Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

npm audit vulnerabilities #58

Closed
Portur opened this issue Jul 30, 2019 · 1 comment
Closed

npm audit vulnerabilities #58

Portur opened this issue Jul 30, 2019 · 1 comment

Comments

@Portur
Copy link

Portur commented Jul 30, 2019

Hi,

Just an FYI of vulnerabilities reported by npm. Seems like, as always its lodash, and extend.

found 3 vulnerabilities (1 moderate, 2 high) in 2278 scanned packages

Moderate Prototype Pollution
Package extend
Dependency of request
Path request > extend
More info https://npmjs.com/advisories/996

High Prototype Pollution
Package lodash
Dependency of cheerio
Path cheerio > lodash
More info https://npmjs.com/advisories/1065

High Prototype Pollution
Package lodash
Dependency of request-promise
Path request-promise > request-promise-core > lodash
More info https://npmjs.com/advisories/1065
@nrabinowitz
Copy link
Collaborator

I'm aware - these are in devDependencies (the library has no direct dependencies), and do not pose any risk for library users. Nonetheless, I'll see if I can bump the dev dependencies to clear the warnings.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nrabinowitz @Portur