Security vulnerabitlity - old lodash version

Question

Security vulnerabitlity - old lodash version

Closed this issue 2 years ago · 2 comments

Running npm audit fails for:

lodash  <=4.17.20
Severity: critical
Prototype Pollution in lodash - https://github.com/advisories/GHSA-jf85-cpcp-j695
Regular Expression Denial of Service (ReDoS) in lodash - https://github.com/advisories/GHSA-x5rq-j2xg-h7qm
Prototype Pollution in lodash - https://github.com/advisories/GHSA-p6mc-m468-83gw
Prototype Pollution in lodash - https://github.com/advisories/GHSA-fvqr-27wr-82fm
Command Injection in lodash - https://github.com/advisories/GHSA-35jh-r3h4-6jhm```

Can you please upgrade?

Answer 1 · 2022-12-28T19:40:34.000Z

Thank you @atlanteh! Working on pulling this PR in.

Answer 2 · 2023-04-30T18:38:04.000Z

@alastairparagas This version was never published to npm. Can you please do that?