search

KQMATH / tex2max

:books: JavaScript library for converting LaTeX math into Maxima code
https://www.npmjs.com/package/tex2max
GNU General Public License v3.0
14 stars 6 forks source link

Possible security issue #36

Closed hgeorgsch closed 5 years ago

hgeorgsch commented 5 years ago

hgThe following was received back in February. Has it been reviwed? If it has already been addressed, the issue can be closed.

:-- hg

We found a potential security vulnerability in a repository for which you have been granted security alert access.

KQMATH/tex2max https://github.com/KQMATH/tex2max Known low severity security vulnerability in lodash v< 4.17.11, defined in https://github.com/KQMATH/tex2max/blob/develop/package-lock.json https://github.com/KQMATH/tex2max/blob/develop/package-lock.json update suggested: lodash v4.17.11 Always verify the validity and compatibility of suggestions with your codebase. Review the vulnerable dependency: https://github.com/KQMATH/tex2max/network/alert/package-lock.json/lodash/open

Only users who have been assigned access to security alerts will receive these notifications.

andstor commented 5 years ago

Yes, this security vulnerability has already been addressed.