You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I just updated dependency of arc4 on lodash from version 4.17.4 to version 4.17.20 without any problems, since npm complained after installing arc4 (see below).
I'm not sure if it is safe to fix package.json here, for me it had no disadvantages.
=== npm audit security report ===
Manual Review
Some vulnerabilities require your attention to resolve
Visit https://go.npm.me/audit-guide for additional guidance
Low Prototype Pollution
Package lodash
Patched in >=4.17.5
Dependency of arc4
Path arc4 > lodash
More info https://npmjs.com/advisories/577
High Prototype Pollution
Package lodash
Patched in >=4.17.11
Dependency of arc4
Path arc4 > lodash
More info https://npmjs.com/advisories/782
High Prototype Pollution
Package lodash
Patched in >=4.17.12
Dependency of arc4
Path arc4 > lodash
More info https://npmjs.com/advisories/1065
Low Prototype Pollution
Package lodash
Patched in >=4.17.19
Dependency of arc4
Path arc4 > lodash
More info https://npmjs.com/advisories/1523
found 4 vulnerabilities (2 low, 2 high) in 3 scanned packages
4 vulnerabilities require manual review. See the full report for details.
The text was updated successfully, but these errors were encountered:
I just updated dependency of arc4 on lodash from version 4.17.4 to version 4.17.20 without any problems, since npm complained after installing arc4 (see below).
I'm not sure if it is safe to fix package.json here, for me it had no disadvantages.
The text was updated successfully, but these errors were encountered: