npm audit report

[AshcatY2K]

SDK you're using (please complete the following information):

• Version [e.g. 4.34.0]

Describe the bug

npm audit report

request *
Severity: moderate
Server-Side Request Forgery in Request - GHSA-p8p7-x288-28g6
fix available via npm audit fix --force
Will install [email protected], which is a breaking change
node_modules/request
xero-node >=4.0.0-alpha.1
Depends on vulnerable versions of request
node_modules/xero-node

To Reproduce
Steps to reproduce the behaviour:

1. Install the xero-node npm package "npm i xero-node"
2. run an audit report "npm audit"

Expected behavior
No vulnerabilities should be detected

Screenshots
Additional context
For more information see
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28155

[waitem]

I think this is the same as issue 579 which was raised in March 2022

[sangeet-joy-tw]

We have updated the required packages in our new version. npm audit report should be clean now.

Please use version v5.0.1

let us know with any further issues on this ticket. @AshcatY2K @waitem

[sangeet-joy-tw]

npm audit report is clean with latest version.