1. Deprecated 'request' npm Package Exposes Projects to SSRF via CVE-2023-28155, No Fix Available
A critical dependency alert reveals that the widely used but deprecated `request` npm library contains an unfixed Server-Side Request Forgery (SSRF) vulnerability, CVE-2023-28155. The flaw, rated medium severity, allows attackers to exploit the library's handling of cross-protocol redirects—such as from HTTP to `file:/...