I didnt find supertest latest version updated with latest superagent 8.0.9

Question

I didnt find supertest latest version updated with latest superagent 8.0.9

suj123j opened this issue a year ago · comments

Hi Team,
Today for superagent the latest version is 8.0.9 with no vulnerabilities.the supertest version with 6.3.3 is not updated with these dependency superagent 8.0.9. Can you help me here ??

Massimiliano Pasquesi · Answer 1 · Thu Sep 07 2023 17:19:51 GMT+0800 (China Standard Time)

Hello. superagent@8.0.9 has as dep semver@7.5.1, containing a CVE.
The last version of superagent@8.1.2 has fixed this security issue.

Is this possible to upgrade superagent ?

Thanks,
Massi

Sumanta Roy · Answer 2 · Fri Sep 15 2023 13:41:43 GMT+0800 (China Standard Time)

Fix would help us as this is being picked up by pipeline scans for us causing issues.
Does overriding the vulnerable version sound like a good idea for the time being ?
https://docs.npmjs.com/cli/v9/configuring-npm/package-json#overrides

Thanks,
Sumanta

titanism · Answer 3 · Wed Apr 24 2024 23:20:29 GMT+0800 (China Standard Time)

v7.0.0 released to npm

https://github.com/ladjs/supertest/releases/tag/v7.0.0