Security vulnerability in dependency module request

Question

Security vulnerability in dependency module request

Jabbaxx opened this issue 2 years ago · 2 comments

Request is depricated, but has a security issue
https://www.npmjs.com/package/request

How to fix it ? I guess an alternative to request has to be found.

npm audit --dry-run

npm audit report

request *
Severity: moderate
Server-Side Request Forgery in Request - GHSA-p8p7-x288-28g6
No fix available
node_modules/request
node-binance-api *
Depends on vulnerable versions of request
node_modules/node-binance-api

2 moderate severity vulnerabilities

Some issues need review, and may require choosing
a different dependency.

Answer 1 · 2023-07-07T19:35:06.000Z

Updatind the request package to 2.88.2 resolves this issue

Answer 2 · 2023-11-02T13:21:30.000Z

Hello BaraoVlask

Updatind the request package to 2.88.2 resolves this issue

How to fix that in the current version ? Can i rebuild it ? or how ?