New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Dependance on vulnerable version of request #16
Comments
Hi @aliciagyt |
@shubhamUpadhyayInBlue I've just updated to 2.1.1 and it still contains the vulnerable version of the request package. This package has been deprecated since 2020, so you should be looking to move to something new as a priority. You can see more information about the deprecation here You can find information about the vulnerability here |
Hi @milo-stadion It is the same with the remaining However, we will discuss it to come out with a solution to this problem soon. Thanks. |
Thanks @shubhamUpadhyayInBlue |
I currently use version
2.0.0-beta.4
and when I runnpm audit fix
, it signals me that I have 2 moderate vulnerabilities, one onrequest
and one ontough-cookie
, and that fixing them will installbrevo@1.0.1
becausebrevo >=2.0.0-beta.2
depends on vulnerable versions ofrequest
.request
being deprecated anyway (source), do you plan to switch to axios or another library soon? Thanks !The text was updated successfully, but these errors were encountered: