-
Notifications
You must be signed in to change notification settings - Fork 663
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
npm: Change request to other packages #2229
Comments
Thanks for reporting this! To set expectations:
Finally, please be patient with the core team. They are trying their best with limited resources. |
This might be viable for Elm too. Leaving this here in case it helps future decisions! |
json-schema 0.2.3 has a critical vulnerability: Which is a problem for using Elm. If you org needs to comply with security audits (like us). So it would be really good to change this |
FYI: The |
@adrian-gomez I’m not sure I understand what you mean. Could we chat about it on Slack perhaps? |
Do you plan to merge #2287 ? This issue has been outstanding for 2 years. The following security advisory is well known about the request package: The request package through 2.88.2 for Node.js and the @cypress/request package prior to 3.0.0 allow a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP). |
The npm package
request
is under maintenance mode: request/request#3142Therefore, you need to change
request
to other packages.Alternative libraries to request: request/request#3143
The text was updated successfully, but these errors were encountered: