-
Notifications
You must be signed in to change notification settings - Fork 295
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
lodash.pick vulnerability causes npm audit failure #3994
Comments
Hi, we also received an error because of this. I had a look and I found out that you have dependencies to some "copies" of lodash:
They are all not maintained since many years. To it's not possible to update the transient dependencies for dd-trace because there is no update for "lodash.pick". It is also not recommended to use them: Please update to the "real" lodash
|
Fixed by: #3999 |
Patch released in versions: |
Thanks @simon-id for the rapid fix!! |
When I run npm audit with the latest
5.1.0
version of the library (and earlier versions as well, I just verified it happened in the latest version), I receive this error from npm audit.Obviously going back to dd-trace 0.6.0 is not a real option :D
The text was updated successfully, but these errors were encountered: