Used lodash version has security issues.

[akarmes]

Bug report for Cloudinary NPM SDK

Before proceeding, please update to latest version and test if the issue persists ☑️

Describe the bug in a sentence or two.

We're using "yarn audit" as a part of CI in our projects to scan NPM packages for vulnerabilities. For the latest version of cloudinray (1.30.0) it's reporting a high and a moderate alerts for "lodash", which is cloudinary's dependency. Can you please update it to version >=4.17.21?

Links to those security alerts:

• https://www.npmjs.com/advisories/1070117
• https://www.npmjs.com/advisories/1070122

Issue Type (Can be multiple)

[ ] Build - Can’t install or import the SDK
[ ] Babel - Babel errors or cross browser issues
[ ] Performance - Performance issues
[ ] Behaviour - Functions aren’t working as expected (Such as generate URL)
[ ] Documentation - Inconsistency between the docs and behaviour
[ ] Incorrect Types - For typescript users who are having problems with our d.ts files
[x] Other - Security

Steps to reproduce

Run "yarn audit"

Error screenshots

Browsers (if issue relates to UI, else ignore)

[ ] Chrome
[ ] Firefox
[ ] Safari
[ ] Other (Specify)
[ ] All

Versions and Libraries (fill in the version numbers)

Cloudinary_NPM SDK 1.30.0
Node - 0.0.0
NPM - 0.0.0

Config Files (Please paste the following files if possible)

Package.json

Repository

If possible, please provide a link to a reproducible repository that showcases the problem

[patrick-tolosa]

Thanks for the report, this will be released in the next release.

[akarmes]

@patrick-tolosa Can you give any estimate as to when this fix will be released?

[tamaracloudinary]

@akarmes We'll release a new version by Sunday, will update soon if it happens today

[tamaracloudinary]

@akarmes The Cloudinary Node SDK has been updated to version 1.30.1 with this bug fix now.

[akarmes]

Thank you a lot!