You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I noticed that the request package has a moderate severity vulnerability related to server-side request forgery. I ran npm audit fix as suggested, but I wanted to confirm whether the package has been updated to a non-vulnerable version.
Could you please provide information on the status of this vulnerability? Has it been addressed in a recent release of the request package? If not, do you have any plans to release a fix or take any other measures to mitigate this vulnerability?
Best,
Jack McDermott
The text was updated successfully, but these errors were encountered:
request has been deprecated since February 2020. It is no longer under active development, even for security fixes. This CVE will not be fixed. The only fix is to stop using request entirely, and perhaps migrate to an alternative library.
Hello,
I noticed that the request package has a moderate severity vulnerability related to server-side request forgery. I ran npm audit fix as suggested, but I wanted to confirm whether the package has been updated to a non-vulnerable version.
The vulnerability is documented here: GHSA-p8p7-x288-28g6.
Could you please provide information on the status of this vulnerability? Has it been addressed in a recent release of the request package? If not, do you have any plans to release a fix or take any other measures to mitigate this vulnerability?
Best,
Jack McDermott
The text was updated successfully, but these errors were encountered: