Indirect dependency vulnerability through @asyncapi/generator

[anfern777]

Describe the bug "request" package has known vulnerabilities and is present in nestjs-asyncapi dependency tree through @asyncapi/generator

Details The request package, which is deprecated and has known vulnerabilities, is being included as a transitive dependency in the nestjs-asyncapi package. Below is the detailed dependency chain:

nestjs-asyncapi@1.3.0
├── @asyncapi/generator@1.13.1
│   └── @npmcli/arborist@^2.2.4
│       └── @npmcli/metavuln-calculator@^1.1.0
│           └── pacote@^11.1.11
│               └── @npmcli/run-script@^1.8.2
│                   └── node-gyp@^7.1.0
│                       └── request
└── @asyncapi/generator@1.13.1
    └── @npmcli/arborist@^2.2.4
        └── @npmcli/run-script@^1.8.2
            └── node-gyp@^7.1.0
                └── request

Proposed solution Upgrade @asyncapi/generator dependency to its latest minor version

Additional context Full description of the vulnerability here: https://github.com/advisories/GHSA-p8p7-x288-28g6

[github-actions[bot]]

Hello! Thank you for filing an issue.

If this is a bug report, please include relevant logs to help us debug the problem.

[lc-spxl]

I confirm this issue. Would the update to a recent async release introduce BC ?