Use of `request` package in the dependency tree

[ckeshava]

This package makes use of [email protected] in its dependency tree. The request package has not been maintained and also contains security vulnerabilities as desbribed here: https://github.com/advisories/GHSA-p8p7-x288-28g6. Since there is no minor/patch version with a fix, I cannot update the package-lock file for this dependency.

Can you comment on the feasibility of this attack vector (or) how can I proceed next?