dropbox-v2-api icon indicating copy to clipboard operation
dropbox-v2-api copied to clipboard

Published 20 hours ago verified publisher icon adasq

Request has been deprecated, should be switched to alternative module

Open mattiasrunge opened this issue 5 years ago • 5 comments

Thank you for a great module! I get this warning from yarn when installing dependencies: warning dropbox-v2-api > [email protected]: request has been deprecated, see https://github.com/request/request/issues/3142

Since request is deprecated should it be switched to something else like https://www.npmjs.com/package/isomorphic-fetch

mattiasrunge avatar Jun 23 '20 13:06 mattiasrunge

You're correct. Will try to use node-fetch. Thanks!

adasq avatar Jun 23 '20 15:06 adasq

And request use json-schema in a pretty old version wich just declare a new moderate vulnerability:

└─┬ [email protected]
  └─┬ [email protected]
    └─┬ [email protected]
      └─┬ [email protected]
        └── [email protected]

edit: moderate issue fixed with npm update

  └─┬ [email protected]
    └─┬ [email protected]
      └─┬ [email protected]
        └─┬ [email protected]
          └── [email protected]

boly38 avatar Nov 20 '21 12:11 boly38

please note that request rely on vulnerable qs version

  └─┬ [email protected]
    └── [email protected]
    
 qs  6.5.0 - 6.5.2
Severity: high
qs vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-hrpp-h998-j3pp

boly38 avatar Dec 07 '22 11:12 boly38

Fixed with [email protected] : thanks 👍

boly38 avatar Dec 10 '22 16:12 boly38

Hey @boly38 , sorry for the late response. Correct. this one was addressed, though the request package is deprecated, which is a bit painful. Struggling with finding a time to migrate it :(

adasq avatar Dec 10 '22 16:12 adasq