outdated / un-mainted dependency on request

[aytvill]

Describe the bug
a code, which uses [email protected] triggers security report
and it leads to the fact that [email protected] depends in the long run on request package
via this chain

yarn why v1.22.19
[1/4] Why do we have the module "request"...?
[2/4] Initialising dependency graph...
[3/4] Finding dependency...
[4/4] Calculating file sizes...
=> Found "[email protected]"
info Reasons this module exists

• "ethereum-waffle#@ethereum-waffle#compiler#@resolver-engine#imports#@resolver-engine#core" depends on it

which is in turn stopped to be maintained
request/request#3142

and package resolver-engine in the middle had been made aware about request package CVE but doesn't look reacting
Crypto-Punkers/resolver-engine#301

hence I suggest to move with different engine for resolving ... (?)

To Reproduce
switch on dependabot in code which uses [email protected] and let it run security checks

bottom of the output is like this

updater | [email protected] requires tough-cookie@~2.5.0 via a transitive dependency on [email protected]
updater | 2023/09/05 14:28:49 INFO <job_718265214> Dependabot could not find a non-vulnerable version
updater | 2023/09/05 14:28:49 INFO <job_718265214> Finished job processing
updater | 2023/09/05 14:28:49 INFO Results:
updater | Dependabot encountered '1' error(s) during execution, please check the logs for more details.
updater | +------------------------------+
updater | | Errors |
updater | +------------------------------+
updater | | security_update_not_possible |
updater | +------------------------------+
updater | time="2023-09-05T14:28:49Z" level=info msg="task complete" container_id=job-718265214-updater exit_code=0 job_id=718265214 step=updater

Software versions

• ethereum-waffle version -- 4.0.10
• @nomiclabs/hardhat-waffle -- 2.0.5
• @nomiclabs/hardhat-ethers -- 2.2.3
• hardhat -- 2.17.2
• Package manager -- yarn
• Node version -- v16.20.2