Update superagent dependency

[mhoffmann-attempto]

As I see you use superagent in version 3.7.0. (5 jears old)
It has a vulnerability: OSS Vulnerability

Is it possible to update the version to a more actual one? (e.g. 7.x ?)
see: npm superagent

[shubhamUpadhyayInBlue]

Hi @mhoffmann-attempto
Thanks for pointing it out. I will check this.

[marcus-franzen]

I am getting "Refused to set unsafe header "user-agent"" as console error, is this issue related?
Creating new contacts via API works anyways.

[maxbraeutigam]

Hi @shubhamUpadhyayInBlue – I am getting warnings for three packages that you are pulling in:

node_modules/querystring:
The querystring API is considered Legacy. new code should use the URLSearchParams API instead.

node_modules/superagent:
Please upgrade to v7.0.2+ of superagent. We have fixed numerous issues with streams, form-data, attach(), filesystem errors not bubbling up (ENOENT on attach()), and all tests are now passing. See the releases tab for more information at https://github.com/visionmedia/superagent/releases.

node_modules/superagent/node_modules/formidable:
Please upgrade to latest, formidable@v2 or formidable@v3! Check these notes: https://bit.ly/2ZEqIau

All packages are dependencies of sib-api-v3-sdk

> npm explain querystring
querystring@0.2.0
node_modules/querystring
  querystring@"0.2.0" from sib-api-v3-sdk@8.4.2
  node_modules/sib-api-v3-sdk
    sib-api-v3-sdk@"^8.4.0" from the root project
> npm explain superagent
superagent@3.7.0
node_modules/superagent
  superagent@"3.7.0" from sib-api-v3-sdk@8.4.2
  node_modules/sib-api-v3-sdk
    sib-api-v3-sdk@"^8.4.0" from the root project
> npm explain formidable
formidable@2.0.1
node_modules/formidable
  formidable@"^2.0.1" from the root project

formidable@1.2.6
node_modules/superagent/node_modules/formidable
  formidable@"^1.1.1" from superagent@3.7.0
  node_modules/superagent
    superagent@"3.7.0" from sib-api-v3-sdk@8.4.2
    node_modules/sib-api-v3-sdk
      sib-api-v3-sdk@"^8.4.0" from the root project

[SolwayEnterprises]

I'm having the same warnings. Since formidable is a dependency of the superagent package, I've been able to fix both formidable and superagent by adding an override to my package.json like so:

"dependencies": {
    ... ,
    "sib-api-v3-sdk": "^8.5.0"
},
"overrides": {
    "sib-api-v3-sdk": {
        "superagent": "8.0.0"
    }
}

I'm still working on the querystring@0.2.0 warning.

[SolwayEnterprises]

Actually, for some reason in my most recent commits, I'm no longer getting the deprecation warning for querystring@0.2.0, even though I haven't successfully troubleshooted it. I'm not sure if I should still be concerned... but I'll go with it for now since I still have all the functionality I should be getting.

[shubhamUpadhyayInBlue]

Thanks @TheLionIsAlive , yes overriding the version is a workaround for now. But, I checked if I have to upgrade to this version in the SDK it does not support Node v10. So, it will be a breaking change that I will have to release. I will do it after new development changes are live in a minor release first.

Thanks!

[SolwayEnterprises]

I look forward to it! Thanks for the reply.

…

On Mon, Jan 16, 2023, 04:39 shubhamUpadhyayInBlue ***@***.***> wrote: Thanks @TheLionIsAlive <https://github.com/TheLionIsAlive> , yes overriding the version is a workaround for now. But, I checked if I have to upgrade to this version in the SDK it does not support Node v10. So, it will be a breaking change that I will have to release. I will do it after new development changes are live in a minor release first. Thanks! — Reply to this email directly, view it on GitHub <#121 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AXKJH6ZRWQ4GGJKK4NYHTMTWSUQODANCNFSM5VHWELQQ> . You are receiving this because you were mentioned.Message ID: ***@***.***>