Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

npm audit lodash vulnerability #77

Closed
LarsSjogreen opened this issue Dec 20, 2018 · 3 comments
Closed

npm audit lodash vulnerability #77

LarsSjogreen opened this issue Dec 20, 2018 · 3 comments

Comments

@LarsSjogreen
Copy link 

                                                                                  
                       === npm audit security report ===                          
                                                                                  
                                                                                  
                                 Manual Review                                    
             Some vulnerabilities require your attention to resolve               
                                                                                  
          Visit https://go.npm.me/audit-guide for additional guidance             
                                                                                  
                                                                                  
  Low             Prototype Pollution                                             
                                                                                  
  Package         lodash                                                          
                                                                                  
  Patched in      >=4.17.5                                                        
                                                                                  
  Dependency of   pdffiller                                                       
                                                                                  
  Path            pdffiller > lodash                                              
                                                                                  
  More info       https://nodesecurity.io/advisories/577                          
                                                                                  
found 1 low severity vulnerability in 169 scanned packages                        
  1 vulnerability requires manual review. See the full report for details.

pdffiller uses an old version of lodash. This makes the builds break (for me) due to npm audit warnings and I can't fix them with npm audit fix --force. (Also, it's a vulnerability...)
@LarsSjogreen LarsSjogreen mentioned this issue Dec 20, 2018
Merged
@jkomyno
Copy link

jkomyno commented Dec 28, 2018

+1, same for me

johntayl added a commit that referenced this issue Mar 15, 2019
@johntayl
Merge pull request #78 from LarsSjogreen/update-lodash_issue-77
3b036c8 
Updated lodash to latest version. (Issue #77)
@xyleen
Copy link

xyleen commented May 21, 2019

@johntayl
Hey, it seems that the issue is fixed, but the npm package is not updated. Could you push a new version to the npm repository (containing #78)?

@johntayl
Copy link
Collaborator

@xyleen New npm package has been updated to v0.0.11.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@johntayl @xyleen @jkomyno @LarsSjogreen