node-uuid warning in request, replace?

[dantman]

The request version in use by the current version of this library / cldr-data uses a version of request with a uuid warning.

warning cldr-data > cldr-data-downloader > request > node-uuid@1.4.8: Use uuid module instead

The request library actually isn't a great library to use. Judging by the fact that this library is pinned to ~ instead of ^ someone has probably already noticed that request has a really poor stance towards breaking changes (they are happy to include breaking changes from deps within minor release changes). Despite that the library is released frequently, meaning you need to update it regularly. The library is also bloated and a bit of a risk, it includes huge piles of dependences that are never used (hawk, aws, oauth, etc...) and each of those can have security bugs that need patching on top of bloating the package with huge deps that are never used.

A simple way of solving the npm warning and general issues with request would be to replace it. One alternative with a somewhat request like API is needle. You could also go with node-fetch.

[rxaviers]

I wouldn't mind replacing it, but I believe this is the first problem with it. Alternatively, we could lock the dependency to a fixed version. Do you want to go on with a PR? Thanks

[dantman]

@rxaviers The current problem is that request is out of date because it's locked to ~, so locking it to an even more specific version will just make the issue worse.

[rxaviers]

True. It would require updating it and making potential API adjustments. Anyway, I'm open for a PR replacing it (perhaps with node-fetch). Thanks again