modules/sign-addon
request *
Severity: moderate
Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6
fix available via `npm audit fix`
node_modules/request
xml2js <0.5.0
Severity: moderate
xml2js is vulnerable to prototype pollution - https://github.com/advisories/GHSA-776f-qx25-q3cc
fix available via `npm audit fix`
node_modules/xml2js
firefox-profile <=4.2.2
Depends on vulnerable versions of xml2js
node_modules/firefox-profile
10 vulnerabilities (9 moderate, 1 high)
To address all issues, run:
npm audit fix
This PR updates the dated/vulnerable packages in package-lock.json
Dated/vulnerable packages reference (npm audit report):
This PR can also replace #29 #30 #31