Deprecated npm package request is in use #739
Description
Which version of the SDK was used?
azure-storage-node@2.10.7 used by botbuilder-azure@4.20.0
What problem was encountered?
This project is using a deprecated npm package request@2.88.2. Request has a dependency on tough-cookie@2.5.0 which is a vulnerable package. Below is the description of the vulnerability:
- Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.
Have you found a mitigation/solution?
I am not sure about what would be the correct solution here, just creating an issue hoping to get some support.