search

OverZealous / cdnizer

Node module for replacing local links with CDN links, includes fallbacks and customization
MIT License
52 stars 24 forks source link

Upgrade Lodash to include latest security patches #38

Closed BenjiLewis closed 4 years ago

BenjiLewis commented 4 years ago

Lodash versions lower than 4.17.12 are known to be vulnerable to prototypePollution. Further information can be seen in CVE-2019-10744.

Would it be possible to update the package.json to accomodate this patch?

OverZealous commented 4 years ago

I'm not actively maintaining this repo, but if you want to create a PR (that passes tests), I'd be happy to merge it in and re-publish it.

BenjiLewis commented 4 years ago

I've got a PR on local... However I don't have push access :(

OverZealous commented 4 years ago

You need to fork the repo and make a pull request:

https://help.github.com/en/github/collaborating-with-issues-and-pull-requests/creating-a-pull-request

BenjiLewis commented 4 years ago

Pull request can be found here: https://github.com/OverZealous/cdnizer/pull/39

OverZealous commented 4 years ago

published as 3.2.1

BenjiLewis commented 4 years ago

https://github.com/OverZealous/cdnizer/pull/39 solves this issue.

BenjiLewis commented 4 years ago

Thanks for the timely responses @OverZealous !