demoore
commented
4 years ago Thanks for reporting this @idris-maps. We'll update this as soon as this has been merged into the HTTP client this package uses: https://github.com/danwrong/restler/pull/263
Closed idris-maps closed 4 years ago
demoore
commented
4 years ago Thanks for reporting this @idris-maps. We'll update this as soon as this has been merged into the HTTP client this package uses: https://github.com/danwrong/restler/pull/263
vuhrmeister
commented
4 years ago Are you confident that it will? The last commit is from 2015 and there are a lot of outstanding Pull Requests.
idris-maps
commented
4 years ago It seems to be a library to do HTTP requests. Maybe it makes sense to use something that is actively maintained. Maybe axios
demoore
commented
4 years ago Yeah, that's a good point. I don't think we're able to rewrite the client with a different dependency soon. I wonder if we can vendor restler and and update the package the vulnerability?
tday
commented
4 years ago Any updates on this? Seems just a few steps away given you've forked and patched
demoore
commented
4 years ago Thank you for your patience, folks. We've released a new version with a patched version of restler.
tday
commented
4 years ago Thanks so much for the patch! @demoore 👏
Client version
4.3.0
Expected behaviour
No vulnerabilities
Actual behaviour
Steps to reproduce