Get rid of deprecated "request" dependency #579
Comments
|
Hey @okovpashko The team has explored alternatives and were thinking of switching to got. If you're open to making a PR that would be great and we'd be happy to collaborate with you to get the required changes implemented upstream in our codegen templates. |
|
@RettBehrens should I update the generated code as well or just XeroClient.ts? |
|
@okovpashko if you can do a few of the generated methods as well I can translate that upstream to the mustache templates - maybe one each for the various use cases? ie: |
|
Is there plans to remove "request"? There is a moderate vulnerability with it. Which means it keeps throwing security warnings if we use the xero-node package now. |
|
Any update on this? https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28155 |
|
Any updates/plans on fixing this? |
|
Apologies for the delay. We have now replaced "request" module with Axios. Latest SDK v5.0.0 contains the fix. Hope this helps. |
SDK you're using (please complete the following information):
Is your feature request related to a problem? Please describe.
The request package was deprecated on Feb 11th, 2020, and doesn't have any updates for a while.
Currently, there's at least one security advisory published for the package that's used by
request: CVE-2021-3918. Seems like there won't be any fixed version released.Describe the solution you'd like
Replace the
requestpackage with one of the modern competitors: axios, got, node-fetch, etc.Describe alternatives you've considered
N/A
Additional context
Probably I can make the required changes and create a PR if the team makes a decision about what replacement to use.
The text was updated successfully, but these errors were encountered: