Upgrade to latest lodash
tonix-tuft opened this issue · 0 comments
tonix-tuft commented
Hi, can you update your dependencies and upgrade this package so that it uses the latest lodash@>=4.17.17
?
I get a lot of security warnings from npm:
│ High │ Prototype Pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ lodash │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=4.17.12 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ gulp-html-autoprefixer │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ gulp-html-autoprefixer > html-autoprefixer > cheerio > │
│ │ lodash │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://npmjs.com/advisories/1065
Thanks!