Closed antony closed 1 year ago
Thanks, @antony. Any chance you could submit a PR?
@otisg I might be able to yeah - will do as soon as I'm able to.
This is now more critical as a vulnerability (CVE-2023-28155) was published recently, so it's now tripping npm audit.
@otisg is it on Sematext's roadmap to fix the CVE-2023-28155 vulnerability in this module?
@gsf4726 Not planned currently, unless we get a PR. Don't think this module has (m)any users.
https://www.npmjs.com/package/logsene-js
3064 weekly downloads, and a critical security vulnerability?
not sure I agree here.
I'd love to submit a PR but I too am pressed for time so haven't managed to yet.
@antony Oh I don't believe those stats. I suspect 99% of those npm stats numbers are from bots/automated downloads/updates.
automated downloads/updates meaning CI? that's usage. I'm not sure what bots download npm dependencies, otherwise. I certainly haven't seen any evidence of that. I would say that the library has a reasonable amount of usage.
@gsf4726 Not planned currently, unless we get a PR. Don't think this module has (m)any users.
Hmm, that sounds vaguely concerning. Is this not the recommended package for shipping logs to Logsene in a Node.js app? The name kinda sounds like it is 😆
I'm definitely using this package in a production API – if it isn't actually being maintained, I need to look for alternatives. That's fine, but it should be clearly and visibly communicated (eg. by archiving the repo, deprecating the npm package, etc).
Ugh, sorry folks, my mistake - I was thinking about https://github.com/sematext/logsene-cli So, yes, we will address this CVE issue.
@antony @yelworc we've just released a new version of the library removing all vulnerabilities. https://github.com/sematext/logsene-js/releases/tag/1.1.76
Thank you, much appreciated!
See https://github.com/request/request and https://github.com/request/request/issues/3142
This library should probably be using
node-fetch