Open sn06work opened 1 year ago
There are vulnerabilities found in the request version 2.88.2 due to json-schema, qs, request.
Updating the json-schema, qs, request dependencies under request to patched in version in package.json
This is giving vulnerabilities on 'npm audit' in our project
The SSRF has a PR open it just needs a maintainer to merge it. https://github.com/request/request/pull/3444
The qs dependency is versioned on ~6.5.2, IE you just need to update your sub-dependencies.
qs
~6.5.2
Summary
There are vulnerabilities found in the request version 2.88.2 due to json-schema, qs, request.
Possible Solution
Updating the json-schema, qs, request dependencies under request to patched in version in package.json
Context
This is giving vulnerabilities on 'npm audit' in our project