VULNERABILITY: Denial Of Service in superagent < 3.7.0

[agrohs]

│ Low │ Large gzip Denial of Service │
│ Package │ superagent │
│ Patched in │ >=3.7.0 │
│ Dependency of │ commercecloud-ocapi-client │
│ Path │ commercecloud-ocapi-client > superagent │
│ More info │ https://npmjs.com/advisories/479 │

[agrohs]

There are massively old versions of libraries in there that have several security vulnerabilities. Happy to upgrade several that will eliminate these without breaking code as a PR, but would HIGHLY recommend adding Renovate(bot) or similar to this project so it doesn't get as outdated if its going to be maintained/active.

[agrohs]

Hello @olibrook and @johnboxall, I have a PR prepared to update most/all of the dependencies in here to latest/more modern versions. I'd love to collaborate on some testing to get it merged if you're up for it? I've done some local testing and am using it with the new dependencies within a project of ours but love to contribute it back as I'm sure others could use it!

(also have a functional additional, I'm going to work on after here around OAuth but would love to have everything up to date/not vulnerable before adding onto this project if possible)

[bendvc]

Hi @agrohs, I've gone ahead and fixed a lot of the outdated dependancies. One of those was superagent that you mentioned. It's currently published at version 1.10.0. You can check it out.

I'm going to consider this issue resolved for now.

Cheers