Transitive security vulnerability via request package

[kasymbayaman]

How to reproduce:

Npm audit security report:

Moderate: json-schema is vulnerable to Prototype Pollution
Package: json-schema                                                  
Patched in:   >=0.4.0                                                      
Dependency of:  @hubspot/api-client                                    
Path: @hubspot/api-client > request > http-signature > jsprim > json-schema       
More info: https://github.com/advisories/GHSA-896r-f27r-55mw 

Expected Behavior
request depends on http-signature with the security fix, i.e. ~1.3.6 TritonDataCenter/node-http-signature#125

Current Behavior
request 2.88.2 depends on the vulnerable http-signature 1.2.0

[danielmbarlow]

There is also the tough-cookie security vulnerability fixed in v4.1.3, whereas request depends on an earlier version.