Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerabilities found on latest version of request #3445

Open
sn06work opened this issue Mar 20, 2023 · 1 comment
Open

Vulnerabilities found on latest version of request #3445

sn06work opened this issue Mar 20, 2023 · 1 comment

Comments

@sn06work
Copy link

Summary

There are vulnerabilities found in the request version 2.88.2 due to json-schema, qs, request.
Screenshot 2023-03-20 at 3 31 15 PM

Possible Solution

Updating the json-schema, qs, request dependencies under request to patched in version in package.json

Context

This is giving vulnerabilities on 'npm audit' in our project

software version
request 2.88.2
node 19.5.0
npm
Operating System MacOS
@phawxby
Copy link

phawxby commented Mar 20, 2023

The SSRF has a PR open it just needs a maintainer to merge it. #3444

The qs dependency is versioned on ~6.5.2, IE you just need to update your sub-dependencies.

@Luccazx12 Luccazx12 mentioned this issue Apr 18, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@phawxby @sn06work