Update request-promise version

Question

Update request-promise version

hanzki opened this issue 6 years ago · 2 comments

I noticed that Github gives a security vulnerability (CVE-2018-3721) warning because of an outdated lodash version (3.10). This version is included because it's a dependency of request-promise 1.0.2 which this package still depends on.

Are there breaking changes which stop us from bumping the request-promise version?

mast commented 6 years ago

1.3.2

Answer 1 · 2019-02-15T03:14:29.000Z

Also, the request lib needs to be included as a dependency now.