Deprecated npm package request is in use #739
Description
Which version of the SDK was used?
[email protected] used by [email protected]
What problem was encountered?
This project is using a deprecated npm package [email protected]. Request has a dependency on [email protected] which is a vulnerable package. Below is the description of the vulnerability:
- Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.
Have you found a mitigation/solution?
I am not sure about what would be the correct solution here, just creating an issue hoping to get some support.