Request has been deprecated, should be switched to alternative module

[mattiasrunge]

Thank you for a great module!
I get this warning from yarn when installing dependencies:
warning dropbox-v2-api > request@2.88.0: request has been deprecated, see request/request#3142

Since request is deprecated should it be switched to something else like https://www.npmjs.com/package/isomorphic-fetch

[adasq]

You're correct. Will try to use node-fetch.
Thanks!

[boly38]

And request use json-schema in a pretty old version wich just declare a new moderate vulnerability:

└─┬ dropbox-v2-api@2.4.52
  └─┬ request@2.88.2
    └─┬ http-signature@1.2.0
      └─┬ jsprim@1.4.1
        └── json-schema@0.2.3

---

edit: moderate issue fixed with npm update

  └─┬ dropbox-v2-api@2.4.52
    └─┬ request@2.88.2
      └─┬ http-signature@1.2.0
        └─┬ jsprim@1.4.2
          └── json-schema@0.4.0

[boly38]

please note that request rely on vulnerable qs version

  └─┬ request@2.88.2
    └── qs@6.5.2
    
 qs  6.5.0 - 6.5.2
Severity: high
qs vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-hrpp-h998-j3pp

[boly38]

Fixed with dropbox-v2-api@2.5.9 : thanks 👍

[adasq]

Hey @boly38 , sorry for the late response.
Correct. this one was addressed, though the request package is deprecated, which is a bit painful. Struggling with finding a time to migrate it :(