search

request / request

🏊🏾 Simplified HTTP request client.
Apache License 2.0
25.67k stars 3.14k forks source link

Vulnerabilities found on latest version of request #3445

Open sn06work opened 1 year ago

sn06work commented 1 year ago

Summary

There are vulnerabilities found in the request version 2.88.2 due to json-schema, qs, request.

Screenshot 2023-03-20 at 3 31 15 PM

Possible Solution

Updating the json-schema, qs, request dependencies under request to patched in version in package.json

Context

This is giving vulnerabilities on 'npm audit' in our project

software version
request 2.88.2
node 19.5.0
npm
Operating System MacOS
phawxby commented 1 year ago

The SSRF has a PR open it just needs a maintainer to merge it. https://github.com/request/request/pull/3444

The qs dependency is versioned on ~6.5.2, IE you just need to update your sub-dependencies.