Dependency vulnerabilties for steamcommunity, steam-tradeoffer-manager and tf2 node packages

[Toby]

Hi, since this involved multiple packages I wasn't entirely sure where to post.

I ran a npm audit and noticed that 3 of your packages all have vulnerabilities related to their dependencies. I looked a bit deeper into the tf2 one & noticed that the request dependency is only used once on line 52, in the handlers.js file for what seems to be a simple fetch, perhaps removing the dependency all together would be easiest / best considering that the request package have been deprecated & haven't been patched for the issue at hand yet. I have attached an image showing the npm audit since I think its the quickest way to show it.

I use the latest version of each package.

I apologize if this was posted in the wrong place or format in that case please inform me of a better way in case of a similar situation.

 

Thanks,

- Toby