search

bmbarker90 / inquirer-file-path

a file (relative to given path) selector for Inquirer.js
1 stars 5 forks source link

The version of lodash used is vulnerable #3

Open GregersBoye opened 5 years ago

GregersBoye commented 5 years ago

You should update your dependency on lodash to at least version 4.17.5, as versions below this, have a vulnerability:

https://www.npmjs.com/advisories/577

micalevisk commented 5 years ago

And Lodash is being used only in tests/helpers/readline.js, so it should be a dev dependency. https://github.com/bmbarker90/inquirer-file-path/blob/008de704cb15635332f66f01da234a2a70553013/test/helpers/readline.js#L8 eslint on index.js