Open nishant95 opened 2 years ago
request-promise adds old version (3.10.1 ) of lodash as a transitive dependency which has a CRITICAL CVE-2019-10744
request-promise
lodash
Dependency Tree:
. . |─ request-promise@1.0.2 │ |── bluebird@2.11.0 │ |─┬ cls-bluebird@1.1.3 │ │ |── is-bluebird@1.0.2 │ │ └── shimmer@1.2.1 │ |── lodash@3.10.1 │ └── request@2.88.2 . .
Also, there are some HIGH CVEs as well.
request-promise
adds old version (3.10.1 ) oflodash
as a transitive dependency which has a CRITICAL CVE-2019-10744Dependency Tree:
Also, there are some HIGH CVEs as well.