search

apache / openwhisk-package-alarms

Apache OpenWhisk package that can be used to create periodic, time-based alarms.
https://openwhisk.apache.org/
Apache License 2.0
24 stars 49 forks source link

Critical CVE-2019-10744 in lodash version 3.10.1 #235

Open nishant95 opened 2 years ago

nishant95 commented 2 years ago

request-promise adds old version (3.10.1 ) of lodash as a transitive dependency which has a CRITICAL CVE-2019-10744

Dependency Tree:

.
.
|─ request-promise@1.0.2
│    |── bluebird@2.11.0
│    |─┬ cls-bluebird@1.1.3
│    │ |── is-bluebird@1.0.2
│    │ └── shimmer@1.2.1
│    |── lodash@3.10.1
│    └── request@2.88.2
.
.

Also, there are some HIGH CVEs as well.