dependencies upgrade of module superagent due to a public vulnerability

honeycombio / libhoney-js

Javascript library for sending data to Honeycomb

Apache License 2.0

49 stars 28 forks source link

dependencies upgrade of module superagent due to a public vulnerability #410

Closed bhavishraj closed 3 months ago

bhavishraj commented 3 months ago

Versions

Node: 20.1.0
Libhoney: 4.2.0

Description

Dependent module superagent had a public vulnerability with formidable dependency in version 8, and hence have released v9.0.0+ with the fix. More info is present in the link: https://github.com/ladjs/superagent/pull/1800 Can you please look into it and upgrade dependency for superagent accordingly. (Please include any relevant CVE advisory links)

MikeGoldsmith commented 3 months ago

Thanks for creating the issue @bhavishraj - we've been waiting for superagent to resolve their security issue but took a while due their package dependency chain.

MikeGoldsmith commented 3 months ago

Hi @bhavishraj - libhoney 4.3.0 has now been released with the updated superagent dependency.