Skip to content
This repository has been archived by the owner on Oct 3, 2023. It is now read-only.

Dyson dependencies fail npm security audit - lodash needs updating #99

Closed
lorilew opened this issue Jul 18, 2019 · 4 comments
Closed

Dyson dependencies fail npm security audit - lodash needs updating #99

lorilew opened this issue Jul 18, 2019 · 4 comments

Comments

@lorilew
Copy link

lorilew commented Jul 18, 2019

Hi

Would it be possible to update the version of Lodash that Dyson uses?

=== npm audit security report ===

│ High │ Prototype Pollution
│ Package │ lodash
│ Patched in │ >=4.17.12
│ Dependency of │ dyson
│ Path │ dyson > lodash
│ More info │ https://npmjs.com/advisories/1065

Thanks
@webpro
Copy link
Owner

webpro commented Jul 18, 2019

Sure, could you please open a PR for this?

@lorilew
Copy link
Author

lorilew commented Jul 18, 2019
edited
Loading

Pull request: #100

@sobmortin
Copy link

I am also having issues with this. Thank you for the Pull Request.

@webpro
Copy link
Owner

webpro commented Jul 18, 2019

Just released v2.0.5

@webpro webpro closed this as completed Jul 18, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@webpro @lorilew @sobmortin