VULNERABILITY! openid npm package 1.0.4 does not check return_to

[dilame]

It is necessary to update dependency from

"openid": "1.x.x"

to

"openid": "2.x.x"

[pronebird]

There is already a PR for that: #35

[Poikilos]

There was a fix but no PR, so I made it: #43

[rwky]

Forked and fixed in https://github.com/passport-next/passport-openid

Install with npm install @passport-next/passport-openid

[YasharF]

The openid npm module hasn't been touched in years and also has an issue with the use of now deprecated requestjs. It might be worth migrating off of openid to openid-client npm module which is more actively maintained.