Closed leedm777 closed 1 year ago
@sv2 Even with the recent dependency bumps in 0.99.4 this outdated version of request
dependency causes security checks to fail due to the vulnerable qs
it brings in transitively. We can do npm up
to fix but then Dependabot wipes that package-lock.json out. Any considerations to replacing the deprecated request
? This is blocking our CI from passing and we'll have to spend effort figuring out workarounds.
Yes, we'll replace request shortly
Request has been replaced with Axios - v0.99.5
The Request.js library has been deprecated (see https://github.com/request/request/issues/3142), and is actively pushing folks to use other libraries (see https://github.com/request/request/issues/3143).
There's currently a security vulnerability via request's dependencies, making it even more important to move to a more supported library.