Skip to content
This repository has been archived by the owner on Aug 28, 2019. It is now read-only.

Security issue from npm audit with lodash < 4.17.5 #6

Closed
svewag opened this issue Jul 24, 2018 · 4 comments
Closed

Security issue from npm audit with lodash < 4.17.5 #6

svewag opened this issue Jul 24, 2018 · 4 comments

Comments

@svewag
Copy link
Contributor

svewag commented Jul 24, 2018

Hi,

when I run npm audit in my project, I get a security issue warning for lodash.
At the moment lodash ^3.5.0 is required. Is there a chance to update lodash to the something >=4.17.5?

It seems that you only use lodash for one situation.

var _ = require('lodash');

/**
 * Test if all values are equal.
 *
 * @param {*[]} values
 * @returns {boolean}
 */

module.exports = function equalValues(values) {
  return values.every(function(value) {
    return _.isEqual(value, values[0]);
  });
};

https://github.com/shipitjs/shipit-utils/blob/9c074814b2d336df166423d14e6106c1373c64b8/lib/equal-values.js

Chances might be good that a higher version of lodash won't break this package.

Thank you.
@clement-escolano
Copy link

@neoziro What do you think about it ?

@madarche madarche mentioned this issue Sep 24, 2018
Open
@svewag svewag mentioned this issue Oct 6, 2018
Merged
@svewag
Copy link
Contributor Author

svewag commented Oct 30, 2018

Any chance that the pull requests might be accepted?

@gregberge
Copy link
Member

Solved in #7.

@svewag thanks for your work!

@gregberge
Copy link
Member

Now published ;)

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@svewag @gregberge @clement-escolano