version of unirest of kong need upgrade

[unclezoro]

For the Kong gateway, running npm audit shows one affected package

unirest needs your attention.

[ moderate ] Regular Expression Denial of Service vulnerable versions < 1.4.1 || > 2.0.0 < 2.0.3 found in:

• dependencies: unirest>mime [ moderate ] Prototype Pollution vulnerable versions <= 4.2.0 || >= 5.0.0 < 5.0.3 found in:
• dependencies: unirest>request>hawk>boom>hoek
• dependencies: unirest>request>hawk>cryptiles>boom>hoek
• dependencies: unirest>request>hawk>hoek
• dependencies: unirest>request>hawk>sntp>hoek [ moderate ] Memory Exposure vulnerable versions <0.6.0 found in:
• dependencies: unirest>request>tunnel-agent _ f) fix with npm install unirest@0.6.0

[bungle]

Can you elaborate more where this happens? Kong CE at least has no unirest, and I am pretty sure we don’t package it in any of our CE packages.