You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I've noticed the fs-tree-structure is using lodash.set which is 7 years old(!) and has been known to have a high severity vulnerability: GHSA-p6mc-m468-83gw
Reproduction steps
Create a new empty folder
Inside the new folder, run npm i skott (this is the single package we need to install)
Run npm audit and observe results
Expected result:
Audit should not report any known vulnerabilities.
Actual result:
Audit reports known vulnerability.
Details
Standard questions
Please answer these questions to help us investigate your issue more quickly:
Question
Answer
skott installed version?
0.32.0
Operating system?
Ubuntu (WSL2 in Windows 11)
Would you consider contributing a PR?
Yes
Node.js version (node -v)?
v20.9.0
The text was updated successfully, but these errors were encountered:
Small addendum to the above, I assume lodash.set is in use to avoid bringing in the whole of lodash, however that is what tree-shaking is for and nowadays lodash is quite optimized for that!
Summary
I've noticed the fs-tree-structure is using lodash.set which is 7 years old(!) and has been known to have a high severity vulnerability: GHSA-p6mc-m468-83gw
Reproduction steps
npm i skott
(this is the single package we need to install)npm audit
and observe resultsExpected result:
Audit should not report any known vulnerabilities.
Actual result:
Audit reports known vulnerability.
Details
Standard questions
Please answer these questions to help us investigate your issue more quickly:
skott
installed version?node -v
)?The text was updated successfully, but these errors were encountered: