Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
High vulnerability issue (CVE-2021-44907)
See original GitHub issueSummary
Version 2.88.2 of request has a dependency on qs version ~6.5.3. A CVE has been created for versions <= 6.8.0 of qs.
Simplest Example to Reproduce
Create a new application with request version 2.88.2, then run npm ls qs.
Possible Solution
If the library will still function correctly, consider updating version ^6.10.3 of qs.
Context
While it’s understandable that request is deprecated, many library vendors have not yet moved on to other libraries. According to https://www.npmjs.com/package/request, the library still has:
- 52,988 dependents
- 20M weekly downloads
Your Environment
| software | version |
|---|---|
| request | 2.88.2 |
| node | v16.13.2 |
| npm | 8.5.5 |
| Operating System | macOS 12.3 (21E230) |
Issue Analytics
- State:
- Created a year ago
- Reactions:2
- Comments:10
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
I would also prefer to have an official patch for that, but this could be a short term solution. I am running Whitesource as well and it does not show issues any more. I needed to delete node modules and the package-lock.json, a fresh install resolved fine
This project is deprecated and effectively discontinued, see https://github.com/request/request/issues/3142. Serious security vulnerabilities will most likely never be patched and the community has been asked to move to other solutions years ago.