It looks like the version of lodash included has a low severity vulnerability. After npm install bull-ui and npm audit:
=== npm audit security report ===
┌──────────────────────────────────────────────────────────────────────────────┐
│ Manual Review │
│ Some vulnerabilities require your attention to resolve │
│ │
│ Visit https://go.npm.me/audit-guide for additional guidance │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low │ Prototype Pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ lodash │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=4.17.5 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ bull-ui │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ bull-ui > lodash │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/577 │
└───────────────┴──────────────────────────────────────────────────────────────┘
I can certainly submit a pull request for this, but I haven't done anything with Matador other than install it, so don't know what kind of ramifications there could be from bumping lodash up two major versions...
It looks like the version of lodash included has a low severity vulnerability. After
npm install bull-uiandnpm audit:I can certainly submit a pull request for this, but I haven't done anything with Matador other than install it, so don't know what kind of ramifications there could be from bumping lodash up two major versions...