Carlos Palminha
Carlos Palminha
followed the suggestion of moving it to a devDependency in my project. But it should be still considered a workaround, since other tools (e.g.: dependabot) are still claiming the issue
same here... ``` % npm audit # npm audit report nth-check
the vulnerable dependency is dependent of [email protected] ``` % npm list nth-check create-react-app@ /Users/palmito/Development/create-react-app ├─┬ cra-docs@ -> ./docusaurus/website │ └─┬ @docusaurus/[email protected] │ └─┬ @slorber/[email protected] │ └─┬ [email protected] │ └─┬ [email protected]...
The vulnerable dependency is caused by [svg-term-cli](https://github.com/marionebl/svg-term-cli) project seems to be abandoned for a couple of years (a lot of dependabot pull-requests getting rotten...)
@marionebl any feedback on svg-term-cli ?
moving the dependency to dev makes the vulnerability only dependent of svgr/webpack ``` % npm list nth-check [email protected] /Users/palmito/Development/risk-util-tool/webapp └─┬ [email protected] ├─┬ @svgr/[email protected] │ └─┬ @svgr/[email protected] │ └─┬ [email protected] │...
@DanielAtCosmicDNA same problem here with a different parameter: https://github.com/nextauthjs/next-auth/issues/5454
> While I like your idea @ThangHuuVu there is still one pain point for me: > > > throw an error if the object contains extra fields > > if...
@balazsorban44 @ThangHuuVu for sure this one is breaking a lot of production apps... at least for Azure AD or GitHub based (see related issues above)
more issues reporting similar OAuthAccountNotLinked problems with optional parameters: https://github.com/nextauthjs/next-auth/issues/1446 https://github.com/nextauthjs/next-auth/pull/5371