Describe the bug
There is a vulnerability related to request npm package which is a dependency of @kubernetes/client-node. Here’s the npm audit report:
# npm audit report
request *
Severity: moderate
Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6
No fix available
node_modules/request
@kubernetes/client-node *
Depends on vulnerable versions of request
node_modules/@kubernetes/client-node
2 moderate severity vulnerabilities
Some issues need review, and may require choosing
a different dependency.
Unfortunately, the GitHub repository is not currently maintained and there are no maintainers who could merge this PR.
Is there any chance we can remove the request dependency since it’s deprecated since February 2020.
Describe the bug
There is a vulnerability related to
requestnpm package which is a dependency of @kubernetes/client-node. Here’s the npm audit report:Unfortunately, the GitHub repository is not currently maintained and there are no maintainers who could merge this PR.
Is there any chance we can remove the
requestdependency since it’s deprecated since February 2020.