8000 Request-promise fork depends on (original, deprecated) request-promise-core package · Issue #50 · cypress-io/request · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
Request-promise fork depends on (original, deprecated) request-promise-core package #50
New issue
New issue
Open
Open
Request-promise fork depends on (original, deprecated) request-promise-core package#50
@thw0rted

Description

@thw0rted
thw0rted
opened on Jun 24, 2024

It looks like issue submission is not enabled for https://github.com/cypress-io/request-promise so I'm submitting the issue here. Hope that's OK.

I noticed that your forked package still depends on request-promise-core, which introduces (among other things) a transitive dep on the vulnerable request package. Looking at the code in @cypress/request-promise, though, the only code actually used from request-promise-core is this one function; other than lodash, none of the transitive dependencies are actually used.

Would it be permissible to copy the single file (request2.js) from the deprecated codebase into your forked request-promise, and remove the dep on request-promise-core? This would reduce the installed footprint significantly.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions
      0