Issue on a dependency - CVE-2023-26136

request / request-promise

The simplified HTTP request client 'request' with Promise support. Powered by Bluebird.

ISC License

4.77k stars 297 forks source link

Closed Reni88 closed 6 months ago

Reni88 commented 9 months ago

Hi,

Good day. Just wanted to inform that we encountered a security issue on one of request-promise dependency for its version 4.2.6:

Dependency: tough-cookie Version: 2.5.0

It is raised under this CVE ID: CVE-2023-26136

If this was already discussed and resolution was already delivered. Let us know. Thank you.

Reni88 commented 6 months ago

Hi, As this package has been deprecated. We decided to just migrate to an alternative. Closing this now.