sendinblue
Update superagent dependency
As I see you use superagent in version 3.7.0. (5 jears old) It has a vulnerability: OSS Vulnerability
Is it possible to update the version to a more actual one? (e.g. 7.x ?) see: npm superagent
Hi @mhoffmann-attempto Thanks for pointing it out. I will check this.
I am getting "Refused to set unsafe header "user-agent"" as console error, is this issue related? Creating new contacts via API works anyways.
Hi @shubhamUpadhyayInBlue – I am getting warnings for three packages that you are pulling in:
node_modules/querystring: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
node_modules/superagent: Please upgrade to v7.0.2+ of superagent. We have fixed numerous issues with streams, form-data, attach(), filesystem errors not bubbling up (ENOENT on attach()), and all tests are now passing. See the releases tab for more information at https://github.com/visionmedia/superagent/releases.
node_modules/superagent/node_modules/formidable: Please upgrade to latest, formidable@v2 or formidable@v3! Check these notes: https://bit.ly/2ZEqIau
All packages are dependencies of sib-api-v3-sdk
> npm explain querystring
[email protected]
node_modules/querystring
querystring@"0.2.0" from [email protected]
node_modules/sib-api-v3-sdk
sib-api-v3-sdk@"^8.4.0" from the root project
> npm explain superagent
[email protected]
node_modules/superagent
superagent@"3.7.0" from [email protected]
node_modules/sib-api-v3-sdk
sib-api-v3-sdk@"^8.4.0" from the root project
> npm explain formidable
[email protected]
node_modules/formidable
formidable@"^2.0.1" from the root project
[email protected]
node_modules/superagent/node_modules/formidable
formidable@"^1.1.1" from [email protected]
node_modules/superagent
superagent@"3.7.0" from [email protected]
node_modules/sib-api-v3-sdk
sib-api-v3-sdk@"^8.4.0" from the root project
I'm having the same warnings. Since formidable is a dependency of the superagent package, I've been able to fix both formidable and superagent by adding an override to my package.json like so:
"dependencies": {
... ,
"sib-api-v3-sdk": "^8.5.0"
},
"overrides": {
"sib-api-v3-sdk": {
"superagent": "8.0.0"
}
}
I'm still working on the [email protected] warning.
Actually, for some reason in my most recent commits, I'm no longer getting the deprecation warning for [email protected], even though I haven't successfully troubleshooted it. I'm not sure if I should still be concerned... but I'll go with it for now since I still have all the functionality I should be getting.
Thanks @TheLionIsAlive , yes overriding the version is a workaround for now. But, I checked if I have to upgrade to this version in the SDK it does not support Node v10. So, it will be a breaking change that I will have to release. I will do it after new development changes are live in a minor release first.
Thanks!
I look forward to it! Thanks for the reply.
On Mon, Jan 16, 2023, 04:39 shubhamUpadhyayInBlue @.***> wrote:
Thanks @TheLionIsAlive https://github.com/TheLionIsAlive , yes overriding the version is a workaround for now. But, I checked if I have to upgrade to this version in the SDK it does not support Node v10. So, it will be a breaking change that I will have to release. I will do it after new development changes are live in a minor release first.
Thanks!
— Reply to this email directly, view it on GitHub https://github.com/sendinblue/APIv3-nodejs-library/issues/121#issuecomment-1383841500, or unsubscribe https://github.com/notifications/unsubscribe-auth/AXKJH6ZRWQ4GGJKK4NYHTMTWSUQODANCNFSM5VHWELQQ . You are receiving this because you were mentioned.Message ID: @.***>