realm-js
realm-js copied to clipboard
Dependency on deprecated request package
How frequently does the bug occur?
All the time
Description
When installing realm
package, yarn warns about deprecated request-package (that has been deprecated since Mar 2019!). The related dependencies have security issues.
Stacktrace & log output
warning realm > [email protected]: request has been deprecated, see https://github.com/request/request/issues/3142
warning realm > request > [email protected]: this library is no longer supported
warning realm > request > [email protected]: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
Can you reproduce the bug?
Yes, always
Reproduction Steps
- yarn add realm
Version
10.11.0
What SDK flavour are you using?
MongoDB Realm (i.e. Sync, auth, functions)
Are you using encryption?
Yes, using encryption
Platform OS and version(s)
macOS
Build environment
Node v16.13.1
Cocoapods version
No response
@Uninen Thank you for reporting.
git blame package.json
tells me that I added the dependency back in 2018 🤣 . I don't think it is needed anymore but we need to verify.
Please fix it. Thanks!
It's not fixed. Can I have problems if I use realm?
@Raspberry42 It's not going to be a problem. It has been removed as a dependency
in our upcoming v12 and it only currently used in devDependencies
.
That being said, we could probably remove it from the v11 dependencies
without any issue.
Thank you ;)