Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerability report with lodash dependency #74

Open
mikemix opened this issue Feb 13, 2019 · 1 comment
Open

Vulnerability report with lodash dependency #74

mikemix opened this issue Feb 13, 2019 · 1 comment

Comments

@mikemix
Copy link

mikemix commented Feb 13, 2019
edited

During npm install, 2 severity vulnerabilities are introduced (1 moderate, 1 low) when installing horsey:

npm audit gives

                       === npm audit security report ===                        
                                                                                
                                                                                
                                 Manual Review                                  
             Some vulnerabilities require your attention to resolve             
                                                                                
          Visit https://go.npm.me/audit-guide for additional guidance           
                                                                                                                                           
  Moderate        Prototype Pollution                                                                                                              
  Package         lodash                                                                                                                            
  Patched in      >=4.17.11                                                                                                                    
  Dependency of   @goguardian/horsey                                                                                                                 
  Path            @goguardian/horsey > lodash                                                                                                       
  More info       https://npmjs.com/advisories/782                              
                                                                                
                                                                                
  Low             Prototype Pollution                                                                              
  Package         lodash                                                                                                                             
  Patched in      >=4.17.5                                                                                                                          
  Dependency of   @goguardian/horsey                                                                                                             
  Path            @goguardian/horsey > lodash                                                                                                  
  More info       https://npmjs.com/advisories/577

Please update! @bevacqua is this library dead?
@mikemix mikemix changed the title Vulnerability report in lodash dependency Vulnerability report with lodash dependency Feb 13, 2019
@zewa666
Copy link

zewa666 commented Feb 7, 2020
edited

Yes please lets get #78 merged so we can all sleep a bit better. Damn, I see this is a year old issue, any chance @bevacqua you can tell us something about the state of this library and whether you're going to maintain it any longer?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mikemix @zewa666