search

jotform / jotform-api-nodejs

JotForm API - NodeJS Client
GNU General Public License v2.0
33 stars 26 forks source link

Vulnerable Dependencies in Package #33

Open chialuka opened 1 year ago

chialuka commented 1 year ago

Running npm audit in a project with Jotform installed returns this result amongst others:

node_modules/tunnel-agent
  request  2.2.6 - 2.86.0
  Depends on vulnerable versions of form-data
  Depends on vulnerable versions of hawk
  Depends on vulnerable versions of http-signature
  Depends on vulnerable versions of mime
  Depends on vulnerable versions of qs
  Depends on vulnerable versions of tunnel-agent
  node_modules/request
    jotform  *
    Depends on vulnerable versions of request
    node_modules/jotform

The main issue here is that Jotform depends on a vulnerable version of request

wojtekmaj commented 1 year ago

For anyone looking for a solution, my fork has this issue resolved.