Prototype Pollution / lodash

[fredleput]

Hi,
After installing ol-kit, i've got 3 high vulnerabilities related to loadah dependency. npm audit says it's patched in version >=4.17.12. So, i installed latest version ie : 4.17.15 but vulnerabilities are still there.
Any help appreciated !
thx,
Fred.

[glenselle]

Hey Fred, thanks for reporting this! Some of these issues stem from the fact that ol-kit is depending on OpenLayers 4.6.5 -- we plan to update very soon to use the latest version

[fredleput]

No problem !

[glenselle]

Leaving open til we resolve this

[drodenberg]

Looking into this now and it looks like one of our vulnerabilities from babel-plugin-inline-react-svg wont be fixed anytime soon... airbnb/babel-plugin-inline-react-svg#45

[drodenberg]

Vorpal has 3 high vulnerabilities and I have a comment on this waiting to see if this will get resolved. dthree/vorpal#331. Found this as a potential alternative to vorpal. https://github.com/drew-y/cliffy

[drodenberg]

Those are the only vulnerabilities I have left from what I see

[akuma1]

We are deprecating ol-kit.
You may consider these alternatives:

• Use openlayers directly as recent versions of openlayers provides quite a bit of functionality out of box.
• Additionally , you can take a look at these openlayers libraries.