Dependency update: 2 moderate severity vulnerabilities

Question

Dependency update: 2 moderate severity vulnerabilities

Closed this issue a year ago · 7 comments

Are you planning to replace "request" with "fetch" (now available in Node.js by default)

# npm audit report

request  *
Severity: moderate
Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6
No fix available
node_modules/request
  @sendinblue/client  *
  Depends on vulnerable versions of request
  node_modules/@sendinblue/client

2 moderate severity vulnerabilities

Some issues need review, and may require choosing
a different dependency.

Answer 1 · 2023-04-05T05:32:13.000Z

request package can be converted to node-fetch or axios. team you can assign to me for this task

Answer 2 · 2023-05-07T14:12:47.000Z

Please fix this issue.

Answer 3 · 2023-06-07T08:36:01.000Z

Honestly guys, if this package is not maintained just let us know so we can build our own bindings

Answer 4 · 2023-08-04T10:16:16.000Z

When can we expect to get the PR merged?

Answer 5 · 2023-08-11T02:53:14.000Z

Using now Brevo commercially, it seems important to me to remove the deprecated lib.

Hey @psychonetic please use Brevo. This is going to be deprecated.

Answer 6 · 2023-08-11T11:27:25.000Z

Is there a new Brevo SDK now?

Answer 7 · 2023-08-14T06:09:18.000Z

@alfaproject
Yes: https://github.com/getbrevo/brevo-node

Typescript is not fully supported yet and it seems like there are also issues with attachments.
So not really production ready. Hope they will manage to update the SDK soon.