request/request

Vulnerabilities found on latest version of request

sn06work opened this issue · 1 comments

sn06work commented

Summary

There are vulnerabilities found in the request version 2.88.2 due to json-schema, qs, request.
Screenshot 2023-03-20 at 3 31 15 PM

Possible Solution

Updating the json-schema, qs, request dependencies under request to patched in version in package.json

Context

This is giving vulnerabilities on 'npm audit' in our project

software version
request 2.88.2
node 19.5.0
npm
Operating System MacOS
phawxby commented

The SSRF has a PR open it just needs a maintainer to merge it. #3444

The qs dependency is versioned on ~6.5.2, IE you just need to update your sub-dependencies.