Update dependency to fix vulnerability #44
Comments
|
Thanks for reporting this @idris-maps. We'll update this as soon as this has been merged into the HTTP client this package uses: danwrong/restler#263 |
|
Are you confident that it will? The last commit is from 2015 and there are a lot of outstanding Pull Requests. |
|
It seems to be a library to do HTTP requests. Maybe it makes sense to use something that is actively maintained. Maybe axios |
|
Yeah, that's a good point. I don't think we're able to rewrite the client with a different dependency soon. I wonder if we can vendor restler and and update the package the vulnerability? |
|
Any updates on this? Seems just a few steps away given you've forked and patched |
|
Thank you for your patience, folks. We've released a new version with a patched version of restler. |
|
Thanks so much for the patch! @demoore 👏 |
Client version
4.3.0
Expected behaviour
No vulnerabilities
Actual behaviour
Steps to reproduce
The text was updated successfully, but these errors were encountered: