binwrap icon indicating copy to clipboard operation
binwrap copied to clipboard

Published 20 hours ago verified publisher icon avh4

Remove dependency on request

Open avh4 opened this issue 6 years ago • 5 comments

Assuming this can be done safely (that there aren't notable features we lose by using nodejs APIs directly), this should be done to remove transitive dependencies.

avh4 avatar Apr 26 '19 18:04 avh4

Does the @rtfeldman's pull request #19 not do this?

harrysarson avatar Apr 26 '19 21:04 harrysarson

Ah, yes it does, thanks!

avh4 avatar Apr 27 '19 03:04 avh4

Adding back "help wanted", since #19 needs to be rebased and have the failing tests fixed.

avh4 avatar Jul 21 '19 04:07 avh4

This dependecy has a critical vulnerability, which is problem for security audits.

request depends on form-data 2.3.3 https://github.com/request/request/blob/master/package.json#L36

Which depends on json-schema 0.2.3

json-schema 0.2.3 has a critical vulnerability: https://github.com/advisories/GHSA-896r-f27r-55mw

It would be great if this dependecy could be changed.

sporto avatar Nov 24 '22 21:11 sporto