Dependency vulnerabilities: lodash.merge
Opened this issue · 0 comments
rahilka commented
When running npm audit on my Angular app, I received a prototype pollution vulnerabilities report for lodash.merge package. As I can see from your package.json file, it is version 3.2.0, and the vulnerabilities are for version before 4.6.1. Is it possible to update the package?
Below is the npm advisory for this issue:
