oliviernt
commented
3 years ago I've just release v4.4.2with lodash v4.17.20 which fixes CVE-2020-8203
Closed joekrump closed 3 years ago
oliviernt
commented
3 years ago I've just release v4.4.2with lodash v4.17.20 which fixes CVE-2020-8203
For some reason, the package.json file that is published depends on an exact version of lodash (
4.17.13) screenshot below which is vulnerable to https://github.com/advisories/GHSA-p6mc-m468-83gw and which does not match up with what's specified in this project's package.json file which specifies (^4.17.13).My proposal is to publish a new patch version 4.4.2 which should have a package.json file that matches the one in this repo. Also, ping me and let me know if I can help or provide more information.