Describe the bug
"request" package has known vulnerabilities and is present in nestjs-asyncapi dependency tree through @asyncapi/generator
Details
The request package, which is deprecated and has known vulnerabilities, is being included as a transitive dependency in the nestjs-asyncapi package. Below is the detailed dependency chain:
nestjs-asyncapi@1.3.0
├── @asyncapi/generator@1.13.1
│ └── @npmcli/arborist@^2.2.4
│ └── @npmcli/metavuln-calculator@^1.1.0
│ └── pacote@^11.1.11
│ └── @npmcli/run-script@^1.8.2
│ └── node-gyp@^7.1.0
│ └── request
└── @asyncapi/generator@1.13.1
└── @npmcli/arborist@^2.2.4
└── @npmcli/run-script@^1.8.2
└── node-gyp@^7.1.0
└── requestProposed solution
Upgrade @asyncapi/generator dependency to its latest minor version
Additional context
Full description of the vulnerability here: GHSA-p8p7-x288-28g6
Describe the bug
"request" package has known vulnerabilities and is present in nestjs-asyncapi dependency tree through @asyncapi/generator
Details
The request package, which is deprecated and has known vulnerabilities, is being included as a transitive dependency in the nestjs-asyncapi package. Below is the detailed dependency chain:
Proposed solution
Upgrade @asyncapi/generator dependency to its latest minor version
Additional context
Full description of the vulnerability here: GHSA-p8p7-x288-28g6