Razorpay Version 2.9.1 for NodeJS uses Vulnerable Dependencies

[jeetchheda]

[Abhishekucs]

I removed the request and its dependent package and used node-fetch for the same. Created a pull request fix:ssrf #376. Please check.

[jeetchheda]

Guys, what is the update with this bugfix ? Please get it tested and live soon. Waiting on you guys to make my project reach 0 vulnerabilities.

[charanjit-singh]

@razorpay-sanjib @aishrazorpay @amitrazorpay @bala-razorpay @KanhaRazorpay @tanmayrazorpay

[gaganbiswas]

Created a PR #397 which resolves the issue. Used axios instead of request and request-promise.

Here is the comparison chart for alternatives of request package: https://github.com/sindresorhus/got#comparison

P.S.: Wanted to use got but they don't support commonjs anymore since v11 (which is no longer maintained), so used axios instead.