-
Notifications
You must be signed in to change notification settings - Fork 79
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Dependency request
is missing and vulnerable
#1584
Comments
Same issue here when adding the Environment details
Error
|
Hey @alexander-fenster can you add a security tag to this issue? |
Given that there is an existing dependency |
If the intent is that a request library must be provided to retry-request, would it be sufficient to throw an error here instead of requiring a module that is not a dependency? |
I have submitted PR #1590 to use |
I've faced a similar issue. I'm working on a Next.js project using Next 14 app router. I also came across this. https://www.reddit.com/r/react/comments/tqv6gv/facing_breaking_change_webpack_5_used_to_include/ |
Environment details
gax-nodejs
version: 4.3.1Steps to reproduce
npm install
npm run build
or equivalentError
Workaround
Add
request
as a dependency of the project by runningnpm install request --save
Additional Issue
On top of being missing from this package, the
request
package has been deprecated for 4 years and is vulnerable due to its reliance on thetough-cookie
package that has well known vulnerabilities (Link 1, Link 2, Link 3).The text was updated successfully, but these errors were encountered: