Security vulnerabitlity - old lodash version
Closed this issue · 2 comments
atlanteh commented
Running npm audit
fails for:
lodash <=4.17.20
Severity: critical
Prototype Pollution in lodash - https://github.com/advisories/GHSA-jf85-cpcp-j695
Regular Expression Denial of Service (ReDoS) in lodash - https://github.com/advisories/GHSA-x5rq-j2xg-h7qm
Prototype Pollution in lodash - https://github.com/advisories/GHSA-p6mc-m468-83gw
Prototype Pollution in lodash - https://github.com/advisories/GHSA-fvqr-27wr-82fm
Command Injection in lodash - https://github.com/advisories/GHSA-35jh-r3h4-6jhm```
Can you please upgrade?
alastairparagas commented
Thank you @atlanteh! Working on pulling this PR in.
atlanteh commented
@alastairparagas This version was never published to npm. Can you please do that?