aacerox / node-rest-client

REST API client from node.js
MIT License
377 stars 132 forks source link

(Urgent) Security update + General update for dependencies #213

Closed JL102 closed 2 years ago

JL102 commented 2 years ago

NPM package follow-redirects was updated to patch the security vulnerability CVE-2022-0155. Node-rest-client depends on this package and as such, any package which depends on node-rest-client may be vulnerable.

In my fork, I also updated debug and xml2js, and there seems to be no difference in functionality. Additionally, NodeJS has deprecated the Buffer() constructor and replaced it with Buffer.from(). This has also been updated.

JL102 commented 2 years ago

Until this has been merged with master & new version has been released, I've uploaded a fork, available here: https://www.npmjs.com/package/@firstteam102/node-rest-client

JL102 commented 2 years ago

@aacerox Thanks! Are you going to publish the new version on NPM?

aacerox commented 2 years ago

Hi!!

I've had some problems with npm but finally I've just published a new version with your pull request

Thanks