ghost
commented
6 years ago Any update on this?
This should be fixed asap!
Closed jwmarshall closed 5 years ago
ghost
commented
6 years ago Any update on this?
This should be fixed asap!
runjak
commented
5 years ago If I'm correct lodash in the package.json is ok, but the version of machinepack-http still depends on an outdated version of lodash - so it would make sense to update there.
theganyo
commented
5 years ago Updated in 0.2.0.
FYI you should update loadash to >=4.17.5 due to a prototype pollution vulnerability.
See: https://nodesecurity.io/advisories/577