-
Notifications
You must be signed in to change notification settings - Fork 13
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Twitch] 'uuid' problem #14
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Bug report
Current Behavior
Currently, when I install this package and set up the routes as per the documentation, the app fails to compile due to the following error:
If I remove any reference to this package, it works fine (albeit without authentication obviously).
I noticed that something required by this package uses a very old version of
uuid
, because when installing this, I get the warning:npm WARN deprecated [email protected]: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic.
. Usingnpm ls uuid
shows that[email protected]
which depends on[email protected]
(which in itself is deprecated) uses[email protected]
which is horribly out of date and deprecated, and this package depends onpassport-twitch-latest
(which hasn't been updated for over 2 years).Expected behavior
I expect for it to work as described
Suggested solution(s)
I believe changing to not use something that has a very out of date dependency of uuid will work (for example, this one, which doesn't use
request
at all, so nouuid
dependency), since everything in nestjs uses[email protected]
, and in version 7 of uuid, using subpaths was deprecated and in version 8 it was removed entirely (hence the./v4
error above I believe).Additional context
I'll also put this here, but if you want a separate issue let me know, but it would be nice to officially support v9 of nestjs and v0.6 of passport, since this package has a dependency of
nestjs@^8.0.7
andpassport@^0.5.0
and I want to keep my packages updated without loads of warnings and I don't like having to use--force
. And on top of that,[email protected]
is deprecated due to a security issue (Passport before 0.6.0 vulnerable to session regeneration when a users logs in or out - https://github.com/advisories/GHSA-v923-w3x8-wh69
), but I suppose if you move away frompassport-twitch-latest
to a more up-to-date alternative or make your own, that will most likely be fixed (although my suggestion above still depends onpassport@^0.5.0
but maybe forcing to use 0.6.0 will work).Your environment
The text was updated successfully, but these errors were encountered: