The 'Request' library is deprecated #22
Comments
|
Thanks, @antony. Any chance you could submit a PR? |
|
@otisg I might be able to yeah - will do as soon as I'm able to. |
|
This is now more critical as a vulnerability (CVE-2023-28155) was published recently, so it's now tripping npm audit. |
|
@otisg is it on Sematext's roadmap to fix the CVE-2023-28155 vulnerability in this module? |
|
@gsf4726 Not planned currently, unless we get a PR. Don't think this module has (m)any users. |
|
https://www.npmjs.com/package/logsene-js 3064 weekly downloads, and a critical security vulnerability? not sure I agree here. I'd love to submit a PR but I too am pressed for time so haven't managed to yet. |
|
@antony Oh I don't believe those stats. I suspect 99% of those npm stats numbers are from bots/automated downloads/updates. |
|
automated downloads/updates meaning CI? that's usage. I'm not sure what bots download npm dependencies, otherwise. I certainly haven't seen any evidence of that. I would say that the library has a reasonable amount of usage. |
Hmm, that sounds vaguely concerning. Is this not the recommended package for shipping logs to Logsene in a Node.js app? The name kinda sounds like it is 😆 I'm definitely using this package in a production API – if it isn't actually being maintained, I need to look for alternatives. That's fine, but it should be clearly and visibly communicated (eg. by archiving the repo, deprecating the npm package, etc). |
|
Ugh, sorry folks, my mistake - I was thinking about https://github.com/sematext/logsene-cli |
|
@antony @yelworc we've just released a new version of the library removing all vulnerabilities. https://github.com/sematext/logsene-js/releases/tag/1.1.76 |
|
Thank you, much appreciated! |
See https://github.com/request/request and request/request#3142
This library should probably be using
node-fetchThe text was updated successfully, but these errors were encountered: