clickhouse icon indicating copy to clipboard operation
clickhouse copied to clipboard

Published 20 hours ago verified publisher icon TimonKK

npm audit says there is a security issue for request package

Open jeanatpi opened this issue 1 year ago • 2 comments

Running npm audit gives me a security issue for request package:

Severity: moderate
Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6
No fix available
node_modules/request
  clickhouse  *
  Depends on vulnerable versions of request
  node_modules/clickhouse

2 moderate severity vulnerabilities

Looking at this package it looks like deprecated: https://www.npmjs.com/package/request

jeanatpi avatar Jun 19 '23 10:06 jeanatpi

The request package being not in support has lots of warnings. We got rid of from our application in favour of Axious.

However, we had to get it into the application because of Clickhouse dependency now!

jeetonweb avatar Jun 26 '23 07:06 jeetonweb

Maybe this will help: https://github.com/ClickHouse/clickhouse-js

alexey-milovidov avatar Jun 26 '23 07:06 alexey-milovidov