Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update lodash to fix security warning #5

Open
mikemaccana opened this issue Dec 10, 2019 · 1 comment
Open

Update lodash to fix security warning #5

mikemaccana opened this issue Dec 10, 2019 · 1 comment

Comments

@mikemaccana
Copy link

See https://npmjs.com/advisories/1065. Thanks!

  High            Prototype Pollution

  Package         lodash

  Patched in      >=4.17.12

  Dependency of   stmux

  Path            stmux > pegjs-otf > lodash

  More info       https://npmjs.com/advisories/1065
@andraspatka
Copy link

There is another high vulnerability, that will also be fixed, if the update is to lodash 4.17.21

High            Command Injection                                
  Package         lodash                                                  
  Patched in      >=4.17.21                                          
  Dependency of   asty-astq                                      
  Path            asty-astq > astq > pegjs-otf > lodash                                                                     
  More info       https://npmjs.com/advisories/1673

bendman added a commit to bendman/pegjs-otf that referenced this issue Nov 1, 2021
@bendman
update lodash to 4.16.21 to fix security
af81420 
fixes issue rse#5 for these security issues:
https://npmjs.com/advisories/1673
https://npmjs.com/advisories/1065
@bendman bendman mentioned this issue Nov 1, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mikemaccana @andraspatka