Bump lodash from 4.17.11 to 4.17.21
Closed this issue · 2 comments
lospatzos commented
lodash version 4.17.11 is according to this links vulnerable:
https://nvd.nist.gov/vuln/detail/CVE-2019-10744
GHSA-jf85-cpcp-j695
jetersen commented
semla commented
afaict it is still the old version?
https://github.com/jetersen/express-ipfilter/blob/5fb508f47183af3096f4042e65d2de9439241581/package.json#LL79C1-L79C26