Closed BenjiLewis closed 4 years ago
I'm not actively maintaining this repo, but if you want to create a PR (that passes tests), I'd be happy to merge it in and re-publish it.
I've got a PR on local... However I don't have push access :(
You need to fork the repo and make a pull request:
Pull request can be found here: https://github.com/OverZealous/cdnizer/pull/39
published as 3.2.1
https://github.com/OverZealous/cdnizer/pull/39 solves this issue.
Thanks for the timely responses @OverZealous !
Lodash versions lower than
4.17.12
are known to be vulnerable to prototypePollution. Further information can be seen in CVE-2019-10744.Would it be possible to update the package.json to accomodate this patch?