Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump request minor version to avoid using a deprecated module (and warnings) #64

Open
alextes opened this issue Nov 23, 2016 · 1 comment

Comments

@alextes
Copy link

alextes commented Nov 23, 2016

The request lib was relying on a module called node-uuid. For some reason the author decided it was necessary to deprecate this module and continue with a module called uuid. Using node-uuid now spits warnings to users.

request fixed this in version 2.79.x, however because you chose to lock minor versions the many thousands of users that download this package each month have been getting warnings at build / install time.

Please bump the minor version or unlock the minor version. Thank you!

@kevinbror
Copy link

The current request dependency also uses a version of tough-cookie that has known ReDoS vulnerabilities. Please update to the latest request version or unlock the minor version to fix this.

Cheers

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants