Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Deprecated npm package request is in use #739

Open
aftabmustafa opened this issue Jul 14, 2023 · 1 comment
Open

Deprecated npm package request is in use #739

aftabmustafa opened this issue Jul 14, 2023 · 1 comment

Comments

@aftabmustafa
Copy link

aftabmustafa commented Jul 14, 2023
edited
Loading

Which version of the SDK was used?

[email protected] used by [email protected]

What problem was encountered?

This project is using a deprecated npm package [email protected]. Request has a dependency on [email protected] which is a vulnerable package. Below is the description of the vulnerability:

  • Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.

Have you found a mitigation/solution?

I am not sure about what would be the correct solution here, just creating an issue hoping to get some support.
@aftabmustafa aftabmustafa changed the title Deprecated package request is in use Deprecated npm package request is in use Jul 14, 2023
@sm3sher
Copy link

sm3sher commented Aug 20, 2024

See #741 (comment)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sm3sher @aftabmustafa