npm audit says there is a security issue for request package

TimonKK / clickhouse

NodeJS client for ClickHouse

Apache License 2.0

220 stars 122 forks source link

npm audit says there is a security issue for request package #149

Open jeanatpi opened 1 year ago

jeanatpi commented 1 year ago

Running npm audit gives me a security issue for request package:

Severity: moderate
Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6
No fix available
node_modules/request
  clickhouse  *
  Depends on vulnerable versions of request
  node_modules/clickhouse

2 moderate severity vulnerabilities

Looking at this package it looks like deprecated: https://www.npmjs.com/package/request

jeetonweb commented 1 year ago

The request package being not in support has lots of warnings. We got rid of from our application in favour of Axious.

However, we had to get it into the application because of Clickhouse dependency now!

alexey-milovidov commented 1 year ago

Maybe this will help: https://github.com/ClickHouse/clickhouse-js