New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The 'Request' library is deprecated #22
Comments
Thanks, @antony. Any chance you could submit a PR? |
@otisg I might be able to yeah - will do as soon as I'm able to. |
This is now more critical as a vulnerability (CVE-2023-28155) was published recently, so it's now tripping npm audit. |
@otisg is it on Sematext's roadmap to fix the CVE-2023-28155 vulnerability in this module? |
@gsf4726 Not planned currently, unless we get a PR. Don't think this module has (m)any users. |
https://www.npmjs.com/package/logsene-js 3064 weekly downloads, and a critical security vulnerability? not sure I agree here. I'd love to submit a PR but I too am pressed for time so haven't managed to yet. |
@antony Oh I don't believe those stats. I suspect 99% of those npm stats numbers are from bots/automated downloads/updates. |
automated downloads/updates meaning CI? that's usage. I'm not sure what bots download npm dependencies, otherwise. I certainly haven't seen any evidence of that. I would say that the library has a reasonable amount of usage. |
Hmm, that sounds vaguely concerning. Is this not the recommended package for shipping logs to Logsene in a Node.js app? The name kinda sounds like it is 😆 I'm definitely using this package in a production API – if it isn't actually being maintained, I need to look for alternatives. That's fine, but it should be clearly and visibly communicated (eg. by archiving the repo, deprecating the npm package, etc). |
Ugh, sorry folks, my mistake - I was thinking about https://github.com/sematext/logsene-cli |
@antony @yelworc we've just released a new version of the library removing all vulnerabilities. https://github.com/sematext/logsene-js/releases/tag/1.1.76 |
Thank you, much appreciated! |
See https://github.com/request/request and request/request#3142
This library should probably be using
node-fetch
The text was updated successfully, but these errors were encountered: