Moderate Security Vulnerability as client uses depreciated Request library

[HedleyWard]

Moderate Twistlock security scan failures in projects using @kubernetes/client-node

Looks like this module is using request module that has been deprecated over two years ago which now has security vulnerabilities.

Wondering if there is timeline to updating to newer library?

# npm audit report

request  *
Severity: moderate
Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6
No fix available
node_modules/request
  @kubernetes/client-node  *
  Depends on vulnerable versions of request
  node_modules/@kubernetes/client-node

[mstruebing]

There is no specific timeline but it is worked on to replace refetch.
If you want to help there is a markdown file called fetch migration in the release-1.x branch with the current state.

[brendandburns]

Closing as duplicate in favor of #414 and #754

We're (very) happy to take PRs to help complete this migration.

[brendandburns]

Note also that I do not believe that this vulnerability affects this client because it is intended to talk exclusively to a Kubernetes cluster that you control, and if your cluster is owned enough that it is doing malicious things, you have worse problems than this library...