search

bitpay / bitcore-lib

A pure and powerful JavaScript Bitcoin library
https://bitcore.io/
Other
613 stars 1.03k forks source link

Upgrade lodash to prevent prototype pollution attacks #240

Open DaniGuardiola opened 6 years ago

DaniGuardiola commented 6 years ago

More information: https://nodesecurity.io/advisories/577

Please update the dependency in bitcore-mnemonic as well when a non-vulnerable release of bitcore-lib is ready.

Thanks!

mayk93 commented 6 years ago

It would be great if we could fix this. While not a major issue, I've encountered this problem as well.