Security issue with required lodash version
Closed this issue · 0 comments
Chris92de commented
While using this package, npm throws a security warning for lodash:
=== npm audit security report ===
┌──────────────────────────────────────────────────────────────────────────────┐
│ Manual Review │
│ Some vulnerabilities require your attention to resolve │
│ │
│ Visit https://go.npm.me/audit-guide for additional guidance │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Prototype Pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ lodash │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=4.17.12 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @paralect/node-mongo │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ @paralect/node-mongo > lodash │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://npmjs.com/advisories/1065 │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 1 high severity vulnerability in 12390 scanned packages
1 vulnerability requires manual review. See the full report for details.
This can be fixed by increasing the required lodash version from 4.17.11 to ^4.17.12