request package

The Node.js ecosystem’s long-deprecated request package is at the center of a persistent supply‑chain question: CVE‑2023‑28155 describes a server‑side request forgery (SSRF) bypass triggered by cross‑protocol redirects in request versions up through 2.88.x, and Microsoft’s public advisory names...