swagger-stats Replace deprecated dependency on request

Replace deprecated dependency on request

Open leedm777 opened this issue 3 years ago • 0 comments

The Request.js library has been deprecated (see https://github.com/request/request/issues/3142), and is actively pushing folks to use other libraries (see https://github.com/request/request/issues/3143).

There's currently a security vulnerability via request's dependencies, making it even more important to move to a more supported library.

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate      │ json-schema is vulnerable to Prototype Pollution             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ json-schema                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=0.4.0                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ swagger-stats                                                │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ swagger-stats > request > http-signature > jsprim >          │
│               │ json-schema                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://github.com/advisories/GHSA-896r-f27r-55mw            │
└───────────────┴──────────────────────────────────────────────────────────────┘

Nov 23 '21 22:11 leedm777

swagger-stats swagger-stats copied to clipboard

Replace deprecated dependency on request

swagger-stats
swagger-stats copied to clipboard