Closed aakashbhatiaaccenture closed 4 months ago
PETOSS-381
Thanks for raising an issue, a ticket has been created to track your request
They have known about this for over a year, and not seeming to care. I feel this package is unmaintained. They are updating the xero api endpoints, but not maintaining any security updates.
Apologies for the delay. We have removed direct dependencies on request module in version 5.0.0. We will soon remove it from other nested package dependencies.
Apologies for the delay. We have removed direct dependencies on request module in version 5.0.0. We will soon remove it from other nested package dependencies.
Thanks very much, really appreciate it
this issue is fixed in latest version of xero-node.
SDK you're using (please complete the following information):
Describe the bug xero-node >=4.0.0-alpha.1 depends on vulnerable versions of request. The request package itself is depreciated.
To Reproduce Steps to reproduce the behavior:
Expected behavior It should not make use of the depreciated package. Instead it could one the following listed packages: https://github.com/request/request/issues/3143