Security vulnerability in dependency module request

Question

Security vulnerability in dependency module request

Jabbaxx opened this issue a year ago · comments

Jabbaxx commented a year ago

Request is depricated, but has a security issue
https://www.npmjs.com/package/request

How to fix it ? I guess an alternative to request has to be found.

npm audit --dry-run

npm audit report

request *
Severity: moderate
Server-Side Request Forgery in Request - GHSA-p8p7-x288-28g6
No fix available
node_modules/request
node-binance-api *
Depends on vulnerable versions of request
node_modules/node-binance-api

2 moderate severity vulnerabilities

Some issues need review, and may require choosing
a different dependency.

Guilherme Billig · Answer 1 · Sat Jul 08 2023 03:35:06 GMT+0800 (China Standard Time)

Updatind the request package to 2.88.2 resolves this issue

Jabbaxx · Answer 2 · Thu Nov 02 2023 21:21:30 GMT+0800 (China Standard Time)

Hello BaraoVlask

Updatind the request package to 2.88.2 resolves this issue

How to fix that in the current version ? Can i rebuild it ? or how ?