Lodash Prototype Pollution vulnerability in version 1.12.1

[thelgevold]

The problem

Getting a lodash Prototype Pollution vulnerability reported from npm when installing version 1.12.1 of appium.

Environment

• Appium version (or git revision) that exhibits the issue: 1.12.1
• Last Appium version that did not exhibit the issue (if applicable):
• Desktop OS/version used to run Appium: OSX
• Node.js version (unless using Appium.app|exe):
• Npm or Yarn package manager: npm
• Mobile platform/version under test:
• Real device or emulator/simulator:
• Appium CLI or Appium.app|exe:

Details

Getting a lodash Moderate Prototype Pollution vulnerability when installing version 1.12.1 of appium.

Would you be able to publish a new release with an upgraded version of lodash?

If necessary, describe the problem you have been experiencing in more detail.

Link to Appium logs

Create a GIST which is a paste of your full Appium logs, and link them here.
Do NOT paste your full Appium logs here, as it will make this issue very long and hard to read!
If you are reporting a bug, always include Appium logs!

Code To Reproduce Issue [ Good To Have ]

run an npm install of appium

[mykola-mokhnach]

Closed as incomplete

[thelgevold]

More details added. Please re-open.

[dpgraham]

Will need to wait on: Samsung/appium-tizen-driver#15

It's an external driver that uses it.

[mykola-mokhnach]

I think it makes sense to track the issue in Tizen repository rather than here. We anyway cannot change nothing from our side.

[lock]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.