I didnt find supertest latest version updated with latest superagent 8.0.9

Question

I didnt find supertest latest version updated with latest superagent 8.0.9

suj123j opened this issue 2 years ago · 3 comments

Hi Team,
Today for superagent the latest version is 8.0.9 with no vulnerabilities.the supertest version with 6.3.3 is not updated with these dependency superagent 8.0.9. Can you help me here ??

Answer 1 · 2023-09-07T09:19:51.000Z

Hello. superagent@8.0.9 has as dep semver@7.5.1, containing a CVE.
The last version of superagent@8.1.2 has fixed this security issue.

Is this possible to upgrade superagent ?

Thanks,
Massi

Answer 2 · 2023-09-15T05:41:43.000Z

Fix would help us as this is being picked up by pipeline scans for us causing issues.
Does overriding the vulnerable version sound like a good idea for the time being ?
https://docs.npmjs.com/cli/v9/configuring-npm/package-json#overrides

Thanks,
Sumanta

Answer 3 · 2024-04-24T15:20:29.000Z

v7.0.0 released to npm

https://github.com/ladjs/supertest/releases/tag/v7.0.0